Security news
Security news14 August 2003
Blaster worm variants discovered, Sophos Anti-Virus provides protection
Sophos has issued an advisory about two new variants of the W32/Blaster-A worm (also known as Lovsan, MSBlaster or Poza).
The first new variant, W32/Blaster-B, is functionally equivalent to its predecessor but creates a file called teekids.exe rather than msblast.exe in the Windows system folder. It also creates a different registry entry and includes some offensive text (which does not get displayed) directed towards Microsoft, Bill Gates, and the anti-virus industry.
Another variant, W32/Blaster-C, uses the filename penis32.exe. Sophos Anti-Virus is capable of detecting W32/Blaster-C without further updating because it is detected by Sophos's earlier protection against W32/Blaster-A.
"Updating your anti-virus is one thing, but you also need to close the window of opportunity for these worms to sneak into your computer," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "It is essential that users and system administrators ensure their computers are protected against the vulnerability in many versions of Windows with the patch supplied by Microsoft."
Microsoft issued a patch for the vulnerability exploited by these worms on July 16, 2003. The patch is available from www.microsoft.com/technet/security/bulletin/MS03-026.asp.
See also:
- Blaster worm exploits Microsoft security hole and targets critical update website
- Add live virus and hoax information to your website or intranet
- Sign-up now for free notification of new viruses found in the wild
- How to remove the Blaster worm FAQ
- Blaster worm impact may snowball as number of reports increases
