BetaONE will rise again!


Reply
  #1  
Old 14th Aug 03, 02:25 AM
Alpine's Avatar
Alpine Alpine is offline
Retired Crew
 
Join Date: Feb 2002
Location: Run Forest, RUN!!
Posts: 3,601
Alpine is on a distinguished road
Send a message via ICQ to Alpine Send a message via AIM to Alpine
A modified version of the W32.Blaster worm is on the loose, according to advisories from two security firms. But users whose machines are patched against the original Blaster should be protected against the variant as well.
Kaspersky Labs, a security firm in Moscow, this morning reported that it had detected a modified version of Blaster, also known as Lovsan, that takes advantage of the same vulnerability in the Windows interface that handles remote procedure calls (RPC).

The only changes seem to be in the appearance of the new worm and a new text string abusing Microsoft Corp. and antivirus writers, according to the the Kaspersky alert.

The name of the worm file has been changed from MSBLAST.EXE to TEEKIDS.EXE, according to Steven Sundermeier, a vice president at Central Command Inc., a Medina, Ohio-based vendor of antivirus software. The variant also uses a different code-compression method than the original, he said.

An official at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh said the center had not heard of any variants so far. But given the amount of exploit code available that can take advantage of the RPC vulnerability, the reported appearance of variants isn't surprising, said Art Manion, an Internet security analyst at CERT.

Meanwhile, the original worm still appears to be spreading, but at a slower pace. At this point, "it's more of a slug than a worm really," said Russ Cooper, an analyst at TruSecure Corp., a security vendor in Herndon, Va., and moderator of the NTBugTraq mailing list. "It's crawling along at a very slow rate."

So far, TruSecure's servers have recorded attacks from about 471 unique Internet Protocol addresses -- or about 13 new ones every hour, Cooper said. About 88% of the attacks on TruSecure's servers are from new IP addresses.

CERT estimated the number of infected systems worldwide as being "in the low hundreds of thousands," Manion said.



SOURCE:

BINK
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump


All times are GMT +1. The time now is 08:05 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.