August 2003
Msblast Worm is "CodeRed Reloaded"
BitDefender releases free antidote against Msblast.A, a high-spreading worm
BitDefender Antivirus Lab today announces the outbreak of a new, high-spreading worm - called Msblast (Win32.MsBlast.A) - and releases a free antidote to disinfect the already contaminated systems. The specialists compare it with "Code Red" - a similar worm that caused over 350 000 infections in only two days - as it exploits a known vulnerability in Microsoft Windows 2000/XP. Accordingly to Computer Economics Cyber Attack Index, Code Red had an economic impact of 2.62 billions dollars in 2001, just by spreading and infecting hosts with an amazing speed.
The worm is a harsh attack to Microsoft security flaws, enclosing the message "billy gates why do you make this possible ? Stop making money and fix your software!!". The exploit was signaled and patched by Microsoft Corporation since July 16, 2003 (see the security bulletin), but only few users updated their software.
"As the worm threatens all Windows 2000 and XP systems, it could wreak havoc among most computer users", warns Mircea Ciubotariu, Virus Researcher at BitDefender Lab, SOFTWIN. "Unlike Code Red, this one is not just affecting servers, but all computers using the newest software from Microsoft. It is a common situation that Windows users don't update their systems or do it very rarely, so we expect a high number of users to be affected by this new threat. It is also to be expected that the new worm will affect the Internet performance, because of the high-spreading routine", Ciubotariu concluded.
It is an Internet worm that exploits known security vulnerability in Microsoft's Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. This security breach allows attackers to run code of his or her choice. TCP port directly affected by this exploit includes: 135.
As payload, the worm initiates denial of service (DoS) attacks on the Windows Update site (windowsupdate.com) after the 15th of August.
BitDefender antidote is available for download for all infected users.
All Windows 2000 and XP users are urged to patch their systems from http://www.microsoft.com/downloads/search.aspx?displaylang=en.
For more details, please contact us or see the technical description.
For a permanent protection, BitDefender Antivirus commercial solutions are available for sale on the Internet or at local distributors and start from USD 29.95.
About Bitdefender®
Bitdefender is the creator of one of the world's fastest and most effective lines of internationally certified internet security software. The company is an industry pioneer, introducing and developing award-winning protection since 2001. Today, Bitdefender technology secures the digital experience of around 400 million home and corporate users across the globe.
Recently, Bitdefender won a series of important awards and accolades in the global security industry, including "Product of the Year" by AV-Comparatives, "Best Repair 2012" by AV-Test, "Editor's Choice" and "The Best Antivirus for 2013" by PC Mag, that confirmed the antivirus software’s leadership status among security products.
More information about Bitdefender's products is available from the company's security press room. Additionally, Bitdefender publishes the HOTforSecurity blog, where readers can find stories from the underworld of internet fraud, scams, malicious software - and gossip.