Msblast Worm is "CodeRed Reloaded"

August 2003


BitDefender releases free antidote against Msblast.A, a high-spreading worm

BitDefender Antivirus Lab today announces the outbreak of a new, high-spreading worm - called Msblast (Win32.MsBlast.A) - and releases a free antidote to disinfect the already contaminated systems. The specialists compare it with "Code Red" - a similar worm that caused over 350 000 infections in only two days - as it exploits a known vulnerability in Microsoft Windows 2000/XP. Accordingly to Computer Economics Cyber Attack Index, Code Red had an economic impact of 2.62 billions dollars in 2001, just by spreading and infecting hosts with an amazing speed.

The worm is a harsh attack to Microsoft security flaws, enclosing the message "billy gates why do you make this possible ? Stop making money and fix your software!!". The exploit was signaled and patched by Microsoft Corporation since July 16, 2003 (see the security bulletin), but only few users updated their software.

"As the worm threatens all Windows 2000 and XP systems, it could wreak havoc among most computer users", warns Mircea Ciubotariu, Virus Researcher at BitDefender Lab, SOFTWIN. "Unlike Code Red, this one is not just affecting servers, but all computers using the newest software from Microsoft. It is a common situation that Windows users don't update their systems or do it very rarely, so we expect a high number of users to be affected by this new threat. It is also to be expected that the new worm will affect the Internet performance, because of the high-spreading routine", Ciubotariu concluded.

It is an Internet worm that exploits known security vulnerability in Microsoft's Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. This security breach allows attackers to run code of his or her choice. TCP port directly affected by this exploit includes: 135.
As payload, the worm initiates denial of service (DoS) attacks on the Windows Update site (windowsupdate.com) after the 15th of August.

BitDefender antidote is available for download for all infected users.
All Windows 2000 and XP users are urged to patch their systems from http://www.microsoft.com/downloads/search.aspx?displaylang=en.

For more details, please contact us or see the technical description.

For a permanent protection, BitDefender Antivirus commercial solutions are available for sale on the Internet or at local distributors and start from USD 29.95.


Share This ON: