Latest News

New Msblast virus possible from Windows vulnerability

September 2003

The source code for the second RPC critical flaw has been published on the web

BitDefender, an award-winning provider of security software and services, announce today that the source code for the second RPC critical flaw - the first one being responsible for Msblast virus creation - has been published on the web. The compiled version of the code is detected by BitDefender Antivirus products as Exploit.DCOM-RPC.A.

The history repeats itself, as the second version of the exploit was now published on the same Chinese website as the first one. BitDefender researchers reiterate that the source code of the first RPC critical flaw was used by virus writers to build the first version of Msblast - the most spread Internet worm of all times.

"We assess that the time until a new speculation of this new critical flaw will be spreading is not far", Mihai Neagu, Virus Researcher at BitDefender Lab estimates. "As far as we can see, there is a trend in computer virus writing, to take advantage of the new but verified flaws in most used software in order to wreak havoc in a large mass of computers", Mihai concluded.

In the particular circumstances entailed by the last Msblast outbreak, BitDefender experts have developed a specific feature in their antivirus scanning engines, to detect any attempt to use the Microsoft Windows DCOM-RPC vulnerability for system intrusion, successfully identifying any possible virus replication. Therefore, a virus created by using any of the two RPC flaws will be detected and reported promptly by the BitDefender Antivirus products.

All Windows users are urged to patch their systems from the following addresses, depending on their operating system:

Windows 2000:
Windows XP:
Windows NT 4 Workstation:
Windows NT 4 Server:
Windows 2003 Server:

For a permanent protection, BitDefender Antivirus commercial solutions are available for sale on the Internet or at local distributors and start from USD 29.95.