un info de Panda 365/365
==>
Madrid, August 12, 2003 - In just a few hours the new Blaster worm has
spread rapidly and already infected thousands of computers around the globe.
According to Luis Corrons, head of Panda Software's Virus Laboratory: "This
is a critical moment, as all computers that do not have the security patches
installed are vulnerable to this worm. Its proliferation rate is even higher
than that of Bugbear.B."
Blaster has already topped the ranking of the viruses most frequently
detected by the free, online antivirus, Panda ActiveScan. For this reason,
Panda Software offers all users its PQREMOVE application, which is
especially designed to detect and eliminate the Blaster worm and repair the
damage that it may have caused in affected computers. This utility is
available for download at
http://www.pandasoftware.com/download/utilities/.
Blaster exploits the RPC DCOM vulnerability, recently discovered in several
versions of Windows operating systems, in order to get into computers
directly via the Internet through port 135. Once it has done this, it causes
a buffer overflow in the affected computer.
However, the main aim of Blaster is to infect as many computers as possible
in order to launch a denial of service attack against the website
windowsupdate.com whenever the system date is between August 16 and December
31, 2003. When this condition is met, the worm creates a new run thread,
which sends a 40-byte packet to windowsupdate.com every 20 milliseconds
through the TCP port 80.
This Windows vulnerability, classified as "critical" by Microsoft, consists
of a buffer overflow in the RPC interface and affects Windows NT 4.0, 2000,
XP and Windows Server 2003. This security hole could allow hackers to gain
remote control of affected computers. For this reason and in order to avoid
falling victim to attack, Panda Software advises network administrators, IT
managers and home users to immediately install the patches released by
Microsoft to fix this vulnerability. These are available at
http://www.microsoft.com/security/security...ns/ms03-026.asp where you
can also find detailed information about this flaw.
Panda Software advises users to update their antivirus solutions, if they
have not already done so. The company has already made the updates to its
products available to users to ensure their solutions can detect and
eliminate Blaster. Those whose software is not configured to update
automatically, should update their solutions from
http://www.pandasoftware.com/ From this address users can also detect and
disinfect Blaster using the free, online antivirus, Panda ActiveScan.
For further information about Blaster and other viruses, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/Serge @ home