Sælir félagar.

ÞAð er eflaust búið að senda póst um LoveSAN/MSBlaster Worm, en þessi er mjög gagnleg. Hún fer vel í hvernig á að leisa þetta.

Kveðja Stefán

LoveSAN/MSBlaster Worm (#27)

LoveSAN/MSBlaster Worm

Also Known As: W32/Lovsan.worm, W32.Blaster.Worm, WORM_MSBLAST.A, Win32.Poza, Worm/Lovsan.A
Date: 08/13/03
Type: Virus
Sub Type: Internet Worm

LoveSAN/MSBlaster is a worm that exploits the DCOM vulnerability in the Remote Procedure Call (RPC) service. This worm does not use e-mail to propagate itself.

Computers that could be affected by this worm are:

* Windows NT 4.0
* Windows NT 4.0 Terminal Services Edition
* Windows 2000
* Windows XP
* Windows Server 2003

LoveSAN/MSBlaster also attempts to perform a Denial of Service on windowsupdate.com in order to disable the user's ability to patch infected machines.

To prevent LoveSAN/MSBlaster from entering your network:

Microsoft issued a patch for the DCOM vulnerability in July 2003. Click the link below to access more information and to download the patch:

http://www.microsoft.com/technet/security/bulletin/ MS03-026.asp

Customers are also advised to follow the recommendations by Microsoft along with blocking the following ports at the firewall:

* 69/UDP
* 135/TCP
* 135/UDP
* 139/TCP
* 139/UDP
* 445/TCP
* 445/UDP
* 4444/TCP

Viruses tend to mutate rapidly, and therefore future variants of this virus are possible. Organizations are encouraged to set the best level of protection based on individual network needs.

For more detailed information on this bulletin see the SurfControl Website: http://www.surfcontrol.com/network_risks/default.aspx