CERT/CC - CERT Advisory CA-2003-20 - W32/Blaster worm
The W32/Blaster worm exploits a vulnerability in Microsoft's DCOM RPC interface. Upon successful execution, the worm attempts to retrieve a copy of the file msblast.exe from the compromising host. Once this file is retrieved, the compromised system then runs it and begins scanning for other vulnerable systems to compromise in the same manner. In the course of propagation, a TCP session to port 135 is used to execute the attack. However, access to TCP ports 139 and 445 may also provide attack vectors and should be considered when applying mitigation strategies
Microsoft PSS Security Response Team Alert - New Worm: W32.Blaster.worm
The Microsoft Product Support Services Security Team is issuing this alert to inform customers about a new worm named W32.Blaster.Worm which is spreading in the wild. Best practices, such as applying security patch MS03-026 should prevent infection from this worm. If you have any questions regarding this alert please contact your Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the US, outside of the US please contact your local Microsoft Subsidiary.
Microsoft Security Bulletin MS03-026 - Buffer Overrun In RPC Interface Could Allow Code
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on TCP/IP port 135. To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on port 135.
Internet Storm Centar (SANS) - RPC DCOM Worm (Msblaster)
A worm has started spreading early afternoon EDT (evening UTC Time) and is expected to continue spreading rapidly. This worms exploits the Microsoft Windows DCOM RPC Vulnerability announced July 16, 2003.
ISS X-Force - "MS Blast" MSRPC DCOM Worm Propagation
ISS X-Force has captured active samples of an automated Internet worm that propagates via the MS RPC DCOM vulnerability documented in ISS X-Force Alert titled "Flaw in Microsoft Windows RPC Implementation". MS Blast is currently propagating aggressively across the Internet.
eEye - 'Blaster' Worm Description and Technical Details
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.