Cisco Systems - W32.BLASTER Worm Mitigation Recommendations
Cisco customers are currently experiencing attacks due to a new worm that is active on the Internet. The signature of this worm appears as UDP traffic to port 69 and high volumes of TCP traffic to port 135 and 4444. Affected customers have been experiencing high volumes of traffic from both internal and external systems. Symptoms on Cisco devices include, but are not limited to high CPU and traffic drops on the input interfaces. This document focuses on both mitigation techniques and affected Cisco products which need software supplied by Cisco to patch properly.
DNS Commentary - Blaster Only Set to Stun
Once again, it appears that the worm authors had caught system administrators with their trousers down. Despite the availability of a patch since mid-July to fix the vulnerability exploited by W32.Blaster, the widespread infection of both business and home computers showed that in the vast majority of cases, it had not been applied. Such was the infection rate that, at its pinnacle, the worm was taking only 30 seconds to find an uninfected computer somewhere in the world.
Virus vendors on the MS SQL worm
F-Secure: Lovsan Worm
Panda Software: W32/Blaster
Trend Micro: WORM_MSBLAST.A
Computer Associates: Win32.Poza
ESET NOD32: Win32/Lovsan.A
Kaspersky Lab: Worm.Win32.Lovesan
Removal tool: BitDefender Anti Blaster Worm
Removal tool: Astonsoft Anti MSBlast Worm
Trojan info: New Trojan Disguised as Blaster Worm Fix
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.