[windows2000] Internet Worm/Lovsan.A

• From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
• To: <windows2000@xxxxxxxxxxxxx>, <thin@xxxxxxxxxxxxx>
• Date: Tue, 12 Aug 2003 08:09:46 -0400

And more on this...

And if the last one wasn't enough.
JK

VIRUS WARNING The Central Command® Emergency Virus Response Team? (EVRT?)
has received virus infection reports for the new Internet Worm/Lovsan.A
. Due to increased customer inquires and infection reports the EVRT is
issuing a VIRUS WARNING.

You are receiving this news letter because you are a subscriber to the
Central Command Virus News mailing list.

[ EVRT? Virus Warning issued for Worm/Lovsan.A ]

Name: Worm/Lovsan.A
Alias: W32/Lovsan.A
Type: Internet Worm
Discovered: August 11, 2003
Platform: Windows NT/2000/XP
Size: 6.176KB


Worm/Lovsan.A is an Internet worm that exploits a known security
vulnerability in Microsoft's Windows Distributed Companent Object Model
(DCOM) Remote Procedure Call (RPC) interface. This security breach allows
someone with malicious intent to run code of their choice. TCP port directly
affected by this exploit include: 135.

If executed, Worm/Lovsan.A will download and run the file msblast.exe using
Tftp

The following are components of Worm/Lovsan.A:

- msblast.exe (the main component)

So that it gets run each time a user restart their computer the following
registry key gets added:

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"windows auto update"="msblast.exe"

Microsoft has issued a patch to protect against the exploit used by
Worm/Lovsan.A. This patch is available from Microsoft Security Bulletin
MS03-026
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-026.asp

** This worm is still under analysis

********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you know, 
in most cases, CPU Utilization IS NOT the single biggest constraint to scaling 
up?! Get this free white paper to understand the real constraints & how to 
overcome them. SAVE MONEY by scaling-up rather than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=148
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

• References:
  • [windows2000] FW: CERT Advisory CA-2003-20 W32/Blaster worm
    • From: Jim Kenzig http://thethin.net

Other related posts:

• » [windows2000] Internet Worm/Lovsan.A

1. Home
2. windows2000
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---