And more on this... And if the last one wasn't enough. JK VIRUS WARNING The Central Command® Emergency Virus Response Team? (EVRT?) has received virus infection reports for the new Internet Worm/Lovsan.A . Due to increased customer inquires and infection reports the EVRT is issuing a VIRUS WARNING. You are receiving this news letter because you are a subscriber to the Central Command Virus News mailing list. [ EVRT? Virus Warning issued for Worm/Lovsan.A ] Name: Worm/Lovsan.A Alias: W32/Lovsan.A Type: Internet Worm Discovered: August 11, 2003 Platform: Windows NT/2000/XP Size: 6.176KB Worm/Lovsan.A is an Internet worm that exploits a known security vulnerability in Microsoft's Windows Distributed Companent Object Model (DCOM) Remote Procedure Call (RPC) interface. This security breach allows someone with malicious intent to run code of their choice. TCP port directly affected by this exploit include: 135. If executed, Worm/Lovsan.A will download and run the file msblast.exe using Tftp The following are components of Worm/Lovsan.A: - msblast.exe (the main component) So that it gets run each time a user restart their computer the following registry key gets added: - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows auto update"="msblast.exe" Microsoft has issued a patch to protect against the exploit used by Worm/Lovsan.A. This patch is available from Microsoft Security Bulletin MS03-026 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS03-026.asp ** This worm is still under analysis ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=148 ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm