MSBlast Virus
Whether you found out from a friend or you are one of the poor souls that currently has the MSBlast Virus - it’s important that you know what’s going on.
MSBlast does not spread via e-mail. Instead, it scans the Internet (on port 135) looking for vulnerable computers. When it finds one, it attempts to exploit the DCOM RPC buffer overflow, create a remote root shell on TCP port 4444, then use FTP to download a file called msblast.exe onto the infected computer.
MSBlast contains a denial-of-service (DoS) attack aimed at Microsoft’s windowsupdate.com. The attack will start on August 15 and continues throughout the end of the year. MSBlast updates the system Registry with the following line so that it will run each time the computer is rebooted.
Hkey_local_machine\software\Microsoft\Windows\CurrentVersion\ Run “windows auto update” = msblast.exe I just want to say LOVE YOU SAN!! Bill
So what can you do? First of all, if you haven’t received it already, you’ll want to do a Windows Update. This will patch the problem on your computer and you can rest free while surfing the web.
If you have received the virus, you’ll want to download the removal tool from the Symantec website.
