W32.Blaster.Worm Reported on Campus
August 12, 2003 :: David Millar, ISC Information Security
Information Systems & Computing (ISC) has recently received
numerous reports on campus of a new worm
known as “W32.Blaster.Worm”, which has also been dubbed
"LovSan" in the press. W32.Blaster.Worm affects machines
running Windows NT, 2000, XP, or Server 2003, exploiting the recently
discovered DCOM RPC (buffer overflow) vulnerability. This security
vulnerability could allow an attacker to compromise a computer and
gain control over it.
W32.Blaster.Worm is not spread through email, but through a scanning
algorithm that targets any unprotected machine with a network connection.
In addition to giving full system access to unauthorized users, its
known effects include involuntary system reboots and attempts at
generating a denial-of-service attack on windowsupdate.com beginning
on August 16, 2003.
Users are urged to contact their Local
Support Providers (LSPs) or Information Technology Advisors (ITAs)
to determine how best to protect or disinfect their particular computer
systems. Users should also observe best practices in personal
computing security and data
protection to minimize their vulnerability to such attacks in
Additional details about W32.Blaster.Worm/LovSan can be found at the W32.Blaster.Worm
page, including measures for prevention and recovery.