W32.Blaster.Worm Reported on Campus

August 12, 2003 :: David Millar, ISC Information Security Officer

Information Systems & Computing (ISC) has recently received numerous reports on campus of a new worm known as “W32.Blaster.Worm”, which has also been dubbed "LovSan" in the press. W32.Blaster.Worm affects machines running Windows NT, 2000, XP, or Server 2003, exploiting the recently discovered DCOM RPC (buffer overflow) vulnerability. This security vulnerability could allow an attacker to compromise a computer and gain control over it.

W32.Blaster.Worm is not spread through email, but through a scanning algorithm that targets any unprotected machine with a network connection. In addition to giving full system access to unauthorized users, its known effects include involuntary system reboots and attempts at generating a denial-of-service attack on windowsupdate.com beginning on August 16, 2003.

Users are urged to contact their Local Support Providers (LSPs) or Information Technology Advisors (ITAs) to determine how best to protect or disinfect their particular computer systems. Users should also observe best practices in personal computing security and data protection to minimize their vulnerability to such attacks in the future.

Additional details about W32.Blaster.Worm/LovSan can be found at the W32.Blaster.Worm page, including measures for prevention and recovery.