Identifying computers infected with W32.Blaster.Worm or other RPC worms
| Article:TECH112131 | | | Created: 2003-01-04 | | | Updated: 2007-01-12 | | | Article URL http://www.symantec.com/docs/TECH112131 |
Problem
This document provides a link to information that can help you identify the computers on your network that are infected with W32.Blaster.Worm, its variants, W32.Welchia.Worm, and other RPC worms.
Solution
Symantec Security Response has profiles of W32.Blaster.Worm and W32.Welchia.Worm activity that can help you find and eradicate this family of malicious code from your network. The profile may also be used to identify other RPC worm infections. For specific information, read Detecting network traffic that may be due to RPC worms.
References
For more information on the RPC vulnerability that is exploited by these worms and a list of Symantec products that detect it, read Symantec Security Response's article Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability.
|
|
Legacy ID
2003090410200353
Article URL http://www.symantec.com/docs/TECH112131
Terms of use for this information are found in Legal Notices
Thank you.