Identifying computers infected with W32.Blaster.Worm or other RPC worms

Article:TECH112131  |  Created: 2003-01-04  |  Updated: 2007-01-12  |  Article URL http://www.symantec.com/docs/TECH112131
Article Type
Technical Solution


Issue



This document provides a link to information that can help you identify the computers on your network that are infected with W32.Blaster.Worm, its variants, W32.Welchia.Worm, and other RPC worms.


Solution



Symantec Security Response has profiles of W32.Blaster.Worm and W32.Welchia.Worm activity that can help you find and eradicate this family of malicious code from your network. The profile may also be used to identify other RPC worm infections. For specific information, read Detecting network traffic that may be due to RPC worms.


References
For more information on the RPC vulnerability that is exploited by these worms and a list of Symantec products that detect it, read Symantec Security Response's article Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability.





Legacy ID



2003090410200353


Article URL http://www.symantec.com/docs/TECH112131


Terms of use for this information are found in Legal Notices