1. /
  2. Security Response/
  3. W32.Blaster.B.Worm

W32.Blaster.B.Worm

Risk Level 2: Low

Discovered:
August 13, 2003
Updated:
February 13, 2007 12:05:46 PM
Also Known As:
WORM_MSBLAST.B [Trend], Win32.Poza.C [CA], W32/Lovsan.worm.c [McAfee], Worm.Win32.Lovesan [Kaspesky], W32/Blaster-A [Sophos]
Type:
Worm
Systems Affected:
Windows 2000, Windows XP
CVE References:
CAN-2003-0352


W32.Blaster.B.Worm is a variant of W32.Blaster.Worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP port 135. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit if it is not properly patched, the worm is not coded to replicate to those systems.

This worm attempts to download the penis32.exe file to the %WinDir%\System32 folder, and then execute it. This worm does not have any mass-mailing functionality.

Antivirus Protection Dates

  • Initial Rapid Release version August 13, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version August 13, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date August 13, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High
Writeup By: Fergal Ladley

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver