1. Symantec/
  2. Security Response/
  3. W32.Blaster.T.Worm


Risk Level 2: Low

April 21, 2004
February 13, 2007 12:21:42 PM
Also Known As:
W32/Blaster-G [Sophos], WORM_MSBLAST.I [Trend], W32/Blaster.worm.k [McAfee]
Systems Affected:
CVE References:

W32.Blaster.T.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP computers.

While Windows NT and Windows 2003 servers are vulnerable to the exploit if they are not properly patched, the worm is not coded to replicate to those systems.

W32.Blaster.T.Worm does not have a mass-mailing functionality.

For additional information, read the Microsoft article, "What You Should Know About the Blaster Worm and Its Variants."

We recommend that you block access to TCP port 4444 at the firewall level. Also block the following ports if you do not use either DCOM RPC or TFTP:
  • Block TCP Port 135 if you do not use DCOM RPC.
  • Block UDP Port 69 if you do not use TFTP.

The worm also attempts to perform a Denial of Service (DoS) on the Microsoft Windows Update Web server (windowsupdate.com). This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.

Click here for more information on the vulnerability that this worm exploits and to find out which Symantec products can help mitigate the risks of this vulnerability. This information was added as a specific detection beginning with the virus definitions dated April 21, 2004. Virus definitions prior to this date (beginning with definitions released February 23, 2004 (20040223.007), detect this threat as Bloodhound.Packed or W32.Blaster.Worm.

Antivirus Protection Dates

  • Initial Rapid Release version April 21, 2004
  • Latest Rapid Release version August 20, 2008 revision 017
  • Initial Daily Certified version April 21, 2004
  • Latest Daily Certified version August 20, 2008 revision 016
  • Initial Weekly Certified release date April 21, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Benjamin Nahorney

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube