Critical IGSN Virus Alert
By michael
This Critical Virus alert has been sent by the Interactive Gaming Security Network (IGSN).

www.igsn.com.

Summary:

-----------------------

Name: W32/Lovsan.worm

Alias: msblast.exe, tftp, W32.Blaster.Worm (Symantec), Win32.Poza (CA), WORM_MSBLAST.A (Trend)

Impact: Critical

Affected Systems: Windows 2000, Windows XP

Non Affected Systems: Linux, Macintosh, OS/2, UNIX, Windows 95, Windows 98, Windows Me

CVE Identification: CAN-2003-0352



Description:

-----------------------

The worm initiates a Denial of Service attack against windowsupdate.com.

The worm is able to execute without any action by the user -it does this by exploiting an unplugged hole in windows. The worm alows an attacker to remotely access and run arbitrary commands on the infected system.

This worm spreads by exploiting a recent vulnerability in Microsoft Windows. The worm scans random ranges of IP addresses on port 135. Discovered systems are targeted. Exploit code is sent to those systems, instructing them to download and execute the file MSBLAST.EXE from a remote system via TFTP.


Work Arounds:

-----------------------

Due to the nature of the worm, it may be difficult to connect to the Internet to obtain the patch, definitions, or removal tool before the worm shuts down the computer. Here are a couple suggestions:

- If you run Windows XP try activating the Windows XP firewall, to do this:

step 1: unplug the network connection

step 2: reboot

step 3: Login to your computer

step 4: Click the Start button and select Control Panel. Double-click the Network Connections icon

step 5: On the Advanced tab, under Internet Connection Firewall, select the following:

'Protect my computer and network by limiting or preventing access to this computer from the Internet' check box

*** For additional help, please see: http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp

- For both Windows 2000 and XP, changing the settings for the Remote Call Procedure (RPC) Service may allow you to connect to the Internet without the computer shutting down, follow these steps:


step 1:

Windows 2000 users, right-click the My Computer icon on the Windows desktop and then click Manage. The Computer Management window opens

Windows XP users, click the Start button, right-click the My Computer icon, click Manage. The Computer Management window opens.

Step 2: In the left pane, double-click Services and Applications and then select Services. A list of services appears.

Step 3: In the right pane, locate the Remote Procedure Call (RPC) service.

Step 4: Right-click the Remote Procedure Call (RPC) service and click Properties. Click the Recovery tab.

Step 5: Using the drop-down lists, change First failure, Second failure, and Subsequent failures to 'Restart the Service.'

Step 6: Click Apply and then OK



Removal Tools:

-----------------------

Symantic has provided a removal tool that can be found here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html


Manual Removal Instructions:

-------------------------------

To remove this virus manually, follow these steps:

1) Apply the MS03-026 patch located here:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

2) Terminate the process msblast.exe. Instructions can be found here:

http://vil.nai.com/vil/systemhelpdocs/endtask.htm

3) Delete the msblast.exe file from your WINDOWS SYSTEM32 directory

(typically c:\windows\system32 or c:\winnt\system32)

4) Edit the registry. Help can be found here:

http://vil.nai.com/vil/SystemHelpDocs/Regedit.htm

5) Delete the 'windows auto update' value from:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

Windows\CurrentVersion\Run


Additional Windows ME/XP removal considerations can be found here:

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm


***For an alternate in depth method, please see the following link:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html (under Removal Instructions)



Further Reference:

-----------------------


1) McAfee: http://us.mcafee.com/virusInfo/default.asp?id=lovsan#indications

2) Symantic: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

3) Microsoft: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

--------------------------

www.igsn.com

www.arizonabay.com

We respect your privacy, and honor all requests to be removed from our contact list.

Click on this link to be removed from all further contacts https://www.igsn.com/emailReports/removecontact.cfm?UserID=1531

Our Privacy Policy can be viewed at the following link:

https://www.igsn.com/policy/privacyPolicy.cfm

 
 
 
 
 
Online Casino News.com provides online gamblers with information on online casino gambling, sports betting tips, wining casino tips, internet casino reviews, sports odds, matchups, results, editorial and much, much more… We also have an industry insider’s section including Internet gaming press releases, a calendar of events and gaming industry news.
Bluff Europe: Europe's leading Poker Magazine brings you the latest Poker News, Player Interviews and all the best Online Poker offers Poker in the Park: Europe's largest Poker Festival.