Symantec ( http://www.symantec.com/ ) have released new infos about 2 new worms very similar to the blaster
W32.Mimail.T@mm:
W32.Mimail.T@mm is a mass mailing worm. It attempts to mail itself to the email addresses found on the system. The message body and subject lines can vary.
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
and
W32.HLLW.Gaobot.JB:
W32.HLLW.Gaobot.JB is a minor variant of W32.HLLW.Gaobot.BF that uses a different file name and is repacked with PECompact. It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.
The worm uses multiple vulnerabilities to spread, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445.
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
Thats all for now m8s take care !
W32.Mimail.T@mm:
W32.Mimail.T@mm is a mass mailing worm. It attempts to mail itself to the email addresses found on the system. The message body and subject lines can vary.
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
and
W32.HLLW.Gaobot.JB:
W32.HLLW.Gaobot.JB is a minor variant of W32.HLLW.Gaobot.BF that uses a different file name and is repacked with PECompact. It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.
The worm uses multiple vulnerabilities to spread, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445.
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
Thats all for now m8s take care !