Based on the number of submissions received from customers and based on information from the Symantec's DeepSight Threat Management System, Symantec Security Response has upgraded this threat to a Category 4 from a Category 3 threat. W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and execute it. Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:
* TCP Port 135, "DCOM RPC"
* UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service (DoS) on Windows Update. This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.
Click here for more information on the vulnerability that this worm exploits, and to find out which Symantec products can help mitigate risks from this vulnerability.
Symantec Security Response has developed a removal tool to clean infections of W32.Blaster.Worm.
