September 2003
New Msblast virus possible from Windows vulnerability
The source code for the second RPC critical flaw has been published on the web
BitDefender, an award-winning provider of security software and services, announce today that the source code for the second RPC critical flaw - the first one being responsible for Msblast virus creation - has been published on the web. The compiled version of the code is detected by BitDefender Antivirus products as Exploit.DCOM-RPC.A.
The history repeats itself, as the second version of the exploit was now published on the same Chinese website as the first one. BitDefender researchers reiterate that the source code of the first RPC critical flaw was used by virus writers to build the first version of Msblast - the most spread Internet worm of all times.
"We assess that the time until a new speculation of this new critical flaw will be spreading is not far", Mihai Neagu, Virus Researcher at BitDefender Lab estimates. "As far as we can see, there is a trend in computer virus writing, to take advantage of the new but verified flaws in most used software in order to wreak havoc in a large mass of computers", Mihai concluded.
In the particular circumstances entailed by the last Msblast outbreak, BitDefender experts have developed a specific feature in their antivirus scanning engines, to detect any attempt to use the Microsoft Windows DCOM-RPC vulnerability for system intrusion, successfully identifying any possible virus replication. Therefore, a virus created by using any of the two RPC flaws will be detected and reported promptly by the BitDefender Antivirus products.
All Windows users are urged to patch their systems from the following addresses, depending on their operating system:
Windows 2000:
ftp://eresources.mcg.edu/pub/Download/MS03-039/Windows%202000/Windows2000-KB824146-x86-ENU.exe
Windows XP:
ftp://eresources.mcg.edu/pub/Download/MS03-039/Windows%20XP/WindowsXP-KB824146-x86-ENU.exe
Windows NT 4 Workstation:
ftp://eresources.mcg.edu/pub/Download/MS03-039/Windows%20NT%20Workstation%204.0/WindowsNT4Workstation-KB824146-x86-ENU.EXE
Windows NT 4 Server:
ftp://eresources.mcg.edu/pub/Download/MS03-039/Windows%20NT%20Server%204.0/WindowsNT4Server-KB824146-x86-ENU.EXE
Windows 2003 Server:
http://www.microsoft.com/downloads/details.aspx?FamilyId=51184D09-4F7E-4F7B-87A4-C208E9BA4787&displaylang=en
For a permanent protection, BitDefender Antivirus commercial solutions are available for sale on the Internet or at local distributors and start from USD 29.95.
About Bitdefender®
Bitdefender is de maker van een van de snelste en meest doelmatige gamma’s van internationaal gecertificeerde internetbeveiligingssoftware. Sinds 2001 bleef Bitdefender, als een pionier in de branche, bekroonde beschermingstechnologieën introduceren en ontwikkelen. Bitdefender beschermt tegenwoordig de digitale ervaringen van zo'n 400 miljoen zakelijke- en thuisgebruikers over de hele wereld.
Onlangs won het bedrijf een reeks aan sleutelonafhankelijke aanbevelingen in de VS, het VK en in Europa, waaronder ConsumerSearch, Which?, Stiftung Warentest en Taenk. Bitdefender antivirus technologie eindigde ook aan de top in leidinggevende testen op het gebied van zowel AV Test en AV-Comparatives. Meer informatie over Bitdefender-antivirusproducten is beschikbaar op de website met beveiligingsoplossingen van het bedrijf, onder de tab 'pers'. Verder publiceert Bitdefender Malware City dat de nieuwste updates op het gebied van beveiligingsbedreigingen verschaft en gebruikers helpt om geïnformeerd te blijven over de strijd van alledag tegen malware.