W32.Blaster.Worm (and variants)

August 12, 2003

A severe new worm W32.Blaster.Worm is spreading rapidly around the world and has been confimed on multiple computers at Virginia Tech. The code can infect Windows 2000 and Windows XP. Users are strongly encouraged to run Live Update to get the latest virus definitions and scan for the worm. Users are also strongly encouraged to visit http://windowsupdate.microsoft.com/ to install any critical updates needed on your computer.

Infection Methods

W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm will attempt to download and run the Msblast.exe file.

Since this is a worm, it does not travel via e-mail and campus-wide security measures are not effective in preventing infection from this threat.

Removal Tools

Recommended: Download the automatic removal tool for all variants of the Blaster Worm.


You can find removal information for all variants of this worm at:

More information on these womrs can be found at the following site:
http://www.microsoft.com/security/incident/blast.php