Miért?
-
Madmaxx #129 Name: Worm/Lovsan.A
Alias: W32/Lovsan.A
Type: Internet Worm
Discovered: August 11, 2003
Platform: Windows NT/2000/XP
Size: 6.176KB
Worm/Lovsan.A is an Internet worm that exploits a known security vulnerability in Microsoft's Windows Distributed Companent Object Model (DCOM) Remote Procedure Call (RPC) interface. This security breach allows someone with malicious intent to run code of their choice. TCP port directly affected by this exploit include: 135.
If executed, Worm/Lovsan.A will download and run the file msblast.exe using Tftp
The following are components of Worm/Lovsan.A:
- msblast.exe (the main component)
So that it gets run each time a user restart their computer the following registry key gets added:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"windows auto update"="msblast.exe"
Microsoft has issued a patch to protect against the exploit used by Worm/Lovsan.A. This patch is available from Microsoft Security Bulletin MS03-026
** This worm is still under analysis