Re: How is Blaster caught?

From: Tim H. (tekphobia_at_comcast.net)
Date: 08/14/03


Date: Thu, 14 Aug 2003 17:23:15 GMT


"Martin C.E." <martin_2003@mail.com> wrote in message
news:93D7B98B2AAFF835A@130.133.1.4...
> How is the Blaster worm caught?
>
> I looked at http://vil.nai.com/vil/content/v_100547.htm
> but I was no wiser.
>
> A worm to me is something which propagates by email. But some tech
> support guy I spoke to said that Blaster propagated just by the user
> visiting a web page.

I hope he wasn't Tech. Support for a major anti-virus company!

As someone else said, it catches you. If your system is unpatched, another
PC on the network infected with the virus will scan random IP addresses
looking for its next victim. If your system happens to be unpatched and
response to DCOM RPC requests, it'll send its packet to effictively change
the operation of DCOM RPC to server another function: listen for remote
connections.

When this remote connection comes in, it essentially commands your PC to
download and run a file. From there it continues (scanning, infecting,
executing).

-TIm

>
> Can anyone advise me on the true way Blaster is caught.