Showing results for 
Search instead for 
Did you mean: 

W32.Blaster update


W32.Blaster update

Two new varients of the W32.Blastetr worm have now been located.

Convieniently named Blaster.B and Blaster.C, there are now major changes in how the worms function, stored and the components delivered.

The new varients now use a different compression system to deliver there payload, which is allowing for other components to be added.

W32.Blaster.B has the same payload, however, carries a different filename to MSBLAST.EXE

W32.Blaster.C now includes the following components.

  • index.exe (32,045 bytes) - drops the worm and Backdoor components. Detected as W32.Blaster.C.Worm.
  • root32.exe (19,798 bytes) - backdoor component detected as Backdoor.Lithium.
  • teekids.exe (5,360 bytes) - worm component detected as W32.Blaster.C.Worm

Official +Net annoucments can be viewed at
Important security notice
Important security notice - Update

Further details can be found at the following locations:

W32.Blaster (Symantec)
W32.Blaster.B (Symantec)
W32.Blaster.B (Kaspersky)
W32.Blaster.C (Symantec)
Varient notification (El Reg - The Register)
Security Bulletin MS03-026 (Microsoft)

W32.Blaster update

That's what we want. Pity you can't embed tags in the title to make it stand out? Well done. Cheesy

W32.Blaster update

All updated :lol:

W32.Blaster update

the attack on MS should start on the 16th the aniversery of Elvis death. Can we expect problemson +Net with the network swamped?

W32.Blaster update

Yes, if the infection rate is high amongst users.

There is a article (noted HERE) expecting issue to start happening accross timezones now.

Try keeping your eye on the Service utilisation.
Posts: 102
Registered: 08-08-2007

W32.Blaster update

My firewall has been hit by over 500 distinct IP addresses from within PlusNet's precincts over the last three days. There is bound to be an impact. :shock:

W32.Blaster update

Microsofts site will be ok as its running Linux

That says it all