MSBlast copycat on the loose ..full story


TechWeb News, CRN
Thursday, 14 August 2003


It didn't take long for a quick copycat of MSBlast to show its face. Wednesday, Moscow-based security firm Kaspersky Labs detected a variation of the MSBlast worm loose in the wild.

The worm, which has not yet been named, is a near doppelganger of MSBlast, with only slight changes. The name of the primary worm-carrier file--MSBLAST.EXE in the original--is now TEEKIDS.EXE. The variation's code has also been compressed with FSG rather than UPX, and a new string of text buried within the code takes different potshots at both Microsoft and anti-virus developers.


The danger is that while the two worms are very similar--and exploit the same RPC vulnerability in Windows--it's possible for both to co-exist on the same computer.


"In other words, all computers infected by the original will soon be attacked by its revamped version," said Eugene Kaspersky, the head of anti-virus research at the Russian company.

article from

well there ya go..
knew it wouldnt take long.
$20 says there will be another out next week...

Peace
Netcomm

As long as you havethis patch the rcp exploit can not be used against you so as long as you have the patch you should be pretty much protected against all of theese rcp worms.

yes..
just got infected with it..
as soon as i saw the thingy on my process list
i knew there was a new kid on the block.
its just 6kb...

That patch is BS you can ALWAYS get infected all you need is a small differ of a string in that code that will still work and there you go its done there will never be a way to block any attack at least not anytime soon