Feeds

Blaster worm variants make mischief

Copycat bugs

  • alert
  • submit to reddit

Security for virtualized datacentres

Anti-virus firms are warning of the appearance of fresh variants of the Blaster worm, the first version of which created chaos by crashing numerous vulnerable Windows machines earlier this week.

Two new variants of Blaster (AKA Lovesan), first spotted yesterday, are both minor variations on the original worm. The two variants are called Blaster-B and (surprise, surprise) Blaster-C.

According to an analysis by Kaspersky Labs on Blaster-C, slight changes have been applied to the appearance of the worm such as a new name of the main worm-carrier file (TEEKIDS.EXE instead of MSBLAST.EXE), a new method of the code compression (FSG instead of UPX), and new "copyright" strings in the body of the worm abusing Microsoft and anti-virus developers. Similar types of changes have been applied to Blaster-B (eg. PENIS32.EXE instead of MSBLAST.EXE etc.)

The worm code essentially remains the same in the copycats as in the original. For this reason most AV scanners will spot the new variants without additional updates.

Vincent Weafer, Senior Director at Symantec Security Response Centre, said it seeing very little extra activity as a result of either Blaster-B or Blaster-C, which he described as "very minor 'renamed and repacked' variants" of the original Blaster worm. However he urged caution because additional variants of the worm, some of which may prove to be even more potent than the original worm, can be expected. ®

Related Stories

Blaster worm spreading rapidly
Panel probes the half-life of bugs
Microsoft issues doubleplus critical security fix
The Hackers Who Broke Windows

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.