Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1396
Views
0
Helpful
0
Comments

How to mitigate the impact of the W32.Blaster worm

TCC_2
Level 10
Level 10

‎06-17-2009 10:12 PM - edited ‎03-08-2019 06:01 PM

Core issue

The signature of the Blaster worm appears as User Datagram Protocol (UDP) traffic to port 69 and high volumes of Transmission Control Protocol (TCP) traffic to port 135 and 4444.

Affected customers experience high volumes of traffic from both internal and external systems.

Symptoms on Cisco devices include, but are not limited to, high CPU and traffic drops on the input interfaces.

The worm has been referenced by these names:

  • W32.Blaster
  • msblast.exe
  • Lovsan
  • Poza
  • Exploit-DcomRpc

Resolution

This worm exploits a vulnerability previously disclosed by Microsoft.

For more information, refer to Microsoft Security Bulletin MS03-026.

 

The two worms that exploit systems unpatched for MS03-026 are referred to as Blaster and Nachi.

For recommendations on mitigating the Nachi worm, refer to Cisco Security Notice: Nachi Worm Mitigation Recommendations.

For specific recommendations on mitigating the impact of the Blaster worm, refer to Cisco Security Notice: W32.BLASTER Worm Mitigation Recommendations.

Problem Type

Currently under attack (security threats, worms & viruses)

Security Threats and Attacks

W32.BLASTER

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents