Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It exploits the RPC DCOM vulnerability in order to spread to other computers.|
|First detected on:||Aug. 14, 2003|
|Detection updated on:||Jan. 3, 2007|
Blaster.gen is not a worm, but a generic detection for future variants of the Blaster family. This group of worms have the following common characteristics:
It infects only Windows 2003/XP/2000/NT computers.
It exploits the Buffer Overrun in RPC Interface vulnerability to spread to as many computers as possible.
It spreads by attacking IP addresses generated at random and exploits the vulnerability mentioned above to download a copy of itself to the compromised computer. In order to do this, Blaster.gen incorporates its own TFTP (Trivial File Transfer Protocol) server.
If you have a Windows 2003/XP/2000/NT computer, it is highly recommendable to download the security patch from the Microsoft website. Click here to access the web page for downloading the patch.
A clear indication that Blaster.gen has reached the computer is that the network traffic increases on the TCP 135 and 4444 and UDP 69 ports.