Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to mitigate the impact of the W32.Blaster worm

Core issue

The signature of the Blaster worm appears as User Datagram Protocol (UDP) traffic to port 69 and high volumes of Transmission Control Protocol (TCP) traffic to port 135 and 4444.

Affected customers experience high volumes of traffic from both internal and external systems.

Symptoms on Cisco devices include, but are not limited to, high CPU and traffic drops on the input interfaces.

The worm has been referenced by these names:

  • W32.Blaster
  • msblast.exe
  • Lovsan
  • Poza
  • Exploit-DcomRpc

Resolution

This worm exploits a vulnerability previously disclosed by Microsoft.

For more information, refer to Microsoft Security Bulletin MS03-026.

 

The two worms that exploit systems unpatched for MS03-026 are referred to as Blaster and Nachi.

For recommendations on mitigating the Nachi worm, refer to Cisco Security Notice: Nachi Worm Mitigation Recommendations.

For specific recommendations on mitigating the impact of the Blaster worm, refer to Cisco Security Notice: W32.BLASTER Worm Mitigation Recommendations.

Problem Type

Currently under attack (security threats, worms & viruses)

Security Threats and Attacks

W32.BLASTER

823
Views
0
Helpful
0
Comments