The signature of the Blaster worm appears as User Datagram Protocol (UDP) traffic to port 69 and high volumes of Transmission Control Protocol (TCP) traffic to port 135 and 4444.
Affected customers experience high volumes of traffic from both internal and external systems.
Symptoms on Cisco devices include, but are not limited to, high CPU and traffic drops on the input interfaces.
The worm has been referenced by these names:
This worm exploits a vulnerability previously disclosed by Microsoft.
For more information, refer to Microsoft Security Bulletin MS03-026.
The two worms that exploit systems unpatched for MS03-026 are referred to as Blaster and Nachi.
For recommendations on mitigating the Nachi worm, refer to Cisco Security Notice: Nachi Worm Mitigation Recommendations.
For specific recommendations on mitigating the impact of the Blaster worm, refer to Cisco Security Notice: W32.BLASTER Worm Mitigation Recommendations.
Currently under attack (security threats, worms & viruses)