This policy detects the propagation of the W32.Blaster.Worm.

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download and run the Msblast.exe file.

Download ITA W32_Blaster_Worm Policy

Affected Platforms

Windows 2000

Description

This policy detects the creation of files associated with the W32.Blaster.Worm.

Policy Rules include:

• W32_Blaster_Worm Activity
  This policy detects the creation of files associated with the W32.Blaster.Worm