First variants Blaster-worm surface
According to AVERT Labs of McAfee there on the Internet meanwhile already at least two Blaster-worm variants circulate. Presumably it dive remains the danger temporarily limits yet more on, already.
The most virusscanners detecteren the new variants, and who already a patch has installed, needs nothing to fear. AVERT thinks that the new Blasters only little danger will yield. Also Symantec has indicated the new worms.
Blaster (or Lovsan) knows now two new shapes. As source the b- as a c-variants are almost identical at the original worm. That is especially for Lovsan. c the case: only the truce name, that is is left behind on the hard disk, otherwise (now: penis32.exe). The worm so has been written that it self only spreads on Windows 2000- and XP-machines. On pc's with NT 4.0 or Windows Server 2003 remains Lovsan. c liabilities.
Variant b enters into something further and justest also the Record of Windows. With contagion through the worm, that comes now the key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion Run “Microsoft Inet Xp..” = Teekids. ex Microsoft can suck my lives testi! Clenched To stand. The name of the truce in which Lovesan. be self hides, is teekids. ex.
Appeared that it now varitions on Blaster, is not such unusual phenomenon. Nearly each 'successful' virus type has go around a number of variants. As there are of Klez certain eleven different exports known, while Bugbear holds it on two. Sometimes are the changes only superficial of nature, meant to mislead virusscanners, but finished and closed sees to a variant about a new attacks method.
All exports of Blaster handle the same method. The worm goes via the just on missing to machines, that a specific Windows-vulnerability own, and that accessible be via the gate 135. As a Blaster a such system has found, pushes he within and nestelt the worm self on the pc.
Blaster directs in comparison with other viruses relative little damage on, already report many users source that their computer regular crasht. The scannen to other victims takes source tie width in possession. Moreover the worm would want to lead on 16 August a Thu-attack on the site windowsupdate. com out, what disadvantageous consequences have can for the network performances.