Hi All The virus is w32.blaster.worm - the details were released by Symantec about 12 hours ago. The hole it is using was patched by Microsoft a couple of weeks ago.
Here is the link to the Symantec write up http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html It would appear to be improperly written to Windows XP (rumor has it a miswritten call to RPC designed for Windows 2000 will cause the service to crash in Windows XP, leading to the reboot). Hope this helps James R. Day (202) 354-1464 [EMAIL PROTECTED] |---------+----------------------------------> | | Carlos Magalhaes | | | <[EMAIL PROTECTED]> | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 08/12/2003 02:04 PM ZE2| | | Please respond to | | | ActiveDir | |---------+----------------------------------> >--------------------------------------------------------------------------------------------------------------------------------| | | | To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> | | cc: | | Subject: RE: [ActiveDir] OT: Has anyone had a problem with the RPC call to the OS | >--------------------------------------------------------------------------------------------------------------------------------| Do you have the exact virus name? CM(See attached file: InterScan_Disclaimer.txt)
InterScan_Disclaimer.txt
Description: Binary data