W32.Blaster.Worm getting out of control

There has been quite a lot of TCP port 135 activities lately. This new Internet worm has been hitting quite a lot of people across the globe, and there is no exception at work. First of all, yesterday morning J in Canberra called in asking what has happened to his new Windows XP computer that constantly reported "RPC error" and then rebooted itself. I was not aware of the worm infection then, and I could do nothing to provide any help...

Then this morning another two colleagues reported the same symptoms with their home PC's, when they connected to the Internet last night. But this time I am better informed. Here's the security response from Symantec that someone forwarded to me.


So far the situation is not looking good - all Windows machines on the Internet without the Microsoft patch or without firewall have high possibility to be infected. And there is also possibility the worm might creep into a well firewalled intranet, if an infected portable computer is introduced to the network. A friend from Warrane college told me that many residents have their boxes infected by this worm. Someone else told me that his Windows computer got attacked by the worm within seconds connected to the Internet via dial-up. Sounds very serious...

External traffic at work is blocked by the firewall, but there are quite a few notebook computers connected. Home network is firewall protected as well, but still I'll run through the Windows Update as soon as I have chance. And so should you, those who are still surfing on the net now with an unpatched Windoze.

At least I don't have to worry about my Linux and Mac boxes at home :)

Updated 15 August 2003: Some of boxes at work has caught the worm! I thought we have been well firewalled from the Internet, so I felt reluctant to upgrade some of the Windows 2000/XP boxes at work. But someone at (still investigating who is it) connected his infected notebook computer to the intranet, and the worm spreads!! D'oh! Have to go and patch up all the boxes now... :(