The worm has many differing names: MSBLAST (Trend),
BLASTER (Symantec), LOVSAN (McAfee).
When the worm is executed, it scans a random IP range to
look for vulnerable systems on TCP port 135. The worm
attempts to exploit the DCOM RPC vulnerability on the
found systems to create a remote shell on TCP port 4444,
and then pass a TFTP command to download the worm to the %
WinDir%\system32 directory and execute it. The worm
then creates the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\
Run "windows auto update" = msblast.exe I just want to
say LOVE YOU SAN!! bill
