MSBlast Copycat On The Loose

The worm, which has not yet been named, is a near doppelganger of MSBlast, with only slight changes. The name of the primary worm-carrier file--MSBLAST.EXE in the original--is now TEEKIDS.EXE. The variation's code has also been compressed with FSG rather than UPX, and a new string of text buried within the code takes different potshots at both Microsoft and anti-virus developers.

The danger is that while the two worms are very similar--and exploit the same RPC vulnerability in Windows--it's possible for both to co-exist on the same computer.

"In other words, all computers infected by the original will soon be attacked by its revamped version," said Eugene Kaspersky, the head of anti-virus research at the Russian company.

This story courtesy of TechWeb.