It is reported that a new worm is rapidly spreading through the Internet. The program is exploiting an unpatched RPC/DCOM vulnerability. The program will attempt to run a program named ?msblast.exe? which spreads the worm and will initiate a denial of service against windowsupdate.com on August 16.

Infection can be verified by checking a registry modification. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run will have an entry of "windows auto update"="msblast.exe".

Major anti-virus vendors have released updates to their products to identify the new worm and provide removal instructions. If your computer is missing the MS03-026 patch, please verify that your computer has any infection removed and is properly patched before reconnecting it to the campus network.

References: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.securityfocus.com/news/6689
http://xforce.iss.net/xforce/alerts/id/150
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp