Worm/Lovsan.A is an Internet worm that exploits a known security vulnerability in Microsoft's Windows Distributed Companent Object Model (DCOM) Remote Procedure Call (RPC) interface. This security breach allows someone with malicious intent to run code of their choice. TCP port directly affected by this exploit include: 135.
If executed, Worm/Lovsan.A will download and run the file msblast.exe using Tftp
The following are components of Worm/Lovsan.A:
- msblast.exe (the main component)
So that it gets run each time a user restart their computer the following registry key gets added: