Contact Us Careers Newsroom Privacy Support A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The worm exploit startsby decrypting itself using 32-bit arithmetic operations. The worm then attempts to access the kernel32.dll base address in memory to locate the following API addresses: LoadLibraryA WaitForSingleObject CreateProcessA The DDoS attack launched by W32/Lovsan.worm interrupted some sites and created general network congestion, but itappears to have been defeated bymodifications to the domains and through othersafeguards that preventthe wormfrom resolving

TruSecure does not expect this worm to be as effectiveas CodeRed, Nimda or SQL Slammer. Alert 6513 has been consolidated into this alert. Currently, DNS records for windowsupdate.com redirect to the correct site. Check This Out YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK.