| Port No | 6669 |
| Service Name | CBLADE |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This memory-resident Internet worm uses a known MS SQL 7 server vulnerability to propagate. The vulnerability allows the execution of a command shell on systems with the Systems Administrator account’s password set as empty by default. This worm is also capable of performing a Distributed Denial of Service Attack (DDoS Attack) on target systems. It instructs the exploited MS SQL servers to connect to an IRC server to receive instructions from the attacker. |
| Reference Link | CBLAD |
| Attack | Solution: TScan your computer and take down the complete path and filename of the file detected as WORM_CBLAD.A. Click Start>Run, type Regedit then hit the Enter key . Double click the following: HKEY_LOCAL_MACHINE> Software> Microsoft> Windows> CurrentVersion> Run In the right panel, search for any of the registry keys that contains the following. This is the registry key that grants the capability to load the worm whenever the PC is started: “Taskreg” Highlight the registry key that loads the file and then delete it. Exit the registry. Click Start>ShutDown>"Restart” then hit the Enter key. Scan your system with Trend Micro antivirus and delete all files detected as WORM_CBLAD.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.