Hi there ive just installed and activated avast, i keep getting the following message appear in the bottom right,
Network Shield: blocked “DCOM Exploit” - attack from xxx.xx.xxx.xxx:135/tcp (x being the attackers IP)
I get this message every few minutes, which has me concerned because i didnt have my pc firewalled initially.
What is the risk of this attack and what does the attack achieve by doing it?
Network Shield is a protection against known Internet worms/attacks. It analyses all network traffic and scans it for malicious contents. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System).
Messages like:
Network Shield: blocked “DCOM Exploit” - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135. Basically, it could be infected by Internet worms such as Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser.