Bolgimo is a Win32 computer worm, a self-replicating computer program similar to a computer virus, which propagates by attempting to exploit unpatched Windows computers vulnerable to the DCOM RPC Interface Buffer Overrun Vulnerability[1] using TCP port 445 on a network. The worm was discovered on November 10, 2003 and targets Windows NT, 2000 and XP Operating Systems.

If a target computer is successfully infected, the worm will call the user's attention to the fact that the machine is vulnerable, download the patch to the user's desktop and run the patch installer. The worm also attempts to shut down processes linked to other malware known to exploit the same vulnerability, like MSBlaster.[2]


Worm.Win32.Bolgi (Kaspersky)
W32/Bolgimo.worm (McAfee)
W32.Bogi.Worm (Symantec)
Worm/Bolgi.A (Avira)
W32/Bolgi-A (Sophos)
Worm:Win32/Bolgimo.A (Microsoft)


  1. ^ "Microsoft Security Bulletin MS03-026".
  2. ^ "Symantec W32.Bolgi.Worm".