What You Should Know About the Blaster Worm
Updated
August 12, 2003, 6:30 P.M. Pacific Time
|
At 11:34 A.M. Pacific Time
on August 11, Microsoft began investigating a worm reported by Microsoft
Product Support Services (PSS). A worm is a subclass of a virus that generally
spreads without user action and distributes complete copies (possibly modified)
of itself across networks. A worm can consume memory or network bandwidth, thus
causing a computer to stop responding.
Update Several antivirus
companies have responded and written tools to remove the Blaster worm.
Definitions
|
worm n.) |
|
|||
|
|
A
subclass of virus. A worm generally spreads without user action and
distributes complete copies (possibly modified) of itself across networks. A
worm can consume memory or network bandwidth, thus causing a computer to stop
responding. Compare virus. |
|
||
|
|
virus (n.) |
||
|
|
Code
written with the express intention of replicating itself. A virus attempts to
spread from computer to computer by attaching itself to a host program. It
may damage hardware, software, or data. Compare worm. |
||
Who Is Affected?
Users of the following
products are affected:
·
Microsoft® Windows NT® 4.0
·
Microsoft Windows® 2000
·
Microsoft Windows XP
·
Microsoft Windows Server™ 2003
The virus was discovered
August 11. Customers who had previously applied the security patch MS03-026 are
protected. To determine if the worm is present on your machine, see
the technical details section of the PSS Security Response Team Alert.
Why We Are Issuing This
Alert
A new worm known as
W32.Blaster.Worm (also known as MBlaster, W32/Lovsan.worm, MSBlast,
W32.blaster.worm, Win32.posa.worm, Win32.poza.worm) has been identified that is
seeking to exploit the vulnerability that was addressed by Microsoft Security
Bulletin MS03-026. Blaster is designed to launch a denial of service attack
against Microsoft's Windows Update Web site.
Actions to Take
Microsoft recommends
taking the following actions immediately:
For System
Administrators and Technical Computer Users
Read
the PSS Security Response Team alert for technical guidance.
For Home Computer Users
If you are using Windows
NT 4.0, Windows 2000, Windows XP, or Windows Server 2003, you should follow the
steps in this sequence to help protect your system and to recover if your
system has been infected.
1.
Make sure you have a firewall installed and activated to help protect
your computer against infection, before you take other steps. If your computer
has been infected, activating firewall software will help limit the effects of
the worm on your computer.
·
If you have Windows XP or Windows Server 2003, follow
these instructions to enable the Internet Connection Firewall.
·
If you have Windows NT 4.0 or Windows 2000, you will need to install a
third-party firewall. Most firewall software for home users is available in
free or trial versions. Check the following resources for more information on
personal firewalls:
o
ZoneAlarm
Pro (Zone Labs)
o
Tiny Personal
Firewall (Tiny Software)
o
Outpost
Firewall (Agnitum)
o
Kerio Personal
Firewall (Kerio Technologies)
o
BlackICE
PC Protection (Internet Security Systems)
These
products also work with Windows XP.
2.
Alternatively, if you use Windows 2000, you can take steps to block
the affected ports so that your computer can be patched. Here are some modified
instructions from the TechNet article HOW TO: Configure TCP/IP
Filtering in Windows 2000.
0.
In the Control Panel, double-click Network and Dial-up
Connections.
1.
Right-click the interface you use to access the Internet, and then
click Properties.
2.
In the Components checked are used by this connection box,
click Internet Protocol (TCP/IP),
and then click Properties.
3.
In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced.
4.
Click the Options tab.
5.
Click TCP/IP filtering, and then click Properties.
6.
Select the Enable TCP/IP Filtering (All adapters) check box.
7.
There are three columns with the following labels:
·
TCP Ports
·
UDP Ports
·
IP Protocols
In
each column, you must select the Permit Only option.
8.
Click OK.
3.
Download and install the security update addressed in Security
Bulletin MS03-026 for the version of Windows that you are using from the
Microsoft Download Center. When you click the appropriate link below, a dialog
box appears. To begin the download process, do one of the following:
To start the installation
immediately, click Open or Run this program from its current location.
To copy the download to your computer for installation at
a later time, click Save or Save this program to disk.
0.
Windows
NT Server 4.0 and Windows NT Workstation 4.0
1.
Windows
NT Server 4.0, Terminal Server Edition
2.
Windows
2000
4.
Make sure you install and use antivirus software.
·
If you have antivirus software installed, get the latest virus
definitions from your antivirus vendor's Web site.
·
If you do not have antivirus software installed, visit
Windows Catalog for a list of antivirus software vendors.
5.
If you think your computer has been infected, use the worm removal
tool available at your antivirus vendor's Web site. For additional details on
this worm from antivirus software vendors participating in the Microsoft Virus
Information Alliance (VIA) please visit the following links:
·
Symantec
Learn
about Microsoft's
Virus Information Alliance.
Microsoft Product
Support Services
If you still need
assistance with virus-related issues, please contact PSS:
·
For Microsoft Product Support Services within the United States and
Canada, call toll-free (866) PCSAFETY (727-2338).
·
For Microsoft Product Support Services outside the United States and
Canada, visit the Product Support Services Web page.
Additional Resources
·
Get
more technical details about Microsoft Security Bulletin MS03-026
·
Get
more info on protecting your computer from viruses
AN ALTERNATIVE method when all things
fail !!!
You cn follow these steps :
1/ log on as normal
2/Go to Control Panel
--->Administrative Tools --->Computer Management --->Users and Group
----> Click on that and create a new user
3/ Log off the normal
account
4/ Log on as new user----
Now you are able to access to the web
5/ Download pack
http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe
then download scan virus
software
http://vil.nai.com/vil/stinger/
That will surely fix the
problem