Blaster Worm
- Thread starter listedguru
- Start date
Jeez, guys. It really hurts me to read threads like this time and again with every Windows virus. There's a big one that comes out several times a year and two days later everyone forgets all about it.
Protect yourself longterm and you'll never have to worry about the next virus:
A) Get a firewall. This will stop 99% of computer attacks. One of these attaches to your cable/dsl modem and all you other computers attach to the firewall. It will keep all important ports closed to probing traffic -- kind of like a locked door when someone jiggles the handle trying to get in. There's plenty of them available from Netgear, Linksys, Siemens and a dozen others. Don't buy some brand you've never heard of and expect to pay $50-$100 and get a very effective firewall/router. I use only Netgear equipment at home because I've tried several others and they've all sucked for one reason or another. Netgear has been 100% reliable for me. YMMV.
B) Get anti-virus software like Norton or McAfee. Again, there's several big products out there. Another $50- $100 will do you good. Make sure to update the virus definitions as often as possible. The vendor will have a way to automatically check for new updates.
C) Run Windows Update often to make sure you've installed the latest patches from Microsoft -- I'm assuming you're running some flavour of Windows here (Ugh. Don't get me started). If you're running Win 2000 or XP (not sure about 98 or earlier) you can set up the Windows updates to automatically check for new ones and notify you that they're ready for installation. This is super important! If you had patched your computer every time MS put out the latest patch you wouldn't be posting on this thread.
For both (A) & (B) if you keep your eyes open you can find some smoking deals on sites like techbargains.com and slickdeals.net. The best deals start on Sundays with heavy rebates usually available.
Don't be a victim! Protect yourself from the next virus. Believe me, this is not the last one.
--opm8
Protect yourself longterm and you'll never have to worry about the next virus:
A) Get a firewall. This will stop 99% of computer attacks. One of these attaches to your cable/dsl modem and all you other computers attach to the firewall. It will keep all important ports closed to probing traffic -- kind of like a locked door when someone jiggles the handle trying to get in. There's plenty of them available from Netgear, Linksys, Siemens and a dozen others. Don't buy some brand you've never heard of and expect to pay $50-$100 and get a very effective firewall/router. I use only Netgear equipment at home because I've tried several others and they've all sucked for one reason or another. Netgear has been 100% reliable for me. YMMV.
B) Get anti-virus software like Norton or McAfee. Again, there's several big products out there. Another $50- $100 will do you good. Make sure to update the virus definitions as often as possible. The vendor will have a way to automatically check for new updates.
C) Run Windows Update often to make sure you've installed the latest patches from Microsoft -- I'm assuming you're running some flavour of Windows here (Ugh. Don't get me started). If you're running Win 2000 or XP (not sure about 98 or earlier) you can set up the Windows updates to automatically check for new ones and notify you that they're ready for installation. This is super important! If you had patched your computer every time MS put out the latest patch you wouldn't be posting on this thread.
For both (A) & (B) if you keep your eyes open you can find some smoking deals on sites like techbargains.com and slickdeals.net. The best deals start on Sundays with heavy rebates usually available.
Don't be a victim! Protect yourself from the next virus. Believe me, this is not the last one.
--opm8
If your computer has not been infected, you should go to one of the web sites shown below to update your anti-virus software or install a patch to prevent infection.
Here is a Microsoft bulletin regarding this vulnerability:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
Here is an update from Symantec:
http://www.sarc.com/avcenter/security/Content/8205.html
Here is an update from McAfee:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547
If your computer becomes infected and gets shut down, you will need to follow these steps (you may want to print them for future reference):
Unplug modem.
Restart computer.
Go to Start / Search / For Files and Folders.
Confirm that Look in is set for C: drive.
Search for files and folders named: "MSBLAST.exe"
When computer finds the msblast file(s), right click on the file names and delete all copies of the file.
Shut down the machine.
Plug the modem back in.
Restart the machine.
Go directly to one of the web sites above and install the patch and/or update.
Here is a Microsoft bulletin regarding this vulnerability:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
Here is an update from Symantec:
http://www.sarc.com/avcenter/security/Content/8205.html
Here is an update from McAfee:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547
If your computer becomes infected and gets shut down, you will need to follow these steps (you may want to print them for future reference):
Unplug modem.
Restart computer.
Go to Start / Search / For Files and Folders.
Confirm that Look in is set for C: drive.
Search for files and folders named: "MSBLAST.exe"
When computer finds the msblast file(s), right click on the file names and delete all copies of the file.
Shut down the machine.
Plug the modem back in.
Restart the machine.
Go directly to one of the web sites above and install the patch and/or update.
Another good out is Outpost:
http://www.agnitum.com/products/outpost/
The free version is all you need
http://www.agnitum.com/products/outpost/
The free version is all you need
Good advice except perhaps for the last point: Not all windows "updates" are necessary nor desired. Leaving this up to Microsoft may not be the best choice for all situations.
The following scenario is entirely possible:
MS puts flawed update on update server. Update gets to your server via automatic windows "update". Attack puts windows update servers out of commission. Your server is compromized by an attack.
This is partially what the current exploit appears to be doing.
Our policy is that we only put tested updates on our systems manually. We test MS updates etc for safety before applying and you should too .....
Hi opm8,
Which firewall should I get?
I use a Linksis Router with a laptop(win98) and a desktop computer(XP Pro).
Does my Linksis router have a firewall?
Don't mean to sound stupid but I'm not familiar with firewalls.
What is the best one out there?
Thanks,
gotta_trade
i'm not sure about specific updates that would harm your system, but i know that SP1 could stop your system if it had an "evaluation" copy of the build 2600 that first came out.
i have run windows for 9 years and have never had a virus or worm. a big thing is educating people what to click on and not to click on. the worst is when people install kazaa and click on every ad that pops up (especially kids). im sick of seeing that bullguard program, comet, weatherbug, and other ad programs on people's computers
i usually tell parents with xp to have their own administrator account with a password, and give their kids accounts with very limited access.
i have run windows for 9 years and have never had a virus or worm. a big thing is educating people what to click on and not to click on. the worst is when people install kazaa and click on every ad that pops up (especially kids). im sick of seeing that bullguard program, comet, weatherbug, and other ad programs on people's computers
i usually tell parents with xp to have their own administrator account with a password, and give their kids accounts with very limited access.
gotta_trade, the linksys router you have is a firewall as well. At least as far as the current attack, you are safe. The software firewalls such as ZoneAlarm, Outpost, Norton Internet Security, etc, protect you in another way - they block outbound connections from your computer from applications that you have not authorized. The reason that can be important:
1) If you get a Trojan on your computer (via virus email, or by downloading installing an infected program), it will stop that Trojan
2) If you get some software that installs spyware, it will stop that spyware from communicating.
The hardware firewall together with common sense (don't open attachments in email that you don't know) and a good anti-virus program should be enough for most people. Many software firewalls do add other bells and whistles such as ad blocking though.
Jerry
1) If you get a Trojan on your computer (via virus email, or by downloading installing an infected program), it will stop that Trojan
2) If you get some software that installs spyware, it will stop that spyware from communicating.
The hardware firewall together with common sense (don't open attachments in email that you don't know) and a good anti-virus program should be enough for most people. Many software firewalls do add other bells and whistles such as ad blocking though.
Jerry
Tuesday, August 12th
Day Two of 'MSBLAST', the Widespread Windows DCOM/RPC Internet Worm
More than 100,000 Windows systems infected worldwide. Internet usage being hampered by worm activity. Infected machines will begin a concerted distributed denial of service attack (DDoS) on the domain "windowsupdate.com" this coming Saturday the 16th.
However, since the correct domain name used by Windows systems is "windowsupdate.microsoft.com", Microsoft will be able to dodge this bullet simply by changing the IP address for "windowsupdate.com" to something benign, such as "127.0.0.1". Since this is equivalent to every machine's own local IP, the DDoS attack will go nowhere.
Our ShieldsUP Port Probe test will quickly
confirm that your port 135 is blocked from
remote access and possible exploitation.
We will soon have a new tool and tests to properly and fully address this new threat â Microsoft has not. Until then you are invited to send the following link to your friends and colleagues to have them use our free service to quickly check that their port 135 is NOT OPEN to the world's malicious hackers:
https://grc.com/x/portprobe=135
This link will instantly and easily test anyone's Internet-connected PC. "Open" is BAD, "Closed" or "Stealth" is safe.
http://grc.com/default.htm
Day Two of 'MSBLAST', the Widespread Windows DCOM/RPC Internet Worm
More than 100,000 Windows systems infected worldwide. Internet usage being hampered by worm activity. Infected machines will begin a concerted distributed denial of service attack (DDoS) on the domain "windowsupdate.com" this coming Saturday the 16th.
However, since the correct domain name used by Windows systems is "windowsupdate.microsoft.com", Microsoft will be able to dodge this bullet simply by changing the IP address for "windowsupdate.com" to something benign, such as "127.0.0.1". Since this is equivalent to every machine's own local IP, the DDoS attack will go nowhere.
Our ShieldsUP Port Probe test will quickly
confirm that your port 135 is blocked from
remote access and possible exploitation.
We will soon have a new tool and tests to properly and fully address this new threat â Microsoft has not. Until then you are invited to send the following link to your friends and colleagues to have them use our free service to quickly check that their port 135 is NOT OPEN to the world's malicious hackers:
https://grc.com/x/portprobe=135
This link will instantly and easily test anyone's Internet-connected PC. "Open" is BAD, "Closed" or "Stealth" is safe.
http://grc.com/default.htm