Blaster Worm
Warning: Use of undefined constant template_directory - assumed 'template_directory' (this will throw an Error in a future version of PHP) in /homepages/10/d87402808/htdocs/backporchbeer/wp-content/themes/andyblue/single.php on line 11

By jank - Last updated: Friday, August 15, 2003 - Save & Share - 3 Comments

In the interest of a little ‘Fair and Balanced’ coverage of the latest hack to plague Microsoft (which, to be completely fair and balanced did do a great service by providing a common platform to spur growth, but whose time has past with the adoption of standards based platforms), I’d like to provide this suggestion back to Redmond about a quick and easy way to avoid the Blaster:

Switch to OS X or Linux.

(Inspired by the tech support e-mail that Microsoft left in my inbox this morning, included in the extended entry)


To be completely magnanimous (Fair and Balanced, for those of you in College Station), here’s the text of the email if you’re looking for information on how to fix your system:

It is very important that you check the Security site regularly for the most recent news: “http://go.microsoft.com/?linkid=221043”:http://go.microsoft.com/?linkid=221043

In This Newsletter:
–Who Is Vulnerable
–4 Steps for Home Users

At 11:34 A.M. Pacific Time on August 11, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm has been identified that exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026.
Who Is Vulnerable?
Users of the following products are vulnerable to infection by this worm:
. Microsoft Windows NT 4.0
. Microsoft Windows 2000
. Microsoft Windows XP
. Microsoft Windows Server(TM) 2003

Your computer is not vulnerable to the Blaster worm if either of these conditions apply to you:
. If you are using Microsoft Windows 95; Windows 98; Windows 98 Second Edition (SE); or Windows Millennium (Me).
. If you downloaded and installed security update MS03-026 prior to August 11, the date the worm was discovered.

4 Steps for Home Users
If you are using Windows NT 4.0, Windows 2000, Windows XP, or Windows Server 2003, you should follow the steps in this sequence to help protect your system and to recover if your system has been infected.

1. Enable a Firewall: Make sure you have a firewall activated to help protect your computer against infection before you take other steps. If your computer has been infected, activating firewall software will help limit the effects of the worm on your computer.

The latest Windows operating systems have a firewall built in. Windows XP and Windows Server 2003 users should print or save the following instructions for how to enable their firewall.

If your computer is rebooting repeatedly, disconnect from the Internet before you enable your firewall. To disconnect your computer from the Internet:

. Broadband connection users: Locate the cable that runs from your external DSL or cable modem to the wall and unplug that cable either from the modem or from the telephone jack.
. Dial-up connection users: Locate the telephone cable that runs from the modem inside your computer to your telephone jack and unplug that cable either from the telephone jack or from your computer.

Follow the instructions provided for your operating system, and then reconnect to the Internet.
. Windows XP Professional “users”:http://go.microsoft.com/?linkid=221044
. Windows XP Home Edition “users”:http://go.microsoft.com/?linkid=221045
. Windows Server 2003 “users”:http://go.microsoft.com/?linkid=221046
. Windows NT 4.0 and Windows 2000 “users”:You will need to install a third-party firewall. Most firewall software for home users is available in free or trial versions. If you are unable to download a firewall product, please check with your local computer retailer. Check the following resources for more information on personal firewalls:
— “ZoneAlarm Pro (Zone Labs)”:http://go.microsoft.com/?linkid=221047
— “Tiny Personal Firewall (Tiny Software)”:http://go.microsoft.com/?linkid=221048
— “Outpost Firewall (Agnitum)”:http://go.microsoft.com/?linkid=221049
— “Kerio Personal Firewall (Kerio Technologies)”:http://go.microsoft.com/?linkid=221050
— “BlackICE PC Protection (Internet Security Systems)”:http://go.microsoft.com/?linkid=221051

Windows 2000 users: Alternatively, you can take steps to block the affected ports so that your computer can be patched. Here are some modified instructions from the TechNet article “HOW TO: Configure TCP/IP Filtering in Windows 2000”:http://go.microsoft.com/?linkid=221052.

2. Update Windows: If you are disconnected from the Internet, remember to reconnect before you take the next steps. Download and install the security update addressed in Security Bulletin MS03-026 for the version of Windows that you are using from the Microsoft Download Center.
— “Windows NT Server 4.0 and Windows NT Workstation 4.0”:http://go.microsoft.com/?linkid=221053

— “Windows NT Server 4.0, Terminal Server Edition”:http://go.microsoft.com/?linkid=221054

— “Windows 2000”:http://go.microsoft.com/?linkid=221055

— “Windows XP”:http://go.microsoft.com/?linkid=221056 The vast majority of Windows XP customers use this version. If you are unsure, it is likely that you are using this version.

— “Windows XP (64 bit)”:http://go.microsoft.com/?linkid=221057 The 64-bit version of Windows XP requires special hardware to run. If you are unsure, it is likely that you are not running this version of Windows XP.

— “Windows Server 2003”:http://go.microsoft.com/?linkid=221058

— “Windows Server 2003 (64 bit)”:http://go.microsoft.com/?linkid=221059

3. Use Antivirus Software: Make sure you have the latest updates installed.
. If you already have antivirus software installed, go to your antivirus vendor’s Web site to get the latest updates, also known as virus definitions.
. If you do not have antivirus software installed, get it. If you are unable to download antivirus software, please check with your local computer retailer. The following vendors participating in the Microsoft Virus Information Alliance (VIA) offer antivirus products for home users:
. “Network Associates”:http://go.microsoft.com/?linkid=221060
. “Trend Micro”:http://go.microsoft.com/?linkid=221061
. “Symantec”:http://go.microsoft.com/?linkid=221062
. “Computer Associates”:http://go.microsoft.com/?linkid=221063

Learn about Microsoft’s Virus Information Alliance: http://go.microsoft.com/?linkid=221064.

4. Remove the Worm: If you think there is even the slightest possibility that your computer might be infected, use the worm removal tool available at your antivirus vendor’s Web site. For additional details on this worm from antivirus software vendors participating in the Microsoft Virus Information Alliance (VIA) please visit the following links:
— “Network Associates”:http://go.microsoft.com/?linkid=221065
— “Trend Micro”:http://go.microsoft.com/?linkid=221066
— “Symantec”:http://go.microsoft.com/?linkid=221067
— “Computer Associates”:http://go.microsoft.com/?linkid=221068

Microsoft Communities is your launching pad for communicating online with “peers”:http://www.rollerfeet.com/backporchbeer and experts about “Microsoft products, technologies, and services”:http://go.microsoft.com/?linkid=221041

Posted in Nerd • • Top Of Page

3 Responses to “Blaster Worm”

Comment from etrigan
Time August 15, 2003 at 7:21 am

Yes, that’s a fair and balanced suggestion.

EXCEPT that M$ did a great job of communicating about this patch to it’s users nearly a month before this attack. And the automated patch system (that RedHat stole from M$, I think) pushed this patch over a month ago.

I have no love for M$, but I’m tired of criminal hackers deciding to “show M$’s weakness” by writing worms for M$ products. Maybe I’ll rejoin the dark side of the hacker life and start writing Linux worms.

Comment from jank
Time August 15, 2003 at 7:28 am

Er, um, yeah… Just give me a heads up, OK?

Comment from jank
Time August 15, 2003 at 10:26 am

“Let assume we put a back door in, do you think it wouldn’t be discovered? ” – Microsoft’s chief of security to some Aussies

Write a comment

You need to login to post comments!