Can I just remind everyone (in case you've got your head in the sand!) that the current msblaster virus is spreading rapidly... (by rapidly I mean 2,500 computers per hour...)

There's a news article here if your interested: http://www.silicon.com/news/500013/1/5590.html?nl=d20030815

However, please note that it affects:
Microsoft® Windows NT® 4.0
Microsoft Windows® 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003

- 95, 98, 98SE and ME are supposedly safe!

Please check for the latest patches and advice here:

http://www.microsoft.com/security/incident/blast.asp

Thanks

Dave

PS if you're wondering why I'm warning people I've already cleared it off one machine this morning... PPL I think we've found a reason to downgrade back to Win 98!

One thing that I think is funny is it is spread through windows update correct? Well if thats the only way it is being spread why are people still downloading from it? Lol I am reading on the site that ppl are emailing it to others HA! Hoax circulating lol.

No article I've read seems to know how it spreads - just that it doesn't spread by email and that it comes in on Port 135.

Ah well - it didn't work anyway! Personally I think the chap who wrote it had the wrong idea - it would have been far more effective if the worm had sat inactive till fri night and then burst into activity with the visit to microsoft! As it was, too many people would have disconnected their pc's and microsoft had advanced warning. Guess the chap's real aim must really just have been to panic microsoft and expose the hole, rather then crash their site!

Yes Win 85,98,ME are all free and clear of this worm.

I have to agree with Dave... It would have been smart if it had acted all at once vs. as soon as it hit the PC.

Also as an FYI you don't need to downoad or read an email to have this worm installed on your sytem.

Also Having even the most basic of firewalls protected your system from infections. Even the "crappy" Win XP firewall stopped the virus on all machines with it enabled.


Odd thought for the day...
What makes me wonder is could this worm have caused the blackout on the east coast?

One other computer in my house has PC-cillin installed on it, and still got the Virus...

Paul,

The reason for that is because there wasn't any protection from Pre 8-11 virus definitions.

Once you updated PC-cillin it should have picked it up and removed it then.

if it only comes on port 135 you could always just block that port too. That is if it were not so easy to stop

Well it caught someone out anyway!

http://www.silicon.com/news/500013-500001/1/5618.html?nl=d20030818

It looks like there are several variations of this worm now...

A - D !

To see where I found out... SAF Security Portal (http://www.suggestafix.com/security.php)

So make sure your updating your A/V every day for at least the next couple weeks.

As an interesting twist in the tale, there is now a worm loose using the same vulnerability which attempts to clean up MSBlaster and patch the security risk.

Read about it on Slashdot: http://slashdot.org/article.pl?sid=03/08/18/1722203

Adam

good idea, it will only fix computers that are vulerable to the worm in the first place and it will force fix so the ppl who have vulterable comps who are not computersavy wont have to think.

That's a very interesting idea LOL!