NET ATTACK - AUGUST 2003

 
Security experts have discovered that the MSBlast worm, which exploits the most widespread Windows flaw ever documented, also contains a time bomb designed to launch a denial of service assault on Microsoft itself. On Aug. 16, the worm is programmed to attack Microsoft's Windows Update, the Web site where Windows users can download security patches and software updates. 

As you may be aware, internet service providers are currently taking steps to minimize the spread of two new viruses: the Nachi/Welchia Worm, a new version of the recent Blaster Worm virus that has been attacking Microsoft operating systems, and the Sobig.f virus, a mass-mailing type of virus that arrives as an e-mail attachment. 

Nachi/Welchia Worm

Special tools for removing the Nachi/Welchia worm from your PC can be found at the following links:

http://us.mcafee.com/virusInfo/default.asp?id=nachi#removal_instructions
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html#removalinstructions
http://www.sophos.com/virusinfo/analyses/w32nachia.html

To prevent re-infection of your PC, it is recommended that you take the following actions:
 

  1. Install the patches released by Microsoft to repair the vulnerability. These patches can be found at: http://windowsupdate.microsoft.com
  2. Install anti-virus software on your PC or, if you have already done so, update the software to the most up-to-date virus definitions
  3. Install a firewall to help prevent unauthorized access to your PC


Sobig.f Virus

When activated, the Sobig.f virus infects a PC and then further spreads by sending emails to all email addresses found within the email address book on this infected PC. The virus does this using its own mail server that is part of the virus. When the virus sends an e-mail it falsifies the “from:” field using one of the addresses harvested from the address book. This makes it appear that the virus was sent from someone else rather than the infected machine.

Further information on this virus can be found at the following links:

http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=sobig
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
http://www.sophos.com/virusinfo/analyses/w32sobigf.html

Symptoms of infection

  • Slow speeds
  • Frequent disconnections
  • No connection at all.

There has been alot of chatter on the message board about MSBlast. What follows are some of the comments that our loyal members have posted to try to help us out.

Hi gang, I just got off of chatting with comcast tech support. He gave me this URL, that is apparently some help with what's going on. He also stated that win2000 - UP is at risk. I would suggest all take a look and use your judgement on anything you may of may not want to do!

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

good luck,
Smitty


Cliff - This is the one dealing with Blaster:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-026.asp


Smitty - Here's a link for the indepth instructions to remove the LovSan/MSBlaster worm. Also on this page, is a link to download the removal tool from Symantic (Norton). I would suggest downloading & running this tool if there is any question in your mind about this piece of malware being in your puter! I ran it on mine, just for the piece of mind involved : )

http://www.thekcrachannel.com/technology/2401172/detail.html


 

 
This page created exclusively for Error World by The Software Clinic  C.2000  All rights reserved