NTech Collaborative - MS Blast Virus

NTech Online Articles Discussion Groups Downloads Links Resources Spotlight User Groups Vendor Partners NTech Learning Labs Learning Lab Attendee Survey Technology Request Technology Survey EFSP Online Ask A Question

"Talking points" About the New "MSblast" Virus

Prepared by www.organizenow.net

a) The new computer virus that has been circulating spreads in

a different method from almost all previous viruses: it does not

spread through email or web sites: you can get the virus IF

YOU HAVE A COMPUTER WTH CERTAIN VERSIONS OF WINDOWS

that can be accessed by another Windows computer on a network

(see #3, #4 for details).

b) To fix the problem you need to download a patch from

Microsoft. However, the usual method to download the patch, to

use the WindowsUpdate web site, might not work as the latest

virus is designed to overload and disable this web site. So it

might be better to fix the problem by following the instructions

here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

c) The virus does not affect all versions of Windows, but it does

affect the newest versions. It affects Windows XP, 2000, or NT

-- basically all the systems that allow people to remotely log in

to a machine. It does not affect Win95, Win98, or WinME, which

don't have built in remote access capability.

d) The new virus spreads by randomly generating IP addresses,

the numeric addresses that are used to identify computers on a

network. So if you dial in on a modem to the Internet, you are

vulnerable as dialing in gives your computer a temporary IP

address, making it accessible to other computers. If your

computer is not directly on the network but is behind a router

(which is usually the case with DSL or with small offices), then

you won't be as vulnerable, because PCs outside your office can't

directly reach your machine. Even if you do have a router

(or firewall), it is possible for you to be infected if someone in

your office hooks up an infected laptop to your network!

This is because the new virus is programmed to try to infect

the local area network even before it tries outside machines.

e) If you have the new virus your machine may no longer be

able to connect to the Internet. You can tell you have the new

virus by the presence of the file:

c:\winnt\system32\msblast.exe (on win nt/2000)

c:\windows\system32\msblast.exe (on win XP)

It is not easy to remove the virus, but a tool and instructions for

doing so is here: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

f) Even if you don't have the virus, the nature of the security

problem with Windows is so severe that you will definitely want

to fix your machine as described in #2. How severe, you ask?

Let me illustrate how vulnerable you actually are. Since August 1,

2003 there is a hacking tool widely available on the Internet, that

allows you, if you can open up a "Command Prompt" on your

computer, to easy open a "Command Prompt" on someone else's

computer, and delete or modify files.

g) If you do have the virus, your machine is programmed to

launch an attack on Microsoft, starting this Saturday. It is

therefore important to act now, as it might be more difficult to

fix this problem after Microsoft is attacked! More details are here: http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html

Source: OCTech E-mail Digest 2003, #10 - August 14, 2003 -

Published by Organizers' Collaborative, Inc.