sassa Posted August 16 Report Share Posted August 16 Microsoft kills address to foil worm Firm’s Web sites also hit by separate denial-of-service attack By Ina FriedAug. 15 — As part of its effort to stop the progress of the MSBlast worm, Microsoft is killing off the Windows Update address that the self-propagating program was set to attack. Because the worm is programmed to attack only that address and not the site that it redirects to, the software giant has decided to eliminate the Windowsupdate.com address. The move is one of a series of efforts that Microsoft has undertaken to try to thwart an attack on its servers that was expected to be launched by infected computers starting Friday. “ONE STRATEGY FOR cushioning the blow was to extinguish the Windowsupdate.com†site, said Microsoft spokesman Sean Sundwall. “We have no plans to ever restore that to be an active site.†On Thursday, Microsoft changed the Internet addresses that correspond to the Windowsupdate.com entry in the domain name service (DNS) servers that act as the Internet’s address book. One source familiar with the change said that the new addresses are no longer on the same network as Microsoft’s other servers, thereby insulating the company’s servers from any attack aimed at Windowsupdate.com. By Friday morning, the Internet address for WindowsUpdate.com no longer existed in the DNS database. Sundwall stressed that the Windows Update service remains up and running, noting that the service never connected to Windowsupdate.com. Access to Windows Update is built into the latest versions of Microsoft’s Windows client and server operating systems. To get the latest patches, consumers can type in windowsupdate.microsoft.com or, as Microsoft would prefer, go to the main Microsoft.com page, where they can find information on downloading patches as well as on setting up a firewall and installing antivirus software. Securing your PC If you are worried about being infected by MSBlast, the best step is to download and run a free "fixer" tool from an antivirus vendor. If you can’t download a “fixer,†try the manual route. Either way, also install the free patch that Microsoft provides. For more detailed instructions, go to the government sponsored online security site: http://www.cert.org Fixer The “fixer†programs are available at the following sites: Symantec: http://securityresponse.symantec.com/avcenter/venc /data/w32.blaster.worm.removal.tool.html Trend Micro: http://www.trendmicro.com/download/tsc.asp F-Secure: http://www.f-secure.com/v-descs/msblast.shtml Computer Associates: http://www3.ca.com/virusinfo/virus.aspx?ID=36265 If you can't get onto the Internet, have a friend download the fixer onto a floppy disk and boot your computer from the floppy. Be sure to follow the vendor's instructions. If you are using Windows XP, for example, that means turning off the System Restore feature before running the tool -- otherwise the restore feature actually preserves a backup copy of the worm.Manual method If getting a fixer is impossible 1. Kill the program. Hit CTRL-ALT-DELETE and find MSBlaster.exe. Pick "end process." If unable to do so, restart your machine, and repeat the process. 2. Stop it from starting again. This requires a registry change. Click Start/Run, type RegEdit, hit enter. In left panel, navigate to HKEY_LOCAL_MACHINE>Software>Microsoft>Windows> CurrentVersion>Run. Locate and delete the entry: â€windows auto update" = MSBLAST.EXE. Close the editor 3.Search your computer for copies of the file msblast.exe and delete them. 4. Get a cleaner and the patch: Reconnect to the Internet and download an antivirus cleaner (above) and install the MS patch at http://www.microsoft.com/security/security_bulletins/ms03-026.asp. The worm is programmed to start attacking Windowsupdate.com at midnight Friday in each time zone. As a result, Australia was among the first countries slated to be affected, with its midnight hitting at 7 a.m. PT. SITES KNOCKED OFFLINE Even as Microsoft battles the MSBlast worm, the company was hit late Thursday with a separate denial-of-service attack on its main Microsoft.com site. The site was largely inaccessible for about four hours, beginning at 9 p.m. PT Thursday. The company does not know the origin of the outage but said it stemmed from a denial-of-service attack unrelated to the MSBlast worm. Sundwall said Microsoft has “every confidence that it had nothing to do with ‘Blaster,’†as the worm is also known. CNET News.com’s Robert Lemos contributed to this report. Copyright © 1995-2003 CNET Networks, Inc. All rights reserved Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.