SkyPoint Communications - Internet Service Provider - ISP

Customer Alert - BLASTER Computer Virus

On 2003-08-11, a new computer virus, known as the BLASTER virus (or W32.Blaster.Worm, or other names) was detected that is spreading over computer networks and infecting computers around the world. This virus may infect computers running Windows NT-based operating systems, including Windows NT4, Windows 2000 (all versions), Windows XP (all versions), and Windows 2003 Server. It exploits a Windows security flaw that was highlighted by the US Department of Homeland Security several weeks ago. Your computer may become infected simply by being connected to a computer network such as a home or office local area network or the Internet, even if you do not use the computer. Being careful with reading e-mail and visiting web pages does not protect you from this virus. There is evidence that this virus will attempt to crash the Microsoft Windows Update website via a SYN-Flood Denial-of-Service attack starting 2003-08-16. Be sure to take action before that date.

Computers running other operating systems such as Windows 95/98/ME (or non-Windows computers such as Macintosh or Linux) do not contain this Remote Procedure Call vulnerability that is exploited by this virus, and cannot catch this virus in its present form. Even so, it is a good idea to install all available Windows Critical Updates, or other security updates appropriate for non-Windows computers.

Microsoft has made a Critical Update patch available on their Windows Update web site at http://www.windowsupdate.com since 2003-07-16, which repairs the serious flaw that allows this virus to spread and infect computers not protected by this patch. If you have applied all Critical Update patches at any time since this patch was released, your computer is protected and cannot catch this virus. To make sure that you have the right fix, go to Start | Settings (if WinNT/2K) | Control Panel | Add/Remove Software, then scroll down the list looking for Hotfix number 823980. If you already have it, you are protected from the Blaster virus. If you do not have it, be sure to download and install it. It is also a good idea to install all other Critical Updates as soon as you can, but they may take a very long time to download. If http://www.windowsupdate.com is not working due to the recent heavy load, try http://windowsupdate.microsoft.com instead.

A symptom of an active computer virus infection of the BLASTER virus is that while connected to the Internet (or other computer networks) your computer may display an error message, may repeatedly reboot, or may exhibit other strange or unusual behavior. On Windows XP the error message may identify a Remote Procedure Call (or RPC) error. On Windows 2000 the error message may identify a SVRHOST error. To stop your computer from rebooting due to the virus, it may be necessary to disconnect from the Internet and from any computer networks (log off and unplug network cables).

If your computer has become infected with this virus (in which case you might not be reading this message), antivirus companies have come out with Blaster virus removal tools that will remove the virus and repair the damage caused by it. One of these free removal tools is less than 160 kbytes in size and will fit on a floppy disk. There is a link to this Blaster virus removal tool and instructions on the front page at http://www.symantec.com . In difficult cases it may be necessary to use a different computer to download the virus removal tool (at home or work, or have a friend or relative download it for you).

Some online documentation at Microsoft and other web sites suggests blocking ports using a firewall to prevent future attacks. This may stop the virus from spreading but may cause other problems such as interfering with network file sharing or other unexpected problems.

BLASTER Virus Removal Instructions

1 - Unplug network cable.
2 - Block incoming ports (firewall on XP, or packet filters on Win2K -- see below).
3 - Plug in network cable.
4 - Download and install security patch.
5 - Update virus definitions.
6 - Download and run virus removal tool.
7 - (optional) Unblock incoming ports.

Port Blocking on Windows XP

Enable Internet Connection Firewall (ICF) in Windows XP, as follows:

1 - In Control Panel, double-click "Networking and Internet Connections", and then click "Network Connections".
2 - Right-click the connection on which you would like to enable ICF, and then click "Properties".
3 - On the Advanced tab, click the box to select the option to "Protect my computer or network".

After removing the virus and installing Windows Updates, you may want to reverse these steps to disable the firewall, which has been known to cause other connection and e-mail difficulties, especially for dial-up users.

Port Blocking on Windows 2000:

Configure TCP/IP security on Windows 2000, as follows:

1 - Select "Network and Dial-up Connections" in Control Panel.
2 - Right-click the interface you use to access the Internet, and then click "Properties".
3 - In the "Components checked are used by this connection" box, click "Internet Protocol (TCP/IP)", and then click "Properties".
4 - In the Internet Protocol (TCP/IP) Properties dialog box, click "Advanced".
5 - Click the "Options" tab.
6 - Click "TCP/IP filtering", and then click "Properties".
7 - Select the "Enable TCP/IP Filtering (All adapters)" check box.
8 - There are three columns with the following labels: "TCP Ports", "UDP Ports", "IP Protocols".
9 - In each column, you must select the "Permit Only" option.
10 -Click OK.

After removing the virus and installing Windows Updates, you may want to reverse these steps to disable port blockingl, which may cause problems with networking applications.

Thank you for you diligence in helping to prevent the spread of this computer virus infection.

If you require additional assistance, please contact our technical support staff at 763-548-2601, Monday through Friday 8am - 8pm, or Saturday 10am - 4pm.

- SkyPoint Communications Technical Services Staff

Help | About Us | Services | Members | Contact Us | Sign Up Now!