S
speshneeds
Guest
Thought this might help people - take from the posting we made on my isp's (who i work for) server status page.
------------------------------------
This vulnerability is currently being exploited by a number of worm viruses which can use this "hole" to get onto unprotected systems with no user intervention.
The 2 main worms causing issues at the moment are the W32.Blaster.Worm and W32.Welchia.Worm
Both these worms get into unprotected systems the same way, but have different effects on the system once infected. However, in both cases, they are likely to cause Windows XP / 2003 machines to reboot repeatedly, and Windows 2000 / NT machines to become unstable and less usable.
* * * * * * * * * * *
The basic fix for both these worms is as follows:
1) Close the "hole" in Windows which allows them access to your computer
To do this, download the Microsoft patch relevant to your computer's operating system from here:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
2) Scan for and remove the infections using fix tools available from Symantec:
W32.Blaster removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
Should you wish to remove the worms manually rather than using the symantec tools, instructions to do so are available from several sources including Microsoft and all the major Anti-Virus vendors.
Further infection can also be prevented by installing and enabling a firewall on your computer.
Windows XP users can enable the inbuilt firewall option. Please follow these steps to enable the XP Internet Connection Firewall:
Click Start
Click Control Panel
If the heading "Pick a Category" appears, then choose the "Switch to classic view" option on the left-hand-side
Next double-click Network Connections - this should give you a list of all network and internet connections on your computer, one of which will be your cable modem connection.
Click the right-mouse-button on the connection used for your cable modem, and choose Properties
Select the Advanced tab
Select the option to "protect my computer and network"
Click OK
If you have any Operating System other than Windows XP, and you have a separate firewall installed, please ensure it is enabled.
If you do not have a firewall, you can download a firewall program from : http://www.ntlworld.com/zonealarm
* * * * * * * * * * *
In order to prevent your machine from repeatedly rebooting and you are running the Windows 2000 operating system, please carry out the following:
How to Configure TCP/IP Security
To configure TCP/IP security:
Click Start, point to Settings, click Control Panel, and then double-click Network and Dial-up Connections.
Right-click the interface on which you want to configure inbound access control, and then click Properties.
In the Components checked are used by this connection box, click Internet Protocol (TCP/IP), and then click Properties.
In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced. Click the Options tab.
Click TCP/IP filtering, and then click Properties.
Select the Enable TCP/IP Filtering (All adapters) check box. When you select this check box, you enable filtering for all adapters, but you configure the filters on a per-adapter basis. The same filters do not apply to all adapters.
There are three columns with the following labels:
TCP Ports
UDP Ports
IP Protocols
In each column, you must select either of the following options:
Permit All. If you want to permit all packets for TCP or UDP traffic, leave Permit All activated.
Permit Only. If you want to allow only selected TCP or UDP traffic, click Permit Only, click Add, and then type the appropriate port in the Add Filter dialog box.
If you want to block all UDP or TCP traffic, click Permit Only, but do not add any port numbers in the UDP Ports or TCP Port column. You cannot block UDP or TCP traffic by selecting Permit Only for IP Protocols and excluding IP protocols 6 and 17.
For more information please use the following link:
http://support.microsoft.com/?id=309798
------------------------------------
This vulnerability is currently being exploited by a number of worm viruses which can use this "hole" to get onto unprotected systems with no user intervention.
The 2 main worms causing issues at the moment are the W32.Blaster.Worm and W32.Welchia.Worm
Both these worms get into unprotected systems the same way, but have different effects on the system once infected. However, in both cases, they are likely to cause Windows XP / 2003 machines to reboot repeatedly, and Windows 2000 / NT machines to become unstable and less usable.
* * * * * * * * * * *
The basic fix for both these worms is as follows:
1) Close the "hole" in Windows which allows them access to your computer
To do this, download the Microsoft patch relevant to your computer's operating system from here:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
2) Scan for and remove the infections using fix tools available from Symantec:
W32.Blaster removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
W32.Welchia removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
Should you wish to remove the worms manually rather than using the symantec tools, instructions to do so are available from several sources including Microsoft and all the major Anti-Virus vendors.
Further infection can also be prevented by installing and enabling a firewall on your computer.
Windows XP users can enable the inbuilt firewall option. Please follow these steps to enable the XP Internet Connection Firewall:
Click Start
Click Control Panel
If the heading "Pick a Category" appears, then choose the "Switch to classic view" option on the left-hand-side
Next double-click Network Connections - this should give you a list of all network and internet connections on your computer, one of which will be your cable modem connection.
Click the right-mouse-button on the connection used for your cable modem, and choose Properties
Select the Advanced tab
Select the option to "protect my computer and network"
Click OK
If you have any Operating System other than Windows XP, and you have a separate firewall installed, please ensure it is enabled.
If you do not have a firewall, you can download a firewall program from : http://www.ntlworld.com/zonealarm
* * * * * * * * * * *
In order to prevent your machine from repeatedly rebooting and you are running the Windows 2000 operating system, please carry out the following:
How to Configure TCP/IP Security
To configure TCP/IP security:
Click Start, point to Settings, click Control Panel, and then double-click Network and Dial-up Connections.
Right-click the interface on which you want to configure inbound access control, and then click Properties.
In the Components checked are used by this connection box, click Internet Protocol (TCP/IP), and then click Properties.
In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced. Click the Options tab.
Click TCP/IP filtering, and then click Properties.
Select the Enable TCP/IP Filtering (All adapters) check box. When you select this check box, you enable filtering for all adapters, but you configure the filters on a per-adapter basis. The same filters do not apply to all adapters.
There are three columns with the following labels:
TCP Ports
UDP Ports
IP Protocols
In each column, you must select either of the following options:
Permit All. If you want to permit all packets for TCP or UDP traffic, leave Permit All activated.
Permit Only. If you want to allow only selected TCP or UDP traffic, click Permit Only, click Add, and then type the appropriate port in the Add Filter dialog box.
If you want to block all UDP or TCP traffic, click Permit Only, but do not add any port numbers in the UDP Ports or TCP Port column. You cannot block UDP or TCP traffic by selecting Permit Only for IP Protocols and excluding IP protocols 6 and 17.
For more information please use the following link:
http://support.microsoft.com/?id=309798