Companies that were hit with these worms discovered weaknesses in their architectures, processes and procedures that weren't considered important until now.
I asked some of my colleagues in information security for their comments and lessons learned. They are summarized here. Worms penetrated organizations in several ways. A systems administrator in a branch of the U. That user's antivirus software had to have been disabled, or it had an out-of-date signature file.
A systems analyst at a parts-distribution company told me that contractors brought in their laptops and routinely connected them to the corporate network without IT's involvement.
Some of those laptops had out-of-date signature files or expired antivirus subscriptions, enabling them to become infected while connected to an unprotected home LAN or hot spot. A help desk employee at a telecommunications company told of laptops that employees took home and connected to their Digital Subscriber Line or cable-modem Internet connections.
Their home LANs and laptops were unprotected by firewalls and were scanned and infected, and upon returning to the corporate network, these systems began the spread internally. Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services.
Privacy policy. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. For additional information about antivirus software vendors, click the following article number to view the article in the Microsoft Knowledge Base: List of Antivirus Software Vendors If you are a home user, visit the following Microsoft Web site for steps to help you protect your computer and to recover if your computer has been infected with the Blaster worm: What is Microsoft Security Essentials?
Note Your computer is not vulnerable to the Blaster worm if you installed the security patch MS before August 11, the date that this worm was discovered. For more information, click the following article number to view the article in the Microsoft Knowledge Base: How to obtain the latest Windows XP service pack. Note Repeat step 2 for each of these file names: Msblast. Note Some dial-up connections may not appear in the Network Connection folders.
Note If your computer shuts down or restarts repeatedly when you try to follow these steps, disconnect from the Internet before you turn on your firewall.
Start Internet Explorer. On the Tools menu, click Internet Options. Click the Connections tab, click the dial-up connection that you use to connect to the Internet, and then click Settings. In the Dial-up settings area, click Properties.
Click the Advanced tab, and then click to select the Protect my computer or network by limiting or preventing access to this computer from the Internet check box. Note That the security patch replaces the security patch. These steps are based on a modified excerpt from Microsoft Knowledge Base article Note If you do not have to use TCP filtering, you may want to disable TCP filtering after you apply the fix that is described in this article and you have verified that you have successfully removed the worm.
Is this page helpful? Yes No. Any additional feedback? Skip Submit. Blaster's code is small and can be quickly removed using free tools provided by F-Secure as well as other antivirus vendors, Hypponen said.
However, customers should patch their systems before removing Blaster to prevent reinfection from the worm, he said. Security experts also recommend installing firewall and antivirus software to prevent future attacks. Here are the latest Insider stories.
More Insider Sign Out. Sign In Register. Sign Out Sign In Register. Latest Insider. Check out the latest Insider stories here. Blaster Worm was a virus program that mainly targeted Microsoft platforms in The virus propagated itself automatically to other machines by transmitting itself through email and other methods.
Blaster Worm is believed to have been created through reverse engineering of the original Microsoft patch by Xfocus. It affected more than , Microsoft computers.
In July , Microsoft declared a buffer overrun in the Windows RPC interface that allowed the virus writers to run arbitrary code. The Blaster Worm downloaded the "msblast. After the vulnerability was exposed, Microsoft released two different patches MS and MS on its website. The Blaster Worm used the affected computers as a propagation medium to spread the virus to other machines.
The blaster worm is considered to be one of several high-profile worms that impacted the Microsoft platform on a large scale in
0コメント