Follow That Page sends you an email when this page is changed.
|
Battling Blaster
Onnoot recently had to go to Spain for his work to remove several computer viruses.
The biggest problems were caused by the Blaster virus. Blaster spreads not by email but by internet connection from computer to computer.
Sometimes parts of Windows are damaged by a virus infection. Therefore Onnoot choose to reinstall Windows from scratch. By the way, Windows 2000 has a repair function, that can be started from cdrom, and it does not require you to reinstall all applications.
With the clean installation, the first thing to do was Windows Update. You probably know, that Windows Update is absolutely necessary to prevent a lot of trouble on your computer. Windows Update also contains a patch against the Blaster virus.
Unfortunately, the PC became infected with Blaster after being connected via ADSL for only a few minutes. Immediately, Blaster blocks the Windows Update website: it turns into a blank page.
Then Onnoot tried to install ZoneAlarm to keep out Blaster. That didn't turn out well: ZoneAlarm refused to let me change the internet zone. (After that, Onnoot discovered Sygate, a very pleasant personal firewall, and less stubborn.)
Then Onnoot switched off the ADSL and connected via an analogue modem to Xs4all in the Netherlands. Onnoot remembered that Xs4all blocks spreading of Blaster on their systems. Alas, a full Windows Update turned out to take half a day. Onnoot didn't want to wait that long, not even with the Costa del Sol at walking distance, because Onnoot does not swim when he is being payed.
So Onnoot went to find the specific patch that makes Windows immune to Blaster. That patch is KB823980. After downloading and installing it, the computer was safe from Blaster infections and Onnoot could use the ADSL connection again. Then Onnoot ran a complete Windows Update.
How could Blaster strike in the first place? Technicians from Telefonica once had configured the ADSL modems to allow incoming Laplink connections. It turned out they had opened all TCP ports. That is more than 65000, while only 1 port is needed for Laplink. Also the port that Blaster uses to spread itself, was open. That was factor one.
Factor two was, that Windows Update had never been run. The local manager was not aware that this is absolutely necessary to keep your computers safe.
Factor three: Telefonica has a monopoly, so their ADSL is expensive and the service is bad. At Telefonica, they don't seem to know or care that they are spreading Blaster. A serieus provider like the Dutch Xs4all just blocks the port that Blaster uses to spread. Xs4all started doing this a few days after Blaster first became known. As a costumer of Xs4all, it is practically impossible to get infected by Blaster. In Spain, Blaster uses a lot of bandwith and therefore slows down ADSL connections. It would be good for Spanish internet if someone at Telefonica would wake up.
Onno - apr 20, 2004, 11:33 - 1 comment
|
