Site hosted by Angelfire.com: Build your free website today!
Microsoft Home     All Products    |     Support    |     Search    |     microsoft.com Home   
 
   Security & Privacy Home       Site Map       Security Worldwide   
Search for
Advanced Search
Security & Privacy Home
Glossary
Microsoft Privacy Policies
IT Professionals (TechNet)
Developers (MSDN)
Home Users
Businesses
Products
Services
Communities
Partners
 
 
 
Security
Security & Privacy Home

What You Should Know About the Blaster Worm and Its Variants

Updated August 22, 2003, 6:15 P.M. Pacific Time

View Printer-Friendly Version

Related Resources
Next Steps

Glossary Terms

Click the term to get the definition from our Security and Privacy Glossary.

Globe This information is available in more than 30 languages. Find links to those pages here.

At 11:34 A.M. Pacific Time on August 11, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). The worm, W32.Blaster.Worm and its variants, exploits a security issue that was addressed by Microsoft Security Bulletin MS03-026. This issue concerns a vulnerability in the Remote Procedure Call (RPC) function.

Important Information

  • Guidance for home users: These four steps can help protect your computer and recover if it has been infected by the Blaster worm or variants. To get the steps, click here.
  • Hoax circulating: Microsoft never distributes software through e-mail. If you receive an e-mail message that appears to be from Microsoft and that contains an attachment, delete the message immediately. Do not open the attachment. To learn more, click here.
  • Scan tool for network administrators available: IT professionals can download a free tool from Microsoft to help them scan their networks for the security update. To get the tool, click here.

Who Is Vulnerable?

Your computer is not vulnerable to the Blaster worm if you downloaded and installed the security update that was addressed by Security Bulletin MS03-026 prior to August 11, the date the Blaster worm was discovered.

Products Affected by This Worm
  • Microsoft® Windows NT® 4.0
  • Microsoft Windows® 2000
  • Microsoft Windows XP
  • Microsoft Windows Server™ 2003
Products Not Affected by This Worm
  • Windows Millennium (Windows Me)

Note  Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions.

If you are unsure of which version of Windows you are running, click here.

How to Tell If the Worm Is Affecting Your Computer

Some customers whose computers have been infected may not notice the presence of the worm at all, while others who are not infected may experience problems because the worm is attempting to attack their computer. Typical symptoms may include Windows XP and Windows Server 2003 systems rebooting every few minutes without user input, or Windows NT 4.0 and Windows 2000 systems becoming unresponsive.

system shutdown

Shutdown error. If your computer is infected, you may see this error message.

Whether you are experiencing these symptoms or not, Microsoft recommends that you take the following action immediately:

  • If you're running Windows XP or Windows 2000, follow all Steps 1–4 for home users below.
  • If you're running Windows Server 2003 or Windows NT 4.0, follow Steps 1–3 for home users below.

Actions for Network Administrators

Microsoft recommends that network administrators take the following actions immediately:

4 Steps for Home Users

home If you are using Microsoft ® Windows NT® 4.0, Windows® 2000, Windows XP, or Windows Server™ 2003, you should follow the steps in this sequence to help protect your computer and to recover if your computer has been infected.

padlock 1. Enable a Firewall


Make sure you have a firewall activated to help protect your computer against infection before you take other steps. If your computer has been infected, activating firewall software will help limit the effects of the worm on your computer.

The latest Windows operating systems have a firewall built in. Windows XP and Windows Server 2003 users should print or save the following instructions for how to enable their firewall.

If your computer is rebooting repeatedly, disconnect from the Internet before you enable your firewall. To disconnect your computer from the Internet:

  • Broadband connection users: Locate the telephone cable that runs from your external DSL or cable modem and unplug that cable either from the modem or from the telephone jack.
  • Dial-up connection users: Locate the telephone cable that runs from the modem inside your computer to your telephone jack and unplug that cable either from the telephone jack or from your computer.

Follow the instructions provided for your operating system, and then reconnect to the Internet.

padlock 2. Update Windows


If you have disconnected from the Internet, remember to reconnect before you take next steps. Download and install the security update addressed in Security Bulletin MS03-026 for the version of Windows that you are using from Windows Update.

When you get to the Windows Update site, scan your computer for any critical updates that you need, and then install them. To do that:

  1. Click Scan for Updates next to the green arrow near the center of your screen.
    Note  It may take several minutes for the scan to complete.
  2. After the scan completes, under Pick updates to install on the left side of your screen, click Critical Updates and Service Packs.
    A list of updates appears.
  3. Click Review and install updates near the center of your screen to begin downloading and installing the updates.

Get the Security Update from Windows Update

padlock 3. Use Antivirus Software


Use antivirus software and make sure you have the latest updates installed. There are several variants of this worm, and the most up-to-date information about them can be found at your antivirus vendor's Web site.

  • If you already have antivirus software installed, go to your antivirus vendor's Web site to get the latest updates, also known as virus definitions.
  • If you do not have antivirus software installed, get it. The following vendors participating in the Microsoft Virus Information Alliance (VIA) offer antivirus products for home users:

Learn about Microsoft's Virus Information Alliance.

padlock 4. Remove the Worm


If you think there is even the slightest possibility that your computer might be infected, use the free worm removal tool available at your preferred antivirus software vendor's Web site:

For Technical Assistance

Contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, please contact PSS. We are currently experiencing a high call volume and apologize for any delay in responding.
 Contact Us   |  E-mail This Page
 © 2003 Microsoft Corporation. All rights reserved.   Terms of Use  Privacy Statement   Accessibility