[Rodney King]

Here's a better question: What's the problem exactly? How does one get this virus other than by opening attachements?

[FourPeas]

Mr. FourPeas expects something in about 4-6 weeks.

[strela]

Huh? I thought Blaster was an email virus. I wasn't aware that it could be contracted using IE (unless you use Outhouse crapware to read your email or something).

[Ken522]

I talked to a techie a couple days ago at Best Buy - he said a large number of people were bringing their computers in because of some kind of virus ... anyone know anything about it? Has anyone been affected by a computer-related "virus" lately? Thanks.

[Chad Fairbanks]

And IE is responsible for this how, exactly? THis particular nasty isn't an IE Exploit...

I've used IE, and other Microsoft products - from Operating Systems to Office Suites etc... for years and years and have never, not once, been hit by a Virus, Trojan, Worm or other security breach...

Why is that?

[IpaqMan]

If you have a PC running Windows 2000, Windows NT 4.0, or Windows XP and are connected to the Internet, you may be vulnerable. No action is needed by the user in order to be "infected".

A request from another computer is made to your port 135 as a remote procedure call. If your PC responds, a request is made to copy a file to your PC which is then executed. A change is made to your registry to restart this program on a reboot. This program now takes on the task of finding another victim computer.

If you are using Windows 95 or 98 or Millenium, you will not be infected, since these systems do not support the remote procedure call.

If you are using a hardware or software firewall that blocks port 135, you will not be infected. The Linksys router is an example of such a hardware firewall. Zonealarm is an example of a software firewall.

I noted on my firewall log that there have been many port 135 requests to my network.

[IpaqMan]

BTW, this has nothing to do with IE, only with Windows.

[Yeti]

I got an email "special edition" of msdn newsletter about steps to take to avoid it, but haven't messed with it. I skimmed it, saw that most of it involved enabling the firewall, which I already have.

Don't open attachments. I have used Eudora for email for a long time, and have never been affected by any of the big viruses.

[Billthedrill]

Infected computers will attempt to effect a Denial of Service (DoS) attack by sending 50 packets a second to www.windowsupdate.com. Sorry if this looks like gibberish, it isn't, trust me. This is from the latest Symantec security bulletin:

DoS traffic has the following characteristics:
Is a SYN flood on port 80 of windowsupdate.com.
Tries to send 50 HTTP packets every second.
Each packet is 40 bytes in length.

Some fixed characteristics of the TCP and IP headers are:
IP identification = 256
Time to Live = 128 Destination IP address = dns resolution of "windowsupdate.com"
TCP Source port is between 1000 and 1999
TCP Destination port = 80
TCP Sequence number always has the two low bytes set to 0; the 2 high bytes are random.
TCP Window size = 16384

Because of this Microsoft has taken the site with that URL down. It could still mess up people's internal networks with excess packets, though.

[IpaqMan]

A plus for a software firewall like ZoneAlarm is stopping zombie-bots. Those are little programs that an outsider puts on your PC via attachments or "click here" items. These bots sit in the background and listen to the internet for remote commands such as initiating a denial-of-service attack. This allows an attacker to work anonymously because he is using your computer to do the attack.

ZoneAlarm can be configured to prompt you when a program on your PC wants to connect to the internet like IE, Netscape, Outlook, etc. If a zombie-bot tries to connect to the internet, you will see ZoneAlarm prompt for permission for this specific program. Please note that some zombie-bots have been named netscape.exe. ZoneAlarm can distinguish between programs named netscape.exe. If you are already running Netscape (prompted and confirmed) and ZoneAlarm later prompts you for netscape.exe, you can be sure that this is not the same netscape.exe. This warrants further investigation.

Many zombie-bots are relatively harmless. They are simply tools for an outside hacker to act anonymously using your PC.