Bookmark
Page

RemoteScope vs. the Blaster Worm!

Note: This week's tech tip actually cancels the original we intended to send out. Blaster is a dangerous virus and this week's tech tip is designed to show you how you can use our latest utility, RemoteScope, to snuff the worm out across an entire network,

Except for the lucky few on vacation in Nepal, everyone in the IT community has by now heard of the Blaster worm. It doesn't affect Windows 9x or ME, but anyone using the operating systems based on the NT kernel (that includes NT 4.0, XP, 2000 and Windows 20003 Server) cannot afford to ignore this one. It very quickly infected over 100,000 systems, and just last week a new variant was detected that carried additional known Trojan software.

This might be a minor nuisance for someone with just a few machines, but for anyone managing a large network it can be just about as disruptive as last week's blackout in the Northeast. However, if you have RemoteScope it should be fairly painless to get all of your network systems patched in a timely manner. Here's how you do it:

First you need to download the update patch file from Microsoft. You can find it here:

http://www.microsoft.com/security/incident/blast.asp.

There are different executable files to patch Windows XP, Windows 2000, Windows NT4.0, and Windows 20003. You can find them all on this site, but if you have more than one OS you will need to download multiple files, one for each OS. Also, you will need to organize your Client systems into groups by OS, and deploy each patch as a separate job for each type of operating system. Worst case, you would need to set up and run four RemoteScope deployments.

I would suggest renaming the downloaded files to something more identifiable, since Microsoft tends to put in extra information in their file names that is superfluous for our purposes.

At Micro 2000 I changed the patch file names to BlasterPatchW2K.exe for the Windows2000 patch, BlasterPatchXP.exe for the WindowsXP patch and BlasterPatch2003.exe for the Server 2003 patch. This way I find it much easier to keep track of what's what.

After the downloaded files are safely tucked away, you are ready to create your deployment package.

1. Open the RemoteScope Console and select New Packet from the Software Distribution menu. In the New Distribution Packet Window, type in a unique name and description to distinguish it from other Packets. I used BlasterPatch(OS) where (OS) is the Operating System.

2. Click on "New" to create the New Distribution Product, and type in a Product Name. For simplicity I use the same name here as I used for the packet.

3. On the Installation type, select "Other". Add the patch file that matches the operating system you are patching, by selecting it and clicking on "Add".

4. On the command line type in the name of the file (in my case it was BlasterPatch(OS).exe) followed by "/q /u" (without the quotes). It should look something like this:

BlasterPatchXP /q /u

5. Click "OK" to create the Product and go back to the New Distribution Packet Window. You will see a prompt that your command line is not in the list... blah blah. Just ignore it and click "OK".

6. In the New Distribution Packet Window, select the Product you just created and click "OK" to create the packet.

You now have a distribution packet that is OS specific. You can distribute it immediately to the Client Group for that OS, or you can schedule it for a later unattended installation. You will know the patch has been deployed when your Clients reboot. You will need to repeat this 6-step process for each of the other NT-based operating systems in your network, using the appropriate patch file and the same switches.

Whatever the size of the network, in just a few minutes you will have averted a potential disaster. Make sure your boss (or your customers) know what you have done for them.

Disclaimer - The Micro 2000 Tech Tip is a free service providing information only. While we use reasonable care to see that this information is correct, we do not guarantee it for accuracy, completeness or fitness for a particular purpose. Micro 2000, Inc. shall not be liable for damages of any kind in connection with the use or misuse of this information.