[Dshield] Fw: "URGENT - Open Immediately - Virus Information"

Michael Machnica brainwave at adelphia.net
Fri Aug 15 22:45:19 GMT 2003

Well, I guess Adelphia decided to do something. It probably took the power outage to prompt them (whatever the cause of that), because this is the first time that I can recall them issuing a release such as this (Adelphia has been my ISP for about 3.5 years now. I never had a dial -up connection).

----- Original Message ----- 
From: Adelphia Advanced Products Customer Care 
To: Power Link Subscriber 
Sent: Friday, August 15, 2003 5:00 PM
Subject: "URGENT - Open Immediately - Virus Information"

Dear Adelphia High-Speed Internet Customer,

There are two current issues that are affecting many of you today and Adelphia would like to bring them to your attention. We encourage you to take action to protect your computer.

1. MSBlast.exe Virus Information:

As you may have heard, a significant virus known as MSBlast.exe (also known as the LovSan Web Worm) spread across the Internet over the past week. Unfortunately, many of you were affected. Those of you who have not taken action to protect your computer from this virus are still open to attack.

According to some reports, the MSBlast.exe virus may resume its attack on Saturday August 16th, 2003. The virus is programmed to launch a distributed denial-of-service attack on windowsupdate.com. This may severely impact access to the Microsoft website used to distribute security fixes against viruses. Each computer that begins to run the worm on or after 8/16/2003 (either from new infection or after a computer restart) will engage an attack on windowsupdate.com. Customers who have already downloaded the update from Microsoft should not be affected because this is the same worm attack from August 12th - the worm is just time released in this case. 

If you have not downloaded the update from Microsoft, you will not be able to go to windowsupdate.com if the worm resumes its attack on 8/16/2003. To stop the virus from infecting your computer, we recommend that you take immediate action to update the security patch located at:


Customers who run firewalls are encouraged to block access to TCP port 69, 135, 4444 at the firewall level.

Finally, you can go to www.adelphiapowerpage.com for links to the removal tools and security updates. Customers using Windows 2000 or Windows XP are strongly encouraged to do so no later than 12:00PM EDT August 15th, 2003.

2. NETGEAR 4-port Home Networking Router Information:

Product Information: Model RP614 4-Port Cable/DSL Router with 10/100 Mbps Switch 

An issue has been identified with NETGEAR routers and integrated cable modem/routers. The NETGEAR equipment generates IP broadcasts to other Internet users, which causes a degraded Internet experience.

The NETGEAR web site offers a solution for customers that have this product: 

Please Note:
Adelphia is providing this information to help you protect yourself from the MSBlast.exe virus and to prevent any NETGEAR equipment you may own from impacting other Internet users. Adelphia is not responsible for any damage to your computer from any source used to protect against this virus.

Thank you,

Adelphia Communications

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/03

More information about the list mailing list