HOME
E-MAIL
MY ACCOUNT
CHANNELS
SUPPORT
  StarBand Search:
  Search The Support Area:     





    Support
Support Center
My Account
Network Status
Troubleshooting
How-To Guides
Ask a Question
Speed Test
Member Exchange
Download Center
Solutions Center

Posted   Updated   Subject
9/19/01       NIMDA Virus/Worm Attacks Via Multiple Entry Points
9/7/01       Code Red Worm Is Infecting StarBand Members’ PCs
9/6/01   11/15/01   "Satellite Accelerator Tunnel Down" Error Message

 

9/19/01: NIMDA Virus/Worm Attacks Via Multiple Entry Points

Issue/Symptoms

Issue

  • NIMDA Worm Attacks Members PCs
  • ALL Windows Versions Are Vulnerable

A new, potent virus/worm called "NIMDA" is circulating which poses a great threat to both your personal computer and to the StarBand network. NIMDA infects computers running all versions of Microsoft® Windows NT®, Windows 98®, Windows 2000® and Windows Me®. StarBand is requesting that you immediately take the necessary steps to protect all computers connected to your StarBand system from infection.

Symptoms

  • Slow Upload/Download
  • Files On Your System May Be Changed

The NIMDA worm is a complex threat that attacks through many different vulnerabilities, which may exist on your computer. Once infected, your PC will begin to rapidly infect other machines, causing enormous volumes of traffic over the StarBand network and impacting the overall system performance of the network and your pc.

The NIMDA worm primarily spreads through e-mail and web-browsing activities. Unlike past e-mail viruses, the NIMDA worm can infect your computer if you merely read, or even preview an e-mail with the virus attached. The latest version of NIMDA sends an attachment called "sample.exe." Do not open this file. Similarly, your computer can become infected just by browsing to an infected website. The virus can also spread through shared networked drives, and for computers running Windows NT4.0 or Windows 2000, through the web server component.

Solutions
  • Update/Patch Microsoft Internet Explorer
  • Uninstall Internet Information Services (IIS) on Windows 2000 or Windows NT
  • Use Antivirus and Firewall software

Step 1: Update/Patch Internet Explorer

The common vulnerability that NIMDA exploits lies with certain versions of the Internet Explorer® program. If you use Internet Explorer as a web browser on your computer or use Outlook or Outlook Express, you will need to download the appropriate patch from Microsoft to protect both your system and the StarBand network. To update Internet Explorer Version 5.01 and 5.5, follow this link.

Note: Internet Explorer Version 5.01 Service Pak 2, Version 5.5 Service Pack 2 and Version 6.0 are not vulnerable. If you are not sure which version you are running, we suggest you download and install the patch as a precaution.

Step 2: Disable IIS

If you are running Internet Information Services (IIS) on Windows 2000 or Windows NT, you should uninstall that component from your system. If you choose to not remove the software, you will need to ensure that you have downloaded all the necessary patches. A cumulative patch for IIS 4.0 and IIS 5.0 is available here.

Remember, if you are operating a home network, you should take the steps outlined above on each of your computers, not just the machine directly connected to your satellite modem.

Step 3: Use Anti-virus and Firewall Software

As always, StarBand strongly recommends the use of updated anti-virus and personal firewall software on all of your computers. Remember to keep your anti-virus software current by downloading the latest updates from your anti-virus software vendor's web site.

Please be aware that should your machine become infected and start impacting the performance of the StarBand network, StarBand will have no choice but to shut your StarBand service down until such time as you remedy the problem.

For more information on the NIMDA worm, please visit:
SANS Emergency Incident Handler at http://www.incidents.org/react/nimda.php
Symantec at http://www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html
Microsoft at http://www.microsoft.com/security
CERT at http://www.cert.org/current/current_activity.html#port80

Back To Top

 

9/7/01: Code Red Worm Is Infecting StarBand Members’ PCs

Issue/Symptoms

Issue

  • Code Red Worm Is Infecting StarBand Members’ PCs
  • Unprotected Windows 2000 and NT4.0 PCs Are Vulnerable
  • Small Number Of Infected StarBand Member PCs Are Impacting Overall Network Performance By Generating Disproportionate Amount Of Traffic

The Code Red Worm is a self-propagating malicious worm that exploits PCs with the Windows NT4.0 and Windows 2000 Operating Systems utilizing the Internet Information Server software. Given the time frame through which this quietly spreading worm has been in existence, it is virtually certain all PCs with the operating systems listed above are or will be infected IF the proper precautions have not been taken to prevent its intrusion.

Symptoms

  • Slow Upload/Download Speeds
  • Service Interrupted Because Your PC(s) Are Infected with Code Red Worm
  • Web Servers and Instant Messengers Are Not Working

When activated, the worm generates enormous volumes of traffic in its attempt to spread. A PC infected with the Code Red Worm will send thousands of inquiries across the Internet, including the StarBand network, each minute in pursuit of another unprotected machine to infect. This can have an impact on the overall network's speed performance on which the infected PC is located.

Like most Internet Service Providers and corporate networks, StarBand is actively monitoring its network to identify members with PCs attempting to spread the worm. In order to provide quality service to our members, we have instituted a zero-tolerance policy in our efforts to stop the worm from spreading to our network. Upon identifying a PC on the StarBand network infected with the worm, we are immediately taking the member's service temporarily off-line so as to prevent the worm from spreading. We are then working with the impacted member to communicate how to disable the worm and clean the PC so it can get back up and running on our network. Please see the Solutions section for additional details.

One additional defense we have recently put in place is to block all traffic from the http Port 80 communications protocol. This protocol is the vehicle through which the worm spreads. Like many other Internet Service Providers, we have blocked inbound Port 80 traffic from the internet to effectively stop the worm from spreading to our members from outside of our network. This will not affect your normal web browsing activities.

Additionally, a very small percentage of Instant Messenger configurations and peer-to-peer file sharing applications utilize Port 80 and will be impacted only if the original installation settings for these applications were modified. Port 80 is also the protocol used by many web servers to receive data requests. Since the StarBand Acceptable Use Policy (click here) expressly forbids members from operating a web service through their StarBand service, we are confident the impact of this action will be minimal. Port 80 will be blocked indefinitely until we are confident the Code Red Worm has run its course. Our belief is this will be for just a few weeks, however, it may indeed take longer. We will keep you updated from this website.

Solutions
  • Disable the Internet Information Server Software
  • Run a Code Red Worm Cleaner
  • Install the Microsoft Patch to Prevent Further Intrusion

Please follow these directions if you are currently using Windows NT4.0 and Windows 2000 Operating Systems utilizing the Internet Information Server software – whether or not you have already been contacted by StarBand.

There are 3 easy steps to clean your PC of the Code Red Worm:

Step 1: Disabling the Worm

You will need to remove the Internet Information Services (IIS) components from each of the systems attached to the StarBand network. To do so, follow the instructions below on each system.

Instructions for removing from Windows 2000

  1. Click Start->Settings->Control Panel
  2. Double Click "Add/Remove Programs"
  3. Click "Add/Remove Windows Components"
  4. Find and Uncheck "Internet Information Services (IIS)"
  5. Click "Next" until clicking "Finish"

Instructions for removing from Windows NT 4.0

  1. Click Start->Settings->Control Panel
  2. Double Click "Add/Remove Programs"
  3. Find and Click "Windows NT 4.0 Option Pack"
  4. Click the "Add/Remove" button
  5. Click "Next"
  6. Click "Remove All"
  7. Follow the instructions on the screen until IIS is completely removed.

Step 2: Cleaning your PC

Code Red Worm Cleaner

Click here to download the latest Code Red removal tool from Symantec™. This should take just seconds to download (118k file size).

Step 3: Protecting your PC – and the StarBand Network

Download and Install the Code Red Patch from Microsoft

The following Code Red patches are available from Microsoft. Apply patches to all Windows NT 4.0 and Windows 2000 systems:

Windows NT 4.0

Windows 2000 Professional, Server, and Advanced Server

Thank you for your cooperation. We apologize for any inconvenience you may experience because of the Code Red Worm. We are continuing to work diligently to rid our network of this worm to ensure that this no longer impacts our individual member's online experience or the overall performance of our network.

For FAQs (Frequently Asked Questions) concerning the Code Red Worm, please click here.
Back To Top

 

11/15/01 "Satellite Accelerator Tunnel Down" Error Message

Issue/Symptoms

Issue

  • StarBand Model 360 members
  • Slow and/or Intermittent Internet Access

Some of our StarBand Model 360 members, like you, may be experiencing slow or intermittent Internet access with their satellite modem. This may be due to a compatibility issue between other software you have on your PC and the satellite accelerator software. This means the traffic sent to and received from the Internet is bypassing the custom software that "speeds up" the various Internet protocols.

Symptoms

  • Black Mission Control Icon
  • “Satellite Accelerator Tunnel Down” Error Message

To confirm that you are experiencing this acceleration issue, please move your mouse over the Mission Control icon in the lower right hand side of your screen.

If the error message, “Satellite Accelerator Tunnel Down” appears, you have this problem and should review the Solutions section below. If this error message does not appear or if a different error message appears, double-click on the Mission Control icon to access the Trouble Shooting Guide to help resolve the issue you may be having. Also note, the troubleshooting steps and software download below should only be used if you are experiencing the "Satellite Accelerator Tunnel Down" error message.

Solutions

We provide solutions below for some of the most common causes of the "Satellite Tunnel Down" problem (See Step 1: Check Your System). If none of these solutions work for you, we have a downloadable software enhancement that will likely resolve the conflict existing between other software on your PC and the StarBand software powering your satellite modem. Keep in mind that each member's PC is unique given the software that has been installed or uninstalled (even removing software can leave information on your PC causing a conflict). As such, this software download may not resolve every member's "Satellite Accelerator Tunnel Down" issue.

Step 1: Check Your System

There are a few steps you should take to troubleshoot your Model 360 which may fix your issue. Please try these prior to moving to Step 2 and downloading the software upgrade.

Please click here and follow the instructions for troubleshooting your PC.

Step 2: Download the Enhanced StarBand Software

To manually check if your PC has the latest software, right click on the StarBand Mission Control Icon () in the system tray (bottom right corner of your screen), and select “Check for Updates”.

If a newer version of Mission Control is available on the update server, a pop window titled Mission Control Update Wizard will appear.

If you would like to find out what’s new before downloading the upgrade, click What’s New on the Mission Control Update Wizard window.

When you’re ready to download the upgrade, return to the Mission Control Update Wizard window, select Yes, and then click OK.

If, after downloading and installing this enhancement, you still have a black Mission Control icon and "Satellite Accelerator Tunnel Down" error message when scrolling over Mission Control with your mouse, please contact member services and support and let the Technical Support group know that you still have the Satellite Accelerator Tunnel Down problem after following the above troubleshooting steps. They will place you in an Escalation Queue to help address the problem. There could be an extended wait time in this queue. We will work with you directly to resolve the specific conflict your PC is experiencing.

Back To Top