www.windowsupdate.com is "Akamai"d from IHUG = 206.112.112.X from Xtra = 63.236.1.X etc What are ISP's doing before midnight tonight? so their network is not affected. I guess getting 1000's of customers to remove the virus from their machines is impossible. Make www.windowsupdate.com point to 127.0.0.1 so it doesn't do anything or what? Thanks Craig Whitmore Orcon Internet http://www.orcon.net.nz On Fri, 2003-08-15 at 15:33, Simon Lyall wrote:
According to published docs on the worm it attacks "windowsupdate.com" which maps to ip's in 204.79.188.0/24
However checks to my cache logs show that nothing ever goes to plain old http://windowsupdate.com . Everything goes to download.windowsupdate.com , www.download.windowsupdate.com or something else. Even www.windowsupdate.com points elsewhere.
In fact a glance though cache logs so nothing going anywhere near the 204.79.188.0/24 network. Even better the 204.79.188.0/24 is a /24 all by itself advertised as a /24.
Does this mean:
1. It's safe to null route this network.
2. Microsoft will withdraw the advertisement for the network if the going gets tough. I notice that there is no route for the network on route-server.cw.net already.
Thoughts?