Microsoft pulls web address to foil worm

NEWS As part of its effort to stop the progress of the MSBlast worm, Microsoft pulled the Windows Update address from the internet that the self-propagating program was set to attack. Because the worm was programmed to attack only that address over the weekend and not the site that it redirects to, the software giant decided to eliminate the Windowsupdate.com address. The move is one of a series of efforts that Microsoft undertook to try to thwart an attack on its servers that was expected to be launched by infected computers starting last Friday. A Microsoft spokesman said: "One strategy for cushioning the blow was to extinguish the Windowsupdate.com. We have no plans to ever restore that to be an active site." On Thursday, Microsoft changed the internet addresses that correspond to the Windowsupdate.com entry in the domain name service (DNS) servers that act as the internet's address book. One source familiar with the change said that the new addresses are no longer on the same network as Microsoft's other servers, thereby insulating the company's servers from any attack aimed at Windowsupdate.com. Sundwall stressed that the Windows Update service remains up and running, noting that the service never connected to Windowsupdate.com. Access to Windows Update is built into the latest versions of Microsoft's Windows client and server operating systems. To get the latest patches, consumers can type in windowsupdate.microsoft.com or, as Microsoft would prefer, go to the main Microsoft.com page, where they can find information on downloading patches as well as on setting up a firewall and installing antivirus software. Ina Fried writes for News.com