KCNET NEWSLETTER 03/02/03
VIRUS AND OTHER STINKY STUFF:
LoveGate worm's got a hold on PCs From CNET A mass-mailing computer virus compromised a moderate number of PCs worldwide on Monday, installing a Trojan horse program that allows a remote intruder easy access to a victim's system, said antivirus experts. Known as LoveGate, the LovGate.C program has many similarities to previous viruses: It is a binary program; it has its own e-mail engine, obviating the need to use another program such as Microsoft Outlook to send messages; and it attempts to use 16 simple passwords to break into and spread to other computers on the victim's network. "In terms of the technology that it uses, all the individual capabilities have been seen before," said Steve Trilling, senior director of research for security software company Symantec. The worm is a variant of the LovGate.A virus, also known as w32.lovegate@m, which was first seen on the Internet last week. Symantec rated the worm a "3"--or medium threat--on its five-point scale of computer-virus risk. Trilling said that to a large extent the level of the grade is due to the large number of incident submissions from 18 of the company's corporate clients. Rival firm Network Associates also rated LoveGate a medium threat. Both firms have updated the definitions available to allow their software to detect the worm. The LoveGate virus generally first appears as an attachment to an e-mail message. It uses typical social-engineering tricks such as e-mail headers that promise free software, ask for help or advertise sexual content--to convince PC users to run the attached program. It then integrates itself with the victim's operating system. As part of its attack, the worm installs and runs a Trojan horse program consisting of four files. When it runs, the program notifies the virus's author of the compromised machine's address via e-mail, and opens up port 10168. Ports are the software addresses used by applications running on one computer to communicate with other applications running on other systems across a network. By knowing the Internet address of the victim's computer, the port number and the password used by the Trojan horse, an intruder can take control of an infected PC. While the virus could be a security threat for infected companies and home users, it hasn't yet spread very widely. E-mail service provider MessageLabs intercepted nearly 4,000 e-mails containing the malicious program in the first 12 hours of its spread. The e-mails came from South Africa, the United Kingdom, Italy, Germany, Belgium, China and the United States. That falls well short of the propagation of the top-dog computer virus, Klez.H. Computers infected with the 10-month-old malicious computer program still produce more than 12,000 e-mails that are detected by MessageLabs every day. Two other viruses, Sobig and Yaha, are currently in the No. 2 and No. 3 slots on MessageLabs' list of most prevalent intercepted code. Both have created more than 4,000 e-mail messages that have been filtered by the company.
E-mail viruses double in 2002 Although this was a December article it is still worth reading. By Matt Loney Special to CNET News.com December 16, 2002, 5:36 E-mail viruses are now twice as prevalent as they were in 2001, with one e-mail in every 200 containing a virus. Virus-scanning company MessageLabs said it stopped 9.3 million viruses in 2 billion e-mails this year, which equated to one virus in every 215 e-mails. That compares with 1.8 million viruses stopped in 718 million e-mails in 2001, or one virus in every 398 e-mails. According to the company, which measured results up to the end of the second week of December, the most active virus this year was Klez.H, with 4.9 million copies stopped by MessageLabs. Yaha.E came second with 1.1 million copies, then it was Bugbear.A with 842,333, Klez.E with 380,937 and SirCam.A with 309,832. These figures represent only the numbers stopped by MessageLabs for its corporate customers. The actual numbers of these viruses are much higher. Although Klez was the most active virus, Bugbear was the most dramatic outbreak of the year, infecting one in every 87 e-mails at its height in October. Its dual-mode attack saw it accounting for 30 percent of all reports of viruses to antivirus company Sophos in the last month--well ahead of former top-spot incumbent Klez, which by then only accounted for around 8 percent of all reports. Klez could reach only one in every 169 even at its peak, while Yaha never rose above one every 268, said MessageLabs. The two most dramatic outbreaks of all time recorded by MessageLabs remain Goner, at one in 30 last December, and the No. 1 LoveBug, which hit one in every 28 in May 2000. Alex Shipp, senior antivirus technologist at MessageLabs, said the more prevalent viruses owed their success to the fact that people found them hard to spot. "This is because these are able to 'spoof' e-mail addresses, so that the identity of the real sender is difficult to trace," Shipp said. "It also means that by mass mailing contacts from a recipient's address book, further victims are likely to open the rogue e-mail because they think it is from someone they know and trust." Shipp put the blame for the preponderance of e-mails on computer users at home, who tend to have the least protection. Security companies are expecting a further rise in the number of e-mail viruses over the winter holidays. Antivirus company Sybari last week warned network administrators of holiday offers and greetings that may also be carrying more than holiday cheer. Joe Licari, director of product management at Sybari, said that "during the holiday season, employees need to pay close attention to the e-mail they get in their inbox."
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THEN THE NEXT SUGGESTION IS FOR YOU. Free Virus scan. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/html/us_index.cfm Another good free program to take a look at is: http://www.free-av.com/
10 Most Prevalent Viruses Surveyed by Trend Micro US (week of: February 10, 2003 to February 16, 2003) 1. WORM_KLEZ.H 2. WORM_YAHA.K 3. PE_PARITE.A 4. PE_DUPATOR.1503 5. PE FUNLOVE.4099 6. WORM_SOBIG.A 7. PE_PARITE.B 8. WORM_OPASERV.E 9. WORM_BUGBEAR.A 10. TROJ SMALL.J
Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.urbanlegends.com/ulz/ http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.snopes.com/
TECHNICALLY SPEAKING: Jon Ahrens recommended this useful tool to the Advanced Class. We downloaded it and played. Most agreed that it is a useful tool and the price is right, FREE. If you are contemplating selling your computer or replacing and selling your old hard drive take a read from the article "Sanitized" below: You might want to consider "Sure Delete". Sure Delete offers two utilities that work to permanently delete data from a hard drive. When you need to shred sensitive information, Sure Delete ensures that it's done right. Rather than simply deleting file references on your computer, the program actually destroys the data itself. Sure Delete goes much further than the Windows Recycle Bin, and ultimately makes the data irretrievable. Best of all, the process is virtually effortless. Sure Delete offers a wizard-style interface that guides you through the process of deleting files. You'll have a clean, secure, evidence free hard drive in a matter of minutes. http://www.wizard-industries.com/sdel.html
"Sanitized" Hard Drives Prove a Trove of Personal Info By Justin Pope The Associated Press So, you think you've cleaned all your personal files from that old computer hard drive you're selling? A pair of MIT graduate students suggest you think again. Over two years, Simson Garfinkel and Abhi Shelat assembled a collection of 158 used hard drives, shelling out between $5 and $30 for each at secondhand computer stores and on eBay. Of the 129 drives that functioned, 69 still had recoverable files on them and 49 contained "significant personal information" - medical correspondence, love letters, pornography and 5,000 credit card numbers. One even had a year's worth of transactions with account numbers from an ATM in Illinois. "On that drive, they hadn't even formatted it," Garfinkel said. "They just pulled it out and sold it." About 150,000 hard drives were "retired" last year, the research firm Gartner Dataquest estimates. Many ended up in trash heaps, but many also find their way to secondary markets. Over the years, stories have occasionally surfaced about personal information turning up on used hard drives that have raised concerns about personal privacy and identity theft risks. Last spring, the state of Pennsylvania sold to local resellers computers that contained information about state employees. In 1997, a Nevada woman purchased a used computer and discovered it contained prescription records on 2,000 customers of an Arizona pharmacy. Garfinkel and Shelat, who report their findings in an article to be published Friday in the journal IEEE Security & Privacy, say they believe they're the first to take a more comprehensive - though not exactly scientific - look at the problem. On common operating systems like Unix variants and Microsoft's Windows family, simply deleting a file, or even following that up by emptying the "trash" folder, doesn't necessarily make the information irretrievable. Those commands generally delete a file's name from the directory, so it won't show up when the files are listed. But the information itself can live on until it is overwritten by new files. Even formatting a drive may not do it. Fifty-one of the 129 working drives the authors acquired had been formatted but 19 of them still contained recoverable data. The only sure way to erase a hard drive is to "squeeze" it: writing over the old information with new data - all zeros, for instance - at least once but preferably several times. A one-line command will do that for Unix users, and for others, inexpensive software from companies including AccessData works well. But few people go to the trouble. Garfinkel said users shouldn't be forced to choose between wiping their hard drives clean or taking a sledgehammer to them. "There are ways of designing an operating system to make that problem go away," Garfinkel said. Indeed, future operating systems may make it easier. But many users like believing that, in a pinch, an expert could recover their deleted files. The resilience of hard drive data is also a powerful weapon for law enforcement. As it turned out, most of the hard drives the authors acquired came from businesses that apparently have a higher but misplaced confidence in their ability to "sanitize" old drives. Individual users are more likely simply to toss their old drives into the closet, or try the sledgehammer method. "Homeowners seem to understand there's not a lot to be gained by selling your 20-gig hard drive on eBay," Garfinkel said. That jibes with the experience of Tom Aleman, who heads the analytic and forensic technology group at Deloitte & Touche and often encounters companies that get burned by failing to fully sanitize, say, the laptop of an employee leaving the company for a job with a competitor. "People will think they have deleted the file, they can't find the file themselves and that the file is gone when, in fact, forensically you may be able to retrieve it," he said. Garfinkel has learned his lesson. As an undergrad at MIT in the 1980s, he failed to sanitize his own hard drive before returning a computer to his father, who was able to read his personal journal. The privacy concerns worry him, especially since the U.S. Supreme Court has held that the right to privacy doesn't apply to discarded items. But what really strikes him is how many people he found bidding for old drives on eBay. He shudders to think what they want with them. "If I were a government interested in doing economic espionage against the United States, I would allocate a million dollars a year to buy these hard drives and analyze them," he said. In fact, it wouldn't even take that - just somebody willing to hold their nose and walk around the municipal dump.
What's the difference between Windows Explorer and Internet Explorer? This one from Worldstart. I like most of this answer.(MLF) Actually, nothing. It's a program with a split-personality. The Internet Explorer side of the program is for surfing the web. The Windows Explorer side is used for exploring the files, folders, drives, and directories on your computer. What's cool about it is they work very much the same manner. For example, click the Back button on Internet Explorer and you go back to the previous web page. Click the Back button on Windows Explorer and you go back to the previous folder (or wherever you just were). In fact, try this. Open Internet Explorer and type: C:\My Documents Since I have XP, I need to type in: C:\Documents and Settings\Steve\MyDocuments
See? You can use the Internet Explorer side of Explorer to sort through files. Oh, and yes, you guessed it. You can also type a web URL into the Windows Explorer address box and hit Enter to go there. You know, just in case you're busy looking at files and feel the need to get on the web really quick. Yeah, it's a little confusing, but then it wouldn't be a Microsoft product if it wasn't... This was almost enough to make me switch to Internet Explorer until I tried the same with Netscape; voila, it works there too. Therefore, I would not have answered this question quite this way but his explanation makes sense especially the last sentence. I like knowing that I can access averything in Windows Explorer from the browser without accessing the "My Computer" icon. (MLF)
ECleaner v2.01 We explored this one in the Advanced Class. Many of us already use the program but quite a few had dnever heard of it. It is one of the nicest edit tools available. The really neat thing is it is free. (MLF) Do you forward your favorite e-mail jokes to all your friends? Your wit will be better appreciated if it doesn't arrive with ">>>>>" at the beginning of every line. This nifty little program removes them from e-mail messages, making them look cleaner and preventing choppy word wraps. Now if only it made the jokes funny. http://www.pcworld.com/downloads/file_description/0,fid,6492,00.asp
INTERESTING SITES : **** Crystals- I offer this, knowing that KCnet Newsletter readers have become experts in **** this year. (that is all except our friend Walter Cooper) This site is all about **** crystals and ****flakes, and how these remarkably complex and beautiful structures appear, quite literally, out of thin air. The many facets of **** crystals are described here, along with our attempts to understand their formation. http://www.its.caltech.edu/~atomic/xxxxcrystals/ Please, please, do not ask for more ****falls this year so that you can do up-close and personal crystal analyzing.
Subject: FBI & CIA has eyes for you! - Quite a few have offered this gem. In the continuing war on terrorism the FBI, in concert with the CIA, has developed new technology to quietly monitor one's every mouse move. But it's not going to bother you a bit. Go to the site below. http://users.chartertn.net/tonytemplin/FBI_eyes/index.html
A DIFFERENT TYPE OF MIND-READING TRICK This will fry your brains for awhile. It takes Flash and has a load time pause but it is worth your patience.(MLF) We were convinced that demonic Leprechaun Overlords were manipulating time and space to read our minds as simply as we might read a Tom Swift Jr. adventure novel. But after a short time, we figured out how it works, and now we laugh and scoff at those who believe mystical spirits are operating this trick. http://www.cyberglass.co.uk/FlashEx/mindreader.html I figured it out after about fifteen minutes of awe and it is still fun to play and offer to others. (MLF) Oh, access the main page and play with some of the other very creative opportunities. (MLF) http://www.cyberglass.co.uk/
EXTRA! EXTRA! GET YOUR MICHAEL JACKSON NEWS!
http://www.mjnews.vxe.com
Dry Creek Vineyards Recipes The many recipes are worth the visit. There is some good reading about wines too. This is a good site. (MLF) The Web page for Dry Creek Vineyards contains a selection of excellent recipes. Soups, salads and entrees make up the bulk of the offerings. Wine suggestions are given with each dish. There is even a downloadable cookbook of 47 recipes (you will need Acrobat Reader). http://www.drycreekvineyards.com/theholidays.html
NATURE'S BIO-WEAPON: THE FLU Good advice is to buy futures on Kleenex if you live in the 17745 zip code. FluStar keeps close tabs on outbreaks. See if your zip code area has been badly compromised by the flu, with the latest info. We are on the border of high and moderate. You will be surprised where the flu is low. Actually you might be surprised to learn that our area is above the national average for the weeks ending 2/7, 2/14 and 2/21. http://flustar.com/
This week's game site is a Flash game site for chess. It looks good. I did not attempt to play. (MLF) http://www.media-division.com/flashgames/flashchess/chess.htm