KCNET NEWSLETTER 11/09/03 TECHNICAL PAGE
VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
VIRUS AND OTHER STINKY STUFF WORM_MIMAIL.C This from Trend Micro As of 8:02 a.m. U.S. Pacific Time, Trend Micro has declared a Yellow Alert to control the spread of WORM_MIMAIL.C . This memory-resident Internet worm propagates via email using its own SMTP engine. It runs on Windows 95, 98, ME, NT, 2000, and XP. The email arrives with the following: To: admin@??? Subject: Re[2]: our private photos ??? Message Body: Hello Dear!, Finally i've found possibility to right u, my lovely girl :) All our photos which i've made at the beach (even when u're without ur bh:)) photos are great! This evening i'll come and we'll make the best SEX :) Right now enjoy the photos. Kiss, James. ??? (Note: ??? is a variable string) Attachment: photos.zip Upon execution, this memory-resident worm drops a copy of itself as NETWATCH.EXE in the Windows folder. It then creates a registry entry so that its dropped copy executes at every system startup. This malware also creates the following files in the %Windows% directory: * EML.TMP - contains the compiled and gathered email addresses from the local machine * ZIP.TMP - the .ZIP file that this worm sends as a mail attachment * EXE.TMP - a UPX-compressed Win32 .EXE file This mass-mailing worm arrives as an email attachment, which is a .ZIP file containing an .HTML file and a UPX-compressed Win32 .EXE file. When the .HTML file is opened, the malware code is executed and exploits Internet Explorer's security system vulnerability. It then launches the .EXE file, which carries the worm program. It also uses Simple Mail Transfer Protocol (SMTP) servers and user names gathered from files not having the following extensions: * COM * WAV * CAB * PDF * RAR * ZIP * TIF * PSD * OCX * VXD * MP3 * MPG * AVI * DLL * EXE * GIF * JPG * BMP It performs a Denial of Service (DoS) attack against the IP address 63.246.128.180 (http://www.darkprofits.com) by sending the following data: ICMP packets (garbage data? - This is still under investigation.) HTTP packets (garbage data? - This is still under investigation.) It performs this routine using several threads, resulting in an increase or flooding of ICMP messages in the infected host network.
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THEN THE NEXT SUGGESTION IS FOR YOU. Free Virus scan. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/us/us_dwnl_free.php Another good free program to take a look at is: http://www.free-av.com/
10 Most Prevalent Viruses Surveyed by Trend Micro US for October 24 - October 30. 1. WORM_LOVGATE.G 2. WORM_MSBLAST.A 3. TROJ_DASMIN.B 4. WORM_SWEN.A 5. WORM_NACHI.A 6. JAVA_BYTVERIFY.A 7. WORM_KLEZ.H 8. WORM_ANTINNY.A 9. PE_PARITE.A 10. PE_DUMARU.A
Tried and Untrue Viruses Believe it or not, the amount of harm done by sending false computer virus alarms to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your antivirus software provider probably knows about it too and already has an update for it. Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.sophos.com/virusinfo/hoaxes/ http://www.truthorfiction.com/
TECHNICALLY SPEAKING: REMOVE YOUR NAME FROM GOOGLE'S PHONE BOOK This one from Kim Komando. Among the many services offered by Google, the search engine, are telephone listings. Just go to Google.com and type your phone number in the search box, such as 212-555-1212. You might get your address and a map to your location. But not everyone wants their listing online. You can easily get a residential listing removed from Google. Just enter your information in the form at: http://www.google.com/help/pbremoval.html For business listings, Google wants a request on your letterhead. Google will call to double-check, which is a good thing.
What is spyware? How do I know if I have some on my computer? How do I get rid of it? This from Worldstart on a very important subject. We have spent a few sessions in the KCnet Users Class on this very subject. Most agreed that it is necessary to control the Spyware. Even the nonmalicious Spyware is a pain. (MLF) Now from Worldstart. Spyware is basically a type of program that gathers information about you without your knowledge. This information may be distributed to many sources or just a single source. Note that if a program alerts you that your personal information may be shared it is not "technically" spyware, but it can be considered "Adware". Spyware programs can be extremely annoying and can wreak havoc on your system. They can cause slow downs, lockups, and all sorts of other problems. The bad news is there are hundreds of these types of programs out there. Some common spyware programs include: Hotbar, Comet Cursor, Xupiter, Gator, Offer Companion and BonziBuddy. Before downloading any "free" program from the internet, be sure to read the licensing agreement. did you know that Increadimail is technically adware? How about RealOne Player—it puts"data mining" software on your system to "track preferences" and report back to the mothership. Even free CD games from a cereal box or fast food kid's meal can put "adware" (often called "foistware") on your system. If you want to make sure that a program is safe before you download or install, head over to Spychecker and type in the name. You will find a link to the company's privacy statement so you can read exactly what information will be collected and how it will be used before you download. I was surprised to find some familiar names. http://www.spychecker.com/ Now, what to do about it. There are two great programs out there: Spybot Search & Destroy and Ad-Aware. Spybot is very thorough, but it often lists files that aren't spyware making it more likely that you accidentally delete something. Ad-Aware is the easiest to use and my personal favorite. Download and install Ad-Aware from this location: http://www.lavasoft.de/support/download/ Once you’ve installed it, open the program up and click "Scan Now". You can use default scanning options, select just the drives and folders you want to scan, or perform a quick system check. On your left pane the program gives you a list of different places to scan. Then click the “Nextâ€? button.
Microsoft sets up virus-hunting fund November 5, 2003 By Robert Lemos and Margaret Kane Staff Writer, CNET News.com This looks like Good News for a change. (MLF) Microsoft will work with law enforcement to track down writers of worms, viruses and other malicious code, and is ponying up $5 million to fund the search. As first reported by CNET News.com, the initiative's first two bounties--to the tune of $250,000 each--will be for information leading to the arrest and conviction of the people responsible for releasing the MSBlast worm and Sobig virus, both of which wreaked havoc online over the summer. The initiative marks the latest move by Microsoft and law enforcement to curtail attacks that plague the Internet. Track the players Microsoft executives were joined by representatives from the FBI, the Secret Service and Interpol at a press conference Wednesday that announced the new fund. "These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that disrupt the lives of real people," Brad Smith, general counsel at Microsoft, said in a press conference. The rewards will be open to residents of any country, subject to that country's laws, Microsoft said. People with information can report it to law enforcement online to Interpol, to the Internet Fraud Complaint Center or to FBI, Secret Service or Interpol field offices. Dubbed the Anti-Virus Reward Program, the initiative marks the latest move by Microsoft and law enforcement to put a stop to the repeated waves of attacks that have hit the Internet in the past decade. The two rewards posted on Wednesday could also jump-start federal law enforcement's seeming stalled investigation into the attacks that infected hundreds of thousands of computers in August and September. The U.S. Department of Justice, the FBI and Microsoft had earlier announced the arrests of two men who are suspected of modifying and releasing minor variations of the MSBlast worm, but have made little progress in catching the original author or the person or group responsible for the Sobig virus. Those attacks were serious enough to hurt Microsoft's bottom line and help security companies post more profits. New security hurdles must be addressed to prevent cyberattacks Top security experts take ZDNet's Digital Defense Test 2003. MSBlast, also known as Blaster and Lovsan, spread to as many as 1.2 million computers, according to data from security company Symantec. The worm compromised computers by using a serious vulnerability in Windows systems for which Microsoft had released a patch a month earlier. A variant of the worm, MSBlast.D, was intended to protect machines against the original program, but it ended up being so aggressive that the avalanche of data it produced shut down networks. The Sobig.F virus spread through e-mail on Aug. 19, compromising users' computers with software designed to turn the systems into tools for junk e-mailers. Calling all bounty hunters? The rewards may motivate security researchers into becoming amateur bounty hunters, but real leads are likely to come from those close to the actual miscreants involved, Peter Nevitt, director of information systems for Interpol, said in a CNET News.com interview. "It is less likely that we will have bounty hunters and more likely that we will have people that will break ranks within those in the know," he said. Keith Lourdeau, acting deputy assistant director for the FBI's Cyber Division, said that while rewards have been used in the past to garner information, there's no quantitative measure of how successful the tactic is. "In the cases that I know of, including bank robberies and major theft cases, offering a reward has generated a lot of information," he said. Sifting through the massive amounts of information will be the job of law enforcement. The decision to offer rewards for only the two latest threats doesn't preclude additional bounties to be made for other Internet attacks, such as the MSBlast.D worm, also known as Nachi and Welchia. "We wanted to earmark $5 million so there would be ample resources for the near future," said Microsoft's Smith, who said that tapping into the fund will be done case by case. "We need to make decisions (about rewards) on a variety of criteria. The severity of the virus is one criteria; another is timeliness." Smith said he hopes that Microsoft's move will put worm and virus writers on notice. "These people are the saboteurs of cyberspace sitting behind their computer screens," he said. "This is a broad problem and we need to act, not only with determination, but with a long-term resolve."
Updating Window Interesting info about updating from Worldstart. If you're running a newer version of Windows, you've probably noticed the Windows Update item when you press your Start button. What is that all about? Windows update is actually a really cool little feature. You know how Windows tends to have a few bugs? Well, these updates take care of bugs, security holes, and lots of other problematic stuff. Who knows, if you're having problems, this may actually cure them! OK, if you're NOT running XP (see below for XP instructions), click the Windows Update item in your Start menu and it takes you to Microsoft's web site. If you don't have the little Windows Update item on your Start menu, don't worry. You can still get up to date by following the link below: http://windowsupdate.microsoft.com/ Once you get to the site, you'll be asked if you want to install a plug-in. Say, "Yes." From there, your computer will be analyzed and you'll get a list of updates you can install. Oh, for those who are worried, supposedly no information is sent to Microsoft during the analysis. It's just you between you and their software. So, if you are using a "borrowed" copy of Windows you should be OK doing this :-) Anyhow, once your computer has been analyzed, you'll get a list of available updates. Just check the ones you want and then click the Download button. Keep a really good eye on the file sizes - not the download time. If you're connecting with a dial-up connection I would allow about 6 -8 minutes for each 1000K (MS tends to think in terms of high speed connections when they give you their estimated times). What updates should you get? Well, grab any critical updates for sure. Then scroll down the list and see if you spot anything else that looks useful. Don't just grab stuff 'cuz it's free - you may just be taking up hard drive space for no reason. Anyhow, once you hit the download button, you'll get a screen that shows you the progress of both the download and the install. You'll probably have to re-start after all this is over with, but that's about it. XP Users For XP Users, the process is a bit more streamlined. In fact, it should ask you via a little bubble in the system tray if you want to check for updates. After you've done this, you should be able to set things up so updates are checked for automatically and you just say "yes" when you want to download. Note that not all the updates are downloaded with the automatic option though. By default, it's only the critical updates. So, you may want to use the following method too: To manually pick and choose your updates, just click the Start button, Help & Support. Click the link for "Keep your computer up-to-date with Windows Update" under the Pick A Task category. From here, your computer will be analyzed, examined, poked, and prodded. And again, for those who are worried, supposedly no information is sent to Microsoft during the analysis. It's just you between you and their software. Once this analysis is over, you'll get a link that lets you review and install. Click that. The updates come in 3 different flavors (Critical, Windows, and Driver categories) and these are listed on the left under the Windows Update column. Click a category and choose the updates you want to add. What updates should you get? Well, grab any critical updates for sure. Then scroll down the list and see if you spot anything else that looks useful. Don't just grab stuff 'cuz it's free - you may just be taking up hard drive space for no reason. Once you're done picking updates, click the Review and Install link on the left. Hit the Install Now button and the updates will be downloaded and installed. Yeah, it seems longer and more involved than the win 9.x way, but it is more intuitive and it feels a bit easier. Happy updating!
More on WORM_MIMAIL.C New worm poses DoS attack threat Last modified: October 31, 2003 By David Becker Staff Writer, CNET News.com Security experts warned Friday of a potentially harmful new e-mail worm that is slowly spreading among corporate and home e-mail users. The Mimail.c worm, a variant of an earlier pest that achieved modest distribution by posing as a message from a company's information technology staff, was first detected late Thursday and managed to infect a handful of PCs. Craig Schmugar, a virus research engineer at security company McAfee's Antivirus Emergency Response Team, said the worm's spread already appeared to be ebbing by midday. "At this point, it looks like we're probably past the worst of it," he said. According to McAfee's description, Mimail.c spreads by e-mail, appearing in mailboxes as a message with the subject "our private photos." The body of the message promises revealing photos, if the recipient opens up an attached file saved in the Zip compression format. If the file is opened, the worm attempts to spread itself by sending messages to e-mail addresses culled from the infected PC. The worm also attempts to launch a denial-of-service attack by sending large volumes of "garbage data" to Web addresses associated with DarkProfits, a gaming enthusiast site that has been the subject of a persistent e-mail hoax. Schmugar said one of the more unusual aspects of the worm--which McAfee classified as a "moderate" threat--was its use of a Zip file, which could prove to have longer legs than the .exe files most worms try to spread. "A lot of enterprises have rules to block executable attachments, so using the Zip format could let them penetrate into the corporate environment a little further," he said. "That's why you still need good antivirus protection on the desktop." Mimail.c also spoofs the address the message is generated from, with all messages appearing to come from "James" at the same domain as the recipient.
STOP CERTAIN SITES FROM DROPPING COOKIES More from Kim. You can stop certain sites from planting cookies on your computer, if you like. In Internet Explorer, click Tools>Internet Options. Select the Privacy tab and click Edit. Enter the address of the Web site and click Block. In Netscape, click File>Preferences. Under Privacy & Security, click Cookies. Click Manage Stored Cookies. Scan the Stored Cookies list to find the site you want to block. Click Remove Cookie and select "Don't allow removed cookies to be accepted later." DELETE ALL COOKIES IN IE, NETSCAPE & AOL You can also delete all of your cookies. But if you do that, many sites will no longer know you. You'll have to enter passwords, where, before, you bypassed the password requirement. Other sites with which you do business will no longer customize their site for you. In Internet Explorer, click Tools>Internet Options. On the General tab, click Delete Cookies. In Netscape, click Edit>Preferences. Under Privacy & Security, click Cookies. Click Manage Stored Cookies. Select the Stored Cookies tab and click Remove All Cookies. If you use America Online, click Start>Control Panel (in Windows 98 and ME, click Start>Settings>Control Panel). Double-click Internet Options. On the General tab, click Delete Cookies.
INTERESTING SITES: Learn more about Will Rogers. Each site has pertinent information about the life and events surrounding Will Rogers. There is different info at each site. Will Rogers Homepage -official Will Rogers site http://www.willrogers.org/ Will Rogers Memorial & Birthplace -presented by Southwestern Bell http://www.willrogers.com/ Will Rogers General Information http://www.ellensplace.net/rogers.html Will Rogers -representives of the estate of Will Rogers http://www.cmgww.com/historic/rogers/index.php Oklahoma Tourism and Recreation Department -for further information on the Will Rogers Memorial in Claremore, Oklahoma and other State attractions http://www.otrd.state.ok.us/ Will Rogers...Flygirls -Will and female aviators http://www.publicshelter.com/flygirls/prologue/rogers.html The Wisdom of Will Rogers -quotes http://www.quotationspage.com/quotes/Will_Rogers Rogers' Home in California -photos from Will Rogers Memorial State Park near Los Angeles http://seeing-stars.com/ImagePages/WillRogersParkPhoto1.shtml Will Rogers Photos -from the silent movies http://silentgents.com/Gents.html
Here is a site that will stimulate deep thinking. Thanks to Jim Runkle for this one. Open minds and the desire to learn about religions are prerequisites for viewing this site. There is even a vehicle to help one determine their Spiritual Type. One of todays features is A review of the new ABC News special of November 3 which explored issues raised in the best-selling novel "The Da Vinci Code." How are Mary Magdalene and the Holy Grail linked? http://www.beliefnet.com/
Breathing. Everybody likes to breath but the question is are we or can we do it right? (MLF) Did you know that the average person reaches peak respiratory function and lung capacity in their mid 20's? Then they begin to lose respiratory capacity: between 9 and 25% for every decade of life! So, unless you are doing something to maintain or improve your breathing capacity, it will decline, and with it, your general health, your life expectancy, and for that matter, your spirit too! Did you know that given an optimal diet, the respiratory system should be responsible for eliminating 70% of your metabolic waste? The remainder should be eliminated thru defecation 3%, urination 8%, and perspiration 19%. So, if you think that going to the bathroom everyday is important, or that working up a good sweat now and then is healthy, think again about the value of full free optimal breathing! Did you know that most people have unhealthy breathing habits? They hold their breath or breathe high in the chest or in a shallow, irregular manner. These patterns have been unconsciously adopted, accidentally formed, or emotionally impressed. Certain "typical" breathing patterns actually trigger physiological and psychological stress and anxiety reactions! For good to optimal health, you must: Education and a Breathing Test. http://www.breathing.com/tests.htm#testtop
This is a delightful site that will conjure up many memories of the past fad of squished pennies. In my youthful days every amusement park and decent tourist trap had a squished penny machine in addition to the Lucky Penny machine. So take a virtual trip, actually you can take a physical trip. There really is a physical museum for squished pennies (trinkets of all sorts) in a row house section of Washington DC. It is pictured on this site too. http://www.squished.com/
Cool Math This one from Amanda An amusement park of mathematics. There is a Kids section, a "13-100" section, Parents, Teachers, Other Fun: Science, and a Games Section. Not to mention all the cool stuff on their front page. For those of you in college there is an online graphing calculator and other calculators. I absolutely adored their game section—talk about making math not only a mental challenge, but fun too. I love the IQ game where you have to jump pegs till there is only one left (I remember playing the real version on road trips as a kid), sadly I can only ever get it down to two. Learn about Fractals, Alegebra, Geometry, Trig, Calculus and much more, with some really helpful tips on how to suceed in math. Math was never fun for me, but this site makes it really fun and cool. http://www.coolmath.com/home.htm
The Red Mustang. Bert Rice recommends this site. It has a nostalgic theme and a very touching story. It features some good graphics of the classic Mustang. So click and enjoy http://www.pennyparker2.com/mustang.html