KCNET NEWSLETTER 01/04/04 TECHNICAL PAGE
VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
VIRUS AND OTHER STINKY STUFF Of Dying Viruses and Dangerous Xmas Cards By Jay Munro December 23, 2003 While antivirus vendors have reported several new viruses and malicious attackers in the pastweek, we have not seen any new large scale outbreaks. However, the ghosts of virus past are still with us -- Klez, Blaster, Swen, Bugbear, Dumaru, Mimail, and Welchia\Nachi all hauntthe top ten. According to virus analysts, the Welchia\Nachi worm has only another week orso to live, as it is supposed to remove itself in 2004. Despite this fact, it is still infecting at a good rate, so we are featuring it in our top threat this week.. 2003 may go down in history as the year of the spammer, as there has been more spam sent and received than in any other year. eWeek reported Monday Dec 15th that a judge in California ruled to allow pop up spammers to continue to operate for the time being. One spammer, in particular, was sending Windows Messenger Service popups to PCs that were not running a firewall or had the service turned on (it's on by default in Windows XP/2000). The ruling may trigger more spammers to try their hand at that kind of advertising. If you're being plagued by these pop-ups, check our tip from Nov 11th. Though there haven't been any reports as of mid December, computer users should be on guard for virus infected Christmas Card spam. UK Technology newsletter Vnunet reports that experts arewarning IT departments that hackers are preparing Christmas card e-mails that download viruses. Using Internet Explorer's default behavior to open JPG or GIF files automatically can put users at risk of infection. Vnunet explained that even if the file is not a GIF or JPEG, IE will try to guess the content type and attempt to open it. While we were unable to get an .EXE to run by renaming it to a .GIF or .JPG on IE 6.0 and the latest security updates, it may be possible under some circumstances. To avoid getting stung with a Christmas card virus, keep your antivirus up to date, and don't open email if you don't recognize the sender. If you use Outlook or Outlook Express, turn off your auto preview(see Security Watch tip) to keep from accidentally opening a message. Outlook 2003 users will have less to worry about, since automatic image displaying is off by default. Speaking of Outlook 2003, Microsoft has just released an update for the spam filtering feature. Since many e-mailed holiday cards are done in Flash, now would be a good time to get Macromedia's latest flash fix. Rated as an "important" update, the new Flash player version 7.0.19.0 fixes a problem that could allow a malicious exploit of a Flash data storage vulnerability. More information is available on Secunia.com's site.
Troj/Antikl-Dam From Sophos The big deal is do not respond. Troj/Antikl-Dam is a corrupt (truncated), non-executable Trojan that is being seeded via an email that contains the following text: "Dear customer, The security of your personal and account information is extremely important to us. By practicing good security habits, you can help us ensure that your private information is protected. Please install our special software, that will remove all the keyloggers and backdoors from your computer. And will help us to prevent credit card fraud in future. Thank you. Best regards, <name>" where <name> has been seen to be the name of a banking institution. The From address is likely to be admin@<banking institution>.com
W32/Agobot-BT Also from Sophos W32/Agobot-BT is a network worm which also allows unauthorized remote access to the computer via IRC channels. W32/Agobot-BT copies itself to network shares with weak passwords and attempts to spread to computers using the DCOM RPC and the RPC locator vulnerabilities. These vulnerabilities allow the worm to execute its code on target computers with System level privileges. For further information on these vulnerabilities and for details on how to protect/patch the computer against such attacks please see Microsoft security bulletins MS03-001 and MS03-026. MS03-026 has been superseded by Microsoft security bulletin MS03-039. W32/Agobot-BT copies itself to the Windows system folder as sysinfo.exe and creates the following registry entries to run itself on system restart: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ Configuration Loader HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ Configuration Loader Each time W32/Agobot-BT is run it attempts to connect to a remote IRC server and join a specific channel. W32/Agobot-BT attempts to terminate various processes related to anti-virus and security software (e.g. SWEEP95.EXE, BLACKICE.EXE and ZONEALARM.EXE).
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THEN THE NEXT SUGGESTION IS FOR YOU. Free Virus scan. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/us/us_dwnl_free.php Another good free program to take a look at is: http://www.free-av.com/
10 Most Prevalent Viruses for 2003 Surveyed by Sophos 1. W32/Sobig-F 2. W32/Blaster-A 3. W32/Nachi-A 4. W32/Gibe-F 5. W32/Dumaru-A 6. W32/Sober-A 7. W32/Mimail-A 8. W32/Bugbear-B 9. W32/Sobig-E 10. W32/Klez-H
Tried and Untrue Viruses and Warning Letters of Impending Doom. Believe it or not, the amount of harm done by sending false computer virus alarms and letters of impending doom to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus or latest doom warning, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your antivirus software provider probably knows about it too and already has an update for it. Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.sophos.com/virusinfo/hoaxes/ http://www.truthorfiction.com/
Thanks Jon Wayne says I have too much hair.
TECHNICALLY SPEAKING: The OS War elevates a level! This could have great ramifications. (Mike) The beginning of the end of Java as we know it? By David Berlind of ZDNET Though the two companies appear to be cooperating more, especially in the area of Web services, the desires of IBM and Microsoft to vanquish one another should not be underestimated. IBM and Microsoft routinely argue that their cooperation, which is producing de facto standards at a record-breaking pace, is happening for the benefit of their customers. But standards, especially Web services standards, also facilitate the substitution of one platform for another. In this case, Java for .Net and vice versa. Nothing would please either company more than to win one of the other's customers by booting out the incumbent run-time environment. Behind the scenes of this industry's most important struggle for supremacy, Microsoft must be grinning. Only one company is in control of Windows and .Net and all that goes with them, including the various approachable entry points (Microsoft Office, Visual Studio, etc.) and their respective development environments, which share some commonalties. When Microsoft has to make a change to any of its technologies to advance its agenda, it's largely unencumbered by external forces. But in the Java world, where IBM is heavily bound, the consensus within the Java Community Process (JCP) controls the software ecosystem. If any single vendor has more influence than others, it's Sun. Change and advancement in the interest of one company's agenda are subject to politics, which have historically driven wedges into the Java community. In fact, Microsoft couldn't have executed a better divide-and-conquer war plan than the one that's being handed to it on a silver platter. The two fronts on which Java unity most matters when facing the stiff wind from Redmond are the application server front and integrated development environment (IDE). Respectively, these platforms are where Microsoft's Windows .Net Server is battling with several Java 2 Enterprise Edition (J2EE)-based application servers, and where Visual Studio is competing against two primarily Java-driven IDEs. These two arenas, with the mobile run-time environment running a distant third, are where the war between Java and .Net will be fought most vociferously. Fortunately for Microsoft, it is precisely on these two fronts where the fractures in the Java community run the deepest. Read more: http://techupdate.zdnet.com/techupdate/stories/main/the_beginning_of_the_end_of_Java.html
Microsoft Word eTip In Summary, a Very Neat Trick In the category of "How the heck did they do that?" comes Word 2003's Auto Summarize tool. Just like those pre-highlighted, used college textbooks, this tool takes any document and immediately fishes out all the relevant points, highlighting them on screen. To Auto Summarize a document, choose Tools, Auto Summarize. Heed the steps on the screen. In a few minutes (longer if your computer is unplugged), the AutoSummarize dialog box appears. Click OK. (You can peruse the options in the Auto Summarize dialog box on your own, if you like; clicking OK generally does what you want it to do.) Splat! Your document then appears on the screen with relevant parts highlighted in yellow. Also visible is an Auto Summarize floating palette. To return to normal editing mode, click the Close button on the Auto Summarize palette. So what should you use this feature for? Well, if one of your New Year's resolutions is to use one of the more obscure features of Word 2003, then you've just accomplished it.
Another eTip This one for the Genealogy challenged. Sounding Out the Soundex System Occasionally, when you submit surname (last name) searches in online genealogy databases, you are given the opportunity to submit a name under the Soundex system. The Soundex system is an attempt to account for surnames that sound the same or sound alike but are spelled differently. For example, instead of conducting four different searches for Christian, Christianson, Christiansen, and Christiani, you can conduct one search with the Soundex code C623. Here is how the Soundex code works Each name, no matter how long it is, comprises exactly four alphanumeric characters, with oneletter and three numbers. The first letter of the name is the first letter of the code. Each consonant in the name (vowels are excluded) is assigned a number using the Soundex key: 1= b, f, p, v; 2 = c, g, j, k, q, s, x, z; 3 = d, t; 4 = l; 5 = m, n; 6 = r. The following lettersare disregarded and thus not assigned a number: a, e, h, i, o, u, y, w. Zeroes are used if the end of the name is reached prior to three digits. Confused? Fortunately, a handful of Web sites have come to the rescue and can convert a name to a Soundex code in the wink of an eye. Soundex codes really are a more efficient way of searching databases. To convert a name to its Soundex code, visit one of these Web sites: Soundex Converter http://www.ourancestry.com/soundex.html The Soundex Machine http://www.archives.gov/research_room/genealogy/census/soundex.html
Get that Classic look. A pair of XP helpers. Thanks to Worldstart. I just upgraded to Windows XP and it's so hard to find stuff in the control panel. Is there an easier way to find where everything is? By default, the control panel is in "Category View", so when you open it you see 10 categories (Appearance, sound, etc.) to choose from. That can make it hard to find what you want. If you notice on the right side there is a link marked "Switch to Classic View". Click there and you will be magically taken to more familiar territory. Not only are your old friends there, like "Add or Remove Programs", but some new friends and descriptions of what they do.
Customize the XP Start Menu You know about the "Start" button, right? It sits down in the lower left-hand corner of the toolbar waiting to be clicked whereupon it shall reveal its wealth of information. But what if you click it and you don't like the way it looks? This is especially true for nostalgic Win 98 users who were dragged kicking and screaming to Win XP. Well, you can get some relief, and have fun, with the Start Menu properties. Just right-click Start and choose "Properties". If you want your Start Menu to look like good 'ol Win 98, then select "Classic Start menu", otherwise leave it where it is for XP. Next, click "Customize" to see all the things you can change. Would you like large or small icons? How many programs do you want showing? Do you want a browser or email client displayed? Now choose the "Advanced" tab to tweak the items on the left-hand side of the menu: Search, My Music, Run, etc. Once you have everything set, click OK. You can easily control how much, or how little appears in your Start Menu. Yeah!
MAINTAINING ASSOCIATIONS FOR YOUR FILES From Kim Komando This is an easier way than I have been teaching to designate default opening programs. It is amazing how many different ways Windows allows one to do a single task (Mike). Programs that play audio files like to be the top dog. When you install them, they'll ask if you want them to be the ones that automatically run multimedia files. Don't accept that if it's not what you want. If you've already made that mistake, associations are easy to change. In XP, go to Windows Explorer and click on a file with the proper extension. For instance, if you want to change the program that plays MP3 music files, find such a file and right-click it. Put your cursor on Open With and click Choose Program. Select the program you want to use, using the Browse button, if necessary. Select "Always use the selected program to open this kind of file." Click OK. In Windows 98 or Windows ME, press and hold the Shift key and then, right-click the file name. Click Open With. The process is similar in Windows 2000. WOW That's easy!!!!! (Mike)
INTERESTING SITES: Snow Sculps No ordinary Frosty the Snowman in this arcade. Please enjoy our photographs of the International Snow Sculpture Championships, held in Breckenridge Colorado! This event takes place in late January/early February, every year -- Sculpt photos from the 2003 event it was the 13th year! There is still time to enter the 2004 event. http://www.themoens.com/Photos/Events/snowSculpture/y2003/main.htm
THE STRAIGHT DOPE Good site to get answers to life's difficult questions. (Mike) Hello and welcome to the official Internet home of Cecil Adams, World's Smartest Human Being, and his famous syndicated column The Straight Dope. Here you will find all manner of things relating to the column and the vast Straight Dope media empire. http://www.straightdope.com/index.html
Extraordinary Dogs Thanks to Amanda As an animal lover, I am always looking for animal sites to share my love of them with you. Well I found another winner with Extraordinary Dogs. It is about, amazing canines whose hard work, love, and devotion not only enhance human life, but change it. There are five extraordinary dog stories in the Story section. They have pictures of the dogs and tell why they are extraordinary. Each story also has a quicktime movie if you want to watch them. See rescue dogs, therapy dogs, scout dogs, and much more. There is a fun facts section too. I found out about a dog museum in St. Louis, Missouri. Do you want to know why dogs smell everything? Or if they dream? Then this is the section for you. In the Dog Certificate Section you can make a certificate for you dog, and why your dog is extraordinary. Then there is the jokes section. It has links to some jokes sites and some good riddles. This site is a treat! http://www.thirteen.org/extraordinarydogs/
Cals Gallery Jack Laubscher suggested this site. I recommended it last spring. I accessed the site this past week and found new Galleries to view. Cal is a master, the photography is awesome and well worth a visit or revisit. http://www.wtv-zone.com/cal555/index.html#galtwo
MAKE YOUR OWN SNOWFLAKES Kim Komando suggested this one. This week's hands on site. Create and post your own it is fun. Have you ever folded a sheet of paper and made a snowflake? Intricate designs are possible with just a little work. You can do the same thing on your computer. Check out Make-a-Flake. It folds and trims a sheet of paper. Then you cut a design into the sheet. It is opened and--voila--you have your snowflake. It's at: http://snowflakes.lookandfeel.com/ While you're there, check out the one Kim Komando did. It's at: http://snowflakes.lookandfeel.com/viewflake.php?id=1563276 While there check out the one I did (Mike) http://snowflakes.lookandfeel.com/viewflake.php?id=1808652