KCNET NEWSLETTER 03/21/04 TECHNICAL PAGE
VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
VIRUS AND OTHER STINKY STUFF Latest Bad Guys Bagle.R - Also known as: (Win32.Bagle.N, Win32/Bagle.R.Worm , W32/Bagle.R@mm (F-Secure), W32/Bagle.r@MM (McAfee), VBS.Suzer.D) Bagle.Q - Also known as: (Win32/Bagle.Q.Worm, Win32.Bagle.N, W32/Bagle.Q@mm (F-Secure), W32/Bagle.q@MM (McAfee), VBS.Suzer.D, I-Worm.Win32.Bagle.p (Kaspersky))
As of 1:08 AM PST, March 18, 2004, TrendLabs has declared a Yellow Alert to control the spread of PE_BAGLE.Q. TrendLabs has received numerous infection reports of this malware spreading in Korea and Japan. This new BAGLE variant is capable of infecting files. It propagates via email in two ways. The first is by sending emails, which do not have an attachment. Instead it contains a link, which upon opening the email, starts a series of events that eventually downloads this file infector into the system. The second is that the email may contain varying subjects, message bodies, and attachment file names, just like its earlier variants. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BAGLE.Q
Sophos warns of new twist in Bagle threat, as new variants emerge 18 March 2004 Sophos, a world leader in protecting businesses against viruses and spam, is warning of a new twist in the Bagle virus saga. Two new variants, W32/Bagle-Q and W32/Bagle-R, use a different method of infection in an attempt to bypass anti-virus protection at the email gateway. Unlike most email viruses, the two new Bagle worms do not carry email attachments, making them difficult to spot. Infected messages have a random subject line chosen from the following list: Re: Msg reply Re: Hello Re: Yahoo! Re: Thank you! Re: Thanks :) RE: Text message Re: Document Incoming message Re: Incoming Message Re: Incoming Fax Hidden message Fax Message Received Protected message RE: Protected message Forum notify Request response Site changes Re: Hi Encrypted document If a user opens the message - and their version of Microsoft Outlook has not been patched against a five-month old critical vulnerability - malicious code is automatically downloaded. Once installed, the worms halt a wide range of security applications, potentially opening up your computer to further virus or hacker attack. The worm will also attempt to spread via file-sharing networks and infect other executable files. "All computer users should be wary of this worm - we've already had reports from some parts of the world - particularly Korea, which is known for its uptake and use of technology," said Graham Cluley, senior technology consultant at Sophos. "Exploiting a security loophole in the popular Microsoft Outlook email system means these worms have the potential to hit hard. Both home and business computer users need to make sure they are patched against all vulnerabilities." To prevent infection, Sophos recommends that users update their anti-virus software against the latest threats. Users should also patch against all security vulnerabilities. Businesses can also protect themselves at their firewall, preventing computers on their network from downloading the worm from outside. "Bagle is a wake up call about the need for holistic security. By keeping on top of security patches, anti-virus software updates and ensuring firewalls are properly installed, users can lessen their chances of getting hit," continued Cluley. "If you don't patch yourself against these kind of threats, you shouldn't be surprised if a worm bites you on the backside". The patch against the Microsoft Outlook security vulnerability can be found at www.microsoft.com/technet/security/bulletin/MS03-040.mspx. Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems scanned for Microsoft security vulnerabilities. Sophos recommends the following precautions against the W32/Bagle-Q and W32/Bagle-R worms: * Get and apply the latest Internet Explorer/Outlook Express patches from Microsoft. This prevents the automatic download of the virus. * Disallow connections to TCP port 81 through your network firewall. Blocking outbound port 81 connections stops computers on your network from downloading the worm from outside. Blocking inbound port 81 connections means that even if you do get infected you will not pass the virus on to others.
This from Trend Micro As of March 15, 2004 3:55 AM PST TrendLabs has declared a Yellow Alert to control the spread of PE_BAGLE.P. This virus searches for files with certain extension names, from which it gathers target recipients. Using its own SMTP (Simple Mail Transfer Protocol) engine, it sends out email messages with a spoofed return address to the gathered email addresses and adds itself as an attachment. This virus also spreads by dropping files in folders that have the text string "shar", for example, C:\Program Files\Kazaa\My Shared Folder. It attempts to prevent the automatic execution of NETSKY variants by deleting certain registry entries. It has backdoor capabilities. It opens TCP port 2556 and waits for incoming commands from a remote user, who must send specially–crafted data or packets to be able to command this virus. It also has the ability to terminate certain process, which are usually related to antivirus and firewall applications. It runs on Windows 95, 98, ME, NT, 2000 and XP.
MORE FROM TREND MICRO ON BAGLE P
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THEN THE NEXT SUGGESTION IS FOR YOU. Free Virus scan. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/us/us_dwnl_free.php Another good free program to take a look at is: http://www.free-av.com/
This list from Trend Micro represents the top 10 reported threats March 5, 2004 to March 11, 2004) 1. WORM_NETSKY.D 2. WORM_NETSKY.C 3. WORM_NETSKY.B 4. WORM_LOVGATE.G **5. WORM_BAGLE.GEN-1 6. WORM_MYDOOM.A 7. PE_VALLA.A 8. WORM_MOFEI.B 9. PE_NIMDA.E 10. JAVA_BYTEVER.A
**Links for WORM_BAGLE.GEN-1 WORM_BAGLE.F WORM_BAGLE.H WORM_BAGLE.I WORM_BAGLE.J WORM_BAGLE.K WORM_BAGLE.G
Tried and Untrue Viruses and Warning Letters of Impending Doom. Believe it or not, the amount of harm done by sending false computer virus alarms and letters of impending doom to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus or latest doom warning, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your antivirus software provider probably knows about it too and already has an update for it. Sophos supplies this current information about actual hoaxes. Look at them. Read about them. If you are sent one of them, delete it.
Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.quatloos.com/ http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.sophos.com/virusinfo/hoaxes/ http://www.truthorfiction.com/
TECHNICALLY SPEAKING: Microsoft Windows Security Update CD This was in a recent Langalist Newsletter. Security Updates On CD, Free. I know that many of you may already know, but it's worth making sure everyone hears that Microsoft is now offering a free, ready-made CD with security patches for XP, Me, 2000, 98, and 98SE: This could be a great help for people who re-install and have a slow connection for downloading security patches.---David Sherman "The Windows Security Update CD will be shipped to you free of charge. This CD includes Microsoft critical updates released through October 2003 and information to help you protect your PC. In addition, you will also receive free antivirus and firewall trial software: http://www.microsoft.com/security/protect/cd/order.asp " Thanks, David, and everyone else who wrote in. Note that this CD won't get you fully up to date, but it will cover the older, most-important patches. I assume that the costs of the CD are being borne in full or part by the vendors of the bundled AV and firewall tools. I haven't seen the CD yet, so I don't know how aggressively they might try to install themselves, or what other "gotchas" there might be. But still, it could be handy having the patches preassembled on CD. As long as you're careful--- read the licenses, and select a "custom" install, if one's available--- it's probably worth having the CD I'm going to wait until some of these reputable pros like Fred Langa and Patrick Crispen, try 'em, like 'em and then write about 'em first. (Mike)
Sree - The Tech Guru Sree has been the Tech Guru of ABC-7 & 7online.com since December 2001. His weekly appearances on Thursday mornings at 6:45 a.m. can be seen in the New York City area at 6:45 a.m. (and once a month on Sundays). An accompanying Web column and Real Video version of his segments are available here on 7online.com. His segments cover technology trends, new gadgets and online issues. (I get him on Dish as the local ABC Channel (Mike). Sree believes that computers are too complicated and make users feel dumb, when, in fact, it's the machines that are dumb. He also thinks there's too much hype and confusion about technology and consumers can fight back by being better informed. In a small way, his stories try to help viewers become better informed about technology. When he is not working at ABC-7, Sree teaches at Columbia University's Gradute School of Journalism, where he is an associate professor focusing on new media journalism. He also teaches workshops in "Smarter Surfing: Better Use of Your Web Time" and new media storytelling in various newsrooms and educational institutions around the US and abroad. Here is a recent column from 7online.com According to our unscientific viewer poll here are the top issues facing home computer users: TOP HOME COMPUTER ISSUES * Become Obsolete: 26% * Junk E-mail: 21% * Pop-up Ads: 19% Those were the numbers as of Tuesday night - you can continue to vote on our site, or express yourself on our message boards: Here are some suggestions about what you can do for each problem. COMPUTERS BECOME OBSOLETE: Buy more RAM (you should have at least 256 MB, if not more). If you are buying a new PC, look specifically for expandability options. In the end, don't worry too much about it becoming obsolete. The industry (and the ad folks) always want you to upgrade, but you don't always need to. Here's some good background info on upgrading individual parts. http://www.fonerbooks.com/upgrade.htm JUNK E-MAIL: The two products I recommend are iHateSpam.net - which works by filtering e-mail based on complicated calculations about what is spam; and the other is DigiPortal.com - which works by asking new people writing to you to ID themselves. Both approaches work well, but for different kinds of folks. See what works for you. Try iHateSpam.net or DigiPortal.com.
Federal Trade Commission - ID Theft This one from Worldstart. A growing problem facing both businesses and consumers is ID Theft. If you do a lot of shopping online (like I do) than this site will be priceless to you. First I would check out the "What is Identity Theft" Section. You can view it text or pdf—it's your choice. This guide goes through and explains how these thieves can get your information and use it. It also explains some things you should do if you think your identity has been stolen. If you do think your identity has been stolen, you should read the home page of this site and follow the four steps on it. It is very important to get things taken care of as soon as you think your identity has been stolen because the quicker you can get these steps into action the less time the thief has to ruin your good name. Now I'm going to recommend reading the following guides: ID Theft - When Bad Things Happen to Your Good Name 2003 Identity Theft Trends Information Compromise - Business Guidance (this is great for business owners) I suggest you read through this site thoroughly and make note of the things you can do to protect yourself. I do still believe that it is safe to buy online, so long as you do it wisely. Shop at places that have secure shopping carts (like Worldstart). You can tell if they are secure if the little lock comes up at the bottom of your browser. If you do your banking online make sure you change your password every three to six months. If you're buying off of Ebay or Amazon make sure that you read user feedback on the person you are buying from. If it says they aren't a good seller, or there are complaints of people being cheated by them, don't buy from them. Just be Safe. http://www.consumer.gov/idtheft/
Worldstart answers a question that pops into my cranium every once in a while - 32X, 48X, just what is the X worth? I don't remember anyone trying to stump Kerry with that question when we studied CD ROMing in the Advanced Users Class. (that's Kerry Clausen not the other Kerry) (Mike) I see CD-ROM drives speeds listed at 24x, 32x, etc. What does that mean? It means that the CD-ROM drive is that many times faster than the original Proto-CD-ROM drive from caveman times. Just how fast was that? Well, the original CD drive transferred data at a rate of 153,600 bits per second (bps). If you have a CD-ROM drive that has a read speed of 32x, then data transfers at 4,915,200 bps! The same goes for the write/re-write speed on your CD-R or CD-RW drive. If it is 8x, then it writes data at 1,228,800 bps. We've come a long way in a short time!
Search upstarts storm Google's gates By Stefanie Olsen Staff Writer, CNET News.com As speculation of a Google public offering hits a fever pitch, would-be rivals are combing over the company's business and technology for signs of weakness that could cut short its reign as the king of Web search. Analysts have already forecast a protracted and difficult battle among Google and Net titans Yahoo and Microsoft, which have both carved out Web search as a key piece of their businesses. Below the radar, Google also faces Lilliputian threats from a fast-growing group of start-ups that hope to replicate its own meteoric rise from unknown upstart to Internet powerbroker. While most of these companies are long shots, a handful have begun to garner attention from analysts and investors thanks to new technologies that expand on Google's formula and take it in entirely new directions. At the top of the list are companies like Quigo and Industry Brains that aim to improve on search engine advertising techniques. A second group, including Mooter, Eurekster and Dipsie, are advancing ways for people to get personalized query results, something that both Google and Yahoo also are hoping to perfect. Others are developing search tools tailored to specific localities as well as visualization features to assist in better targeting search results around specific topics. "Search is a hypergrowth area," said Alan Meckler, chief executive of Jupiter Media. "There will be lots of special smaller players that without going public will be worth between $20 million and $100 million annually." Search engines are a hot commodity because they've shown they can make money through pay-per-click advertising programs pioneered by Yahoo subsidiary Overture Services. Search engine advertising is one of the fastest-growing segments of the rebounding Internet marketing sector and helped Yahoo's earnings grow 84 percent last year. With recognition has come respect, and search is fast becoming a research and development priority for some of the biggest players in technology, including Microsoft and IBM. Partly as a result, some analysts now predict it's just a matter of time before Google loses its dominance to rivals in at least some areas of the search market. Much more to this article at: http://news.com.com/2100-1038-5172198.html?part=dht&tag=ntop
This one from Worldstart with a couple of comments thrown in by Mike. Scan disk could not be explained any better. Review to some and New to others plus maybe a different way to some. When I try to run Scan Disk it keeps resetting. How can I get it to run? First off, for anyone out there unfamiliar with Scan Disk, head to: http://www.worldstart.com/tips/computer-terms/termscandisk.htm OK, ready? Here's the tip: Scan Disk will keep resetting if Windows is performing background tasks. Many times you are not even aware that these are happening, nevertheless they are there and can get in the way of a good scan. There is a way to get around this: just as your computer starts to boot up (before the Windows "splash screen" appears), keep hitting F8 on your keyboard. A menu should come up. Choose the SAFE MODE option then run Scan Disk following the normal procedure and it should work just fine. When done, re-set your computer and be sure to switch back to normal mode.
Windows 95/98/ME Users: Click on the Start Menu then select Programs, Accessories, System Tools, then Scan Disk. Select the drive you would like to check, then select the type of test you would like to run (standard or thorough). I recommend choosing "Thorough" and also choose "Correct Errors" (Mike) Finally, click Start.
WindowsNT/2000/XP Users: What a circus we have here but everything will work if you follow the directions. (Mike) What we all came to love as "Scan Disk" is not called "Error Checking" (a rose by any other name would smell as sweet...) Double click your My Computer icon. Right click on the C: drive. Select Properties then choose the Tools tab. Under Error Checking, click the Check Now button. A dialog box will pop up, check both check boxes and click Start. A dialog box will pop up telling you, "The disk check could not be performed because exclusive access to the drive could not be obtained. Do you want this disk check to be scheduled the next time you restart the computer?" (I don't know why you would go through all of this if you didn't want to click "yes" and why Microsoft held this over with 2000 and XP, but in their infinite wisdom they did! There may be good reasons to back down now but I can't think of any, so boldly click the Yes button! I guarantee it won't hurt a bit. P.S: While in Safe Mode, you may want to run defragment as well. By the way you should do Clean Disk first then do Scan Disk and then Defrag. (Mike)
INTERESTING SITES: Crop circles are not a modern phenomenon. Text by Freddy Silva. This is a must look! This site was last updated in March of 2004. I was visitor 1,473,168. The photos are tremendous and the information concerning actual events versus hoaxes is quite interesting. There are hours of reading and viewing available. You will want to visit in sessions instead of a one time shot and then - adios, hasta la vista, sayonara, and "see ya later alligator. I'm expecting to spend more time there. (Mike) Crop Circles: They are mentioned in academic texts of the late 17th Century, and almost 200 cases – some with eyewitness accounts – have been reported prior to 1970. Since then, some eighty eyewitnesses as far flung as British Columbia and Australia have reported crop circles forming in under twenty seconds; cases are often accompanied by sightings of incandescent or brightly-coloured balls of light orshafts of light. Serious attention was finally given to the phenomenon in 1980 in southern England. The designs appeared primarily as simple circles, circles with rings, and variations on the Celtic cross. In the late 1980s they developed straight lines, creating pictograms not unlike petroglyphs found at sacred sites thoughout the world. After 1990 the designs developed exponentially in complexity, and today it is not unusual to come across crop glyphs mimicking computer fractals and elements expressing fourth dimensional processes in quantum physics. Crop circles have also increased increased in size, some occupying areas as large as 200,000 sq ft. To date there have been over 10,000 reported crop circles throughout 28 countries, with some 90% emerging from southern England. The home page links to the following topics: A Brief Education of Crop Circles, The History of Crop Circles, Biophysics of Crop Circles, Is sound Creating Crop Circles, and Books/Posters/Crop Art http://www.lovely.clara.net/homepg.html
The Bubblesphere Thanks to Amanda for this one. This site is so neat, and is all about bubbles. Bubble blowing originated in the 18th and 19th century and is still popular today. I know that I still enjoy getting out the catnip bubbles I have and playing chase the bubbles with my cats. Bubbles are a very light hearted form of enjoyment and there are so many ways to make bubbles. Using as little a a piece of wire wrapped into a loop and some bubble solution or soap you can have hours of fun blowing bubbles. Here at this site you can learn all about the history of bubble blowing, find new ways to blow bubbles, and you can even follow the journeys of Professor Bubble. I loved the "Solutions" section where you can find out how to make your own bubble solution and there are even several different formulas depending on the kind of bubble you want to make. There is an ingredient list, and you might be surprised by what is on it. Check out "Tools and Formulae" to find this information and don't forget to scroll to the bottom of the solution page for more options. The "History" section was a very interesting read. Why don't you find out how Pear Soap helped make bubble blowing popular? Check out the "References" section and click on the Video/Film link in the paragraph on the page. This takes you to the Film page, here you can download videos of Bubble performers. I watched all of them and it was well worth my time. I had no idea some of the things you could do with bubbles. There are three games you can play on this site. Bubblechase, Bubble Pop, and Tic-Tac-Bubble. The Bubble Pop was a lot of fun you have to see how many bubbles you can pop in twenty seconds my highest score was 245. There are a ton of neat things to do and learn at this site. Don't blow this one off. http://bubbles.org/
Discontinued items Kim Komando found a good one. Here's your one-stop shop for discontinued items. This Web site isn't a store; rather, it is a comprehensive directory. You can search by region, category or keyword. This is great if you need to replace an old broken china dish. Or, perhaps your favorite lipstick or fragrance is no longer sold. You can even find vintage cars! http://www.discontinueditem.com/
Just in case you want to know what is in that burger or fry you just ate at McDonalds. http://www.mcdonalds.com/app_controller.nutrition.categories.ingredients.index.html#2
A look back Another good site from Kim Komando If a picture is worth a thousand words, today's site is probably worth a billion. Be prepared to spend a lot of time at today's site. It's a fascinating look at American history through pictures and drawings. Over 200 years is on display. Each picture is accompanied by background information and dates. The pictures and drawings cover a variety of themes -- arts and entertainment, wars and conflicts, civil rights, science, people and more! http://www.picturehistory.com/
He looks like a Josh. She looks like a Susie. This one can be fun. I do not do well here. In fact I have not guessed the right name one time on the first go-round. I always thought that people resembled their first name. Maybe so, but not in my data base of faces vs names. Give it a try. I'll bet you become frustrated too. http://www.zerotv.com/namegame/index.cfm?game=now
COMPUTER GRIPING for FUN and REVENGE Misled by new software? Despise your Dell? Gateway got your goat? File your gripe with the Griping Professionals. http://www.computergripes.com/