KCNET NEWSLETTER 05/09/04 TECHNICAL PAGE
VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
VIRUS AND OTHER STINKY STUFF Friday, April 30 - Friday, May 07 According to Sophos, a leader in Anti Virus Software development, 19 new/improved viruses which required Anti Virus upgrades were released into cyberspace via email.
KCnet's antivirus program caught and "defanged" 4,190 email viruses yesterday. This was just one day and is similar to every day lately. Viruses are still coming in by the buckets. Nearly 36,000 spam messages were refused.
The next writings were copied from a Microsoft Security Bulletin sent via email. (Sasser attacks XP, 2000, & NT users. It will not affect Windows 95,98. & ME) Microsoft has verified that a malicious worm known as W32.Sasser.worm and variants of that worm are spreading on the Internet. You can help protect your computer by downloading and installing Microsoft Security Update MS04-011. You can find more information on this update at: http://go.microsoft.com/?LinkID=466770 If you have already installed the update, you are protected from the worm. If you have not already installed the update, you can download and install it from the Windows Update Web site. The update is listed in the critical updates under the update number 835732. http://windowsupdate.microsoft.com If you think your computer may be infected by W32.Sasser.worm, find out for sure and learn what you can do to remove it by visiting the What You Should Know About Sasser page at: http://www.microsoft.com/security/incident/sasser.asp BEWARE OF BOGUS BULLETINS If you receive an e-mail message that claims to contain a Microsoft software update, it is probably a virus trying to trick you into infecting your computer. Microsoft never widely distributes software in e-mail messages. Learn how to spot a bogus bulletin: http://www.microsoft.com/security/antivirus/authenticate_mail.asp ABOUT THE MICROSOFT SECURITY UPDATE The Microsoft Security Update is an e-mail alert service designed for home users and small businesses that provides information about Microsoft security updates and virus alerts. Microsoft also uses this service to make subscribers aware that they might need to take action to guard against a circulating security threat. You have received this update because you are a subscriber. Additional Resources: *PROTECT YOUR PC: Microsoft has provided information on how you can help protect your PC at: http://www.microsoft.com/security/protect/ *SECURITY WEBSITE http://www.microsoft.com/security/ *HELP PROTECT YOUR PC FROM MASS-MAILER WORMS, SUCH AS BAGLE AND NETSKY http://www.microsoft.com/security/incident/mass_mailer.asp *SECURITY BULLETIN SEARCH TOOL http://www.microsoft.com/technet/security/current.aspx *SECURITY NEWSGROUPS http://go.microsoft.com/?LinkID=436862 *SECURITY NEWSGROUPS TOP 10 QUESTIONS AND ANSWERS http://go.microsoft.com/?LinkID=436863 Support: Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338) in the United States and Canada only. There is no charge for support calls associated with security updates. International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found at: http://support.microsoft.com/common/international.aspx
Sasser.a and Sasser.b Worm Alert! This one from ZDNet Sasser and its variations are network-aware worms that do not require e-mail or user interaction to spread. Sasser takes advantage of a buffer-overrun flaw in the Local Security Authority Subsystem (LSASS), which allows an attacker to gain control of infected systems. Microsoft patched the flow with MS04-011on April 13. The worms use a bootstrap effect to infect new machines first then download the full code from a previously infected machine later. Sasser (w32.sasser.a) and Sasser.b (w32.sasser.b) are both 15,872 bytes in length and randomly scans local networks and the Internet to look for additional systems to infect. This scanning could slow normal traffic on the Internet. Vulnerable systems include Windows 2000, Windows XP, and Windows Server 2003 that have not installed the Microsoft Security Bulletin patch MS04-011, and are not running desktop firewall software. Sasser does not affect any other version of Windows, nor Linux, Unix, Mac OS, or any other operating system. Microsoft has created a special page on how to prevent a Sasser infection. Basically, a desktop firewall should protect vulnerable systems until the Microsoft security patch can be downloaded. If you do not have a personal firewall, you should install one first to limit the affects of the Sasser worm. The Microsoft security patch MS04-011 is available here.
Tool Removers for Sasser: Review Additional Technical Resources If the scanning and cleaning tool does not work for you, try using one of the free worm removal tools available at these antivirus software vendors' Web sites: * Computer Associates * F-secure * Network Associates * Norman * Panda * Sophos * Symantec * Trend Micro If you prefer to remove the worm manually (for advanced users only), see the Microsoft Product Support Services (PSS) Security Response Team alert for technical guidance. IT professionals can get a technical status report on Sasser by watching the May 4 "Technical Update on the Sasser Worm" webcast.
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THIS NEXT SITE IS FOR YOU. Free Virus scans. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Computer Associates, another reputable and reliable anti virus developer introduced a new free program which allows anyone to do a virus scan without downloading any software or registering for an anti virus program. You must use Internet Explorer for access to Computer Associates and to perform the scan. This is a good one and very simple to operate The address is http://www3.ca.com/threatinfo/virusinfo/scan.aspx
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/us/us_dwnl_free.php Another good free program to take a look at is: http://www.free-av.com/
This list from Trend Micro represents the top 10 reported threats April 23, 2004 to April 29, 2004) 1. WORM_NETSKY.P 2. WORM_NETSKY.D 3. WORM_NETSKY.B 4. HTML_NETSKY.P 5. WORM_NETSKY.Q 6. PE_FUNLOVE.4099 7. WORM_MOFEI.B 8. PE_VALLA.A 9. WORM_NETSKY.C 10. PE_NIMDA.E
Tried and Untrue Viruses and Warning Letters of Impending Doom. Believe it or not, the amount of harm done by sending false computer virus alarms and letters of impending doom to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus or latest doom warning, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your antivirus software provider probably knows about it too and already has an update for it. Sophos supplies this current information about actual hoaxes. Look at them. Read about them. If you are sent one of them, delete it.
Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.quatloos.com/ http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.sophos.com/virusinfo/hoaxes/ http://www.truthorfiction.com/
TECHNICALLY SPEAKING: Lancashire man arrested in first UK "phishing" case. This report from Sophos. 21-year-old man is the first to be arrested in the UK for suspected "phishing" British police have arrested a 21-year-old man for "phishing" in what is said to be the first case of if its kind in the UK. The man, from Lytham St Anne's, Lancashire, was questioned in connection with an incident designed to steal account details from users of the Smile online internet bank. Smile informed the National Hi-Tech Crime Unit (NHTCU) of the fraudulent email, directing users to a bogus website, in March. "There has been a steady increase in "phishing" attacks where criminals attempts to steal bank account information from innocent computer users. "Phishers" have spammed out messages asking users to enter their passwords, PIN and credit card numbers on websites cunningly disguised to look like a genuine internet bank." said Graham Cluley, senior technology consultant for Sophos. "If they don't take proper precautions, innocent users can find their online bank accounts have been plundered by criminals." Other "phishing" attempts have included bogus emails claiming to come from a number of banks including Wells Fargo, Nationwide, NatWest, Barclays, Westpac and Halifax. "The people behind these emails are common criminals, intent on stealing your cash," continued Cluley. "Any user who receives a bogus bank email should inform the bank immediately so that they and the legal authorities can investigate." A spokeswoman from the National Hi-Tech Crime Unit has said that PCs belonging to the man are being examined by computer forensic experts. The man, who is unemployed, has been released on bail until August.
Suspected "weight-loss" spammers charged in USA This one also from Sophos. US authorities in Detroit have charged four men in connection with emailing fraudulent sales pitches for weight-loss products. Christopher Chung, Daniel J Lin, James J Lin, and Mark M Sadek have been accused of disguising their identities in hundreds of thousands of spam emails, delivered by bouncing messages through unprotected third party computers. Sadek's lawyer, James L. Feinberg, said that his client was "absolutely shocked" to be arrested early on 28 April at his home in suburban Detroit, and would plead innocent to the criminal charges. According to authorities, the defendants' company sold weight-loss patches under corporate names such as AIT Herbal, Avatar Nutrition, Phoenix Avatar and others. According to Gina Balaya, a spokeswoman for the US Attorney's office, they are believed to have sent spam to "at least a million people." According to media reports more than 10,000 complaints about unwanted email from the company have been lodged. Investigators say that they have consulted medical experts who have confirmed that the ingredients in the weight-loss product sold via the spam emails would not work. "It is encouraging to see the US authorities investigate complaints of users who say they are being bombarded with spam," said Graham Cluley, senior technology consultant for Sophos. "However, this is really the tip of the iceberg and more spam is being sent today than ever before. All businesses should protect themselves now to prevent spam clogging up their email inboxes." "Weight-loss products are just one of many goods plugged by spammers, but many computer users faced by the growing tide of spam would probably like to see convicted spammers go on a diet of bread-and-water," continued Cluley. A recent survey by Sophos revealed that 80% of small businesses have found spam has made them less productive. With the growing convergence of spam and viruses, Sophos recommends that small businesses introduce a consolidated defence against the virus and spam threat.
Spam: Report Card 2004 This from ZDNET. More than 50 percent of e-mail is spam. Billions of spam attacks are launched each month. Spam costs U.S. companies at least $1 billion per year in security and human resources expenditures, as well as lost productivity. Increasingly, virus-infected machines are used to distribute spam and perpetuate additional fraud, such as phishing. Is combating spam a losing battle? We explore the potential technology solutions in our Spam Report Card 2004. Get the rest of the story. http://techupdate.zdnet.com/special_report/Spam_Report_Card_2004.html
Could AIM be cause of crashes? The following question was asked of Kim Komando. Kim offered good advice My teenage daughter is obsessed with AIM instant messenger. Lately, we have had a lot of problems with our computer crashing. We installed Ad-aware and Spybot Search and Destroy, but things have gotten worse. I worry that the problems are from AIM. Any advice? I have had security issues with AIM on both personal and office computers. But I have not experienced the crashes you describe. I suggest you remove AIM from your computer and see if that improves the situation. Trillian, a free instant messaging service, can be used instead of AIM. You can get it at: http://www.ceruleanstudios.com/ Using Ad-aware and Spybot is a good idea. Poorly written spyware can make computers crash. Be sure to update these program before using them. The battle with spyware is never-ending. To update Ad-aware, click Check for updates now>>Connect. To update Spybot, click the Update button in the left-hand panel. Then click Search for Updates. If you are getting error messages when the computer crashes, copy the information from them. Any numbers or phrases could be helpful. Then go to the Microsoft site at: http://support.microsoft.com Click Search the Knowledge Base. Enter any numbers or phrases one at a time in the form. You may get an answer there. You conceivably could have a virus. It is important to keep your anti-virus software updated. You can do that at the publisher's site.
Free CD Burner Software. Here is a good one from a recent Langalist. We discussed the program in the Advanced Users Group this past Wednesday. A couple of the members downloaded the program, used it and like it. Free CD Burner Software Fred, Love your newsletter, and am a Charter subscriber to the Plus edition which is worth every penny! I recently found this program that is great for burning CD's and DVD's and it is totally free! You can find it at http://www.deepburner.com. I was totally blown away with how slick this program is - every bit as good as any commercial offering I have tried. Keep up the good work! ---Matthew Brock Thanks, Matthew! XP has built-in CDR burner software, but it can't yet burn DVDs on its own; and earlier versions of windows can't burn anything without extra software. The usual commercial choices--- Nero and Roxio--- not only require payment, but their software is rather large due to all the many add-ins and extras they include. Roxio, in particular, is an enormous suite of tools for everything from managing your vacation photos to assembling MP3 collections---- and oh, by the way, it's burner software, too. In contrast, Deepburner doesn't try to do everything--- it tries to do a few things very well (see features list: http://www.deepburner.com/?r=features . It's free, and it's just 2.6 Mb to download. Nice!
Time Stamps on Email This one from Worldstart. Recently the time shown on my received e-mail runs three hours ahead. Are these emails really coming from the future? It would be nice if when someone told you, "I need that information yesterday!" you could email it to them and have it show up yesterday. But, alas, this is not the case. This "email from the future" can happen if your ISP's clock is off. Since the time stamp gets put there by your e-mail server, if the time on that server is off, your e-mail received time will reflect this. Your best bet is to contact your ISP and ask them about it. They can either give you an explanation for the time problem (i.e. you live in LA but the server is in New York) or get it fixed for you. Recently I've seen junk mail come from a year ahead or from way in the past before Al Gore invented the internet. This puts the junk mail at the top of your inbox whether you have it sorted ascending or descending by date. That's some kinda trick they do on their bulk servers.
Got The Blues? Greens? I've been wondering about this for months. Finally Fred clears up the rainbow. (Mike) Dear Fred; In Explorer when you click on "Windows" I get a lot of folders that are Blue". What are these folders? Thanks, John P.S. I am glad I upgraded to "LangaList Plus." I didn't know what I was missing. I really enjoy it. On an NTFS drive, files and folders normally can be black, blue, or green, and each color means a different thing. If the colors sneak up on you--- if you don't expect 'em, or didn't manually change the filename colors with a tool like TweakUI--- indeed, it can be disconcerting. Black is the default--- normal files and folders. Blue means that the files or folders have been compressed by the OS. This can happen automatically as part of disk cleanups in XP, or by manual settings on an NTFS drive. Either way, when the OS compresses folders/files, the names will be shown in blue. Files/folders compressed this way operate exactly like any other file or folder--- no special handling or decompression is needed. But the color coding lets you know the files and folders have been processed. More info on XP file compression: http://support.microsoft.com/default.aspx?scid=kb;en-us;307987 Win2K compression: http://support.microsoft.com/default.aspx?scid=kb;EN-US;251186 Green shows encryption by the OS in XP and Win2K. More info on XP encryption: http://support.microsoft.com/default.aspx?scid=kb;en-us;q307877&sd=techhttp://support.microsoft.com/default.aspx?scid=kb;en-us;320166&sd=tech Win2K encryption: http://support.microsoft.com/default.aspx?scid=kb;EN-US;230520 On their own, XP and Win2K can't both encrypt and compress the same file; it's an either/or thing. That's one of the reasons for the color-coding--- so you won't try to process a file that's already been processed. If you want both encryption and compression, you must use a third-party tool. Files and folders that have been compressed or encrypted (or both) by third-party tools don't get the color-coding--- they usually remain in black. (BTW: TweakUI for XP: http://langa.com/u/4n.htm ; for other Windows: http://www.annoyances.org/exec/show/tweakui
INTERESTING SITES: Sharks Sharks and more Sharks This one from Kim Komando Man has had a healthy fear of sharks over the years. Much of what we know about sharks is probably from the movies. Learn the truth about sharks through the Monterey Bay Aquarium's shark exhibit. There are all kinds of species that live throughout the world, in both salt and fresh waters. Read about the different species and what you can do to save them. You'll find activities for the kids, too. http://www.mbayaq.org/efc/sharks.asp
Websites For The Frugal? This packed Full of sites came from Slashdot. Posted by timothy on Sunday May 02, @05:33PM from the spend-thrifty dept. fwc writes "Like most people, I like being able to get the most benefit out of my money. In pursuit of this, I use several websites which help stretch my dollar even more. For instance, I have found smarterliving.com which I consult for good travel-related deals. I also use slickdeals.net and fatwallet to make sure I don't miss those almost-too-good-to-be-true deals. When looking for the best price on a specific item, I usually consult Froogle, Pricewatch, and Shopper.com. I also use a collection of online stores which sell stuff dirt cheap, such as newegg and of course half.com. Recently, I was looking for some tools at Harbor Freight's Website and a friend suggested that I might want to also look at Homier's. I was pleasantly suprised to find that they have some prices which are even lower than at any other site which I have found. This makes me wonder what other sites are out there I haven't found yet which are in the same category." I know techbargains has "saved" me money on some things I might not otherwise have bought. View Slashdot @ http://slashdot.org/
There is a lot of fun for kids and grownups to enjoy by sharing this site. Another Kim Komando site. Old-style fun Before computers (gasp!) and electricity, children and adults had to find a way to amuse themselves. Most toys and games were homemade. These paper toys have an old-school feel to them. Click on a link for a description of the toy. Each has a printable pdf file, so they're a snap to make! You'll find folding story books, gift bags, baskets and more. It's a lot of fun. http://www.thetoymaker.com/
Lost Luggage Capital of the World Story by Carol Muse Evans Recently printed in the Grit. Gary n' Patti sent it to me. Lost luggage from around the world ends up at the Unclaimed Baggage Center in Scottsboro, Ala., where the contents of the bags are sold at bargain prices. Ever wonder what happens to the luggage lost on airplanes? A lot of lost luggage and its contents can be found for sale at bargain-basement prices at Unclaimed Baggage Center in Scottsboro, Ala. Visitors to the center, also known as the “lost luggage capital of the world,” can buy everything from everyday items to rare treasures. While not every item in the store is a treasure, many people enjoy the treasure-hunting experience, says Bryan Owens, president of The Owens Group, owner of Unclaimed Baggage Center. Good-quality clothing, cameras, electronics, sporting goods, jewelry, books, luggage and more are available daily for 50 to 80 percent off what one would normally expect to pay for the items, he says. For those who love the thrill of the hunt and the pleasure of getting a real deal, the center is definitely a shopping adventure not to be missed. Read the rest of the article. Some interesting items for sale. http://www.grit.com/feature.php?story=12
Yankee or Dixie Quiz Let's try again. I had this site listed a month or so ago and it got pulled from the internet. Amanda says it is back and workable. I tried it too and it worked. (Mike) After listening to the samples of English on the Speech Accent Archive (see yesterday's cool site), you will probably have noticed that we say things very differently depending on what region of the United States one is from. Well this quiz will tell you if you have more of a Yankee or Dixie quality to the ways you pronounce things. Answer how you would say the examples they provide. If you answer one incorrectly then you’ll need to scroll to the bottom and answer all over, because if you change an answer midstream of taking the quiz you could fudge your results. My score was "43% (Yankee). Barely into the Yankee category." Which is interesting because I have grown up in the North all of my life. But it is relative to where I grew up in the North. I am from Lorain, Ohio which is a melting pot of different ethnicities and has both southern and northern accented English speakers. Have fun with this one. Take it a couple of times to see the variations or to just see what comes up for the different response. http://www.sonicpling.net/misc/yankee-dixie-quiz.html
BLAST OFF...These from Patrick Crispen in a recent Tourbus Newsletter. Our first stop along the celestial highway is the "Astronomy Picture of the Day". This site features a high quality image with a description of its significance, written by a professional astronomer in clear, easy to understand terms. Recent images (as of this writing) were of the Missoula Crater on Mars and comets Bradfield and LINEAR. If you miss one, don't worry, there's an extensive archive going back several years. http://antwrp.gsfc.nasa.gov/apod/astropix.html
The Hawaiian Astronomical Society has created a SPECTACULAR astronomical Web site called "Views of the Solar System". The site tells you EVERYTHING you could ever want to know about most of the astronomical objects in our solar system, gives information about the history of astronomy and space travel, and offers stunning pictures and movies from around the Solar System. http://www.solarviews.com
In a similar vein, The Nine Planets is an overview of the history, mythology and current scientific knowledge of each of the planets and moons in our solar system. Each page has text and images, some have sounds and movies, and links to related information. http://www.nineplanets.org
And finally, some Bad Astronomy. This website is dedicated to righting wrong ideas about astronomy and scientific misconceptions spread by movies, the media and popular culture. Phil Plait, a real-life astronomer, debunks common myths such as Hoagland's Face on Mars, the Apollo Moon Hoax and everything you've always wanted to know about Standing an Egg on End During the Vernal Equinox . http://www.badastronomy.com