KCNET NEWSLETTER 05/16/04 TECHNICAL PAGE
VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
VIRUS AND OTHER STINKY STUFF Friday, May 07 - Friday, May 14 According to Sophos, a leader in Anti Virus Software development, 20 new/improved viruses which required Anti Virus upgrades were released into cyberspace via email.
KCnet's antivirus program caught and "defanged" 3559 email viruses yesterday. This was just one day and is similar to every day lately. Viruses are still coming in by the buckets. Nearly 37,000 spam messages were refused.
PRAISE THE LORD, MICROSOFT REWARDS, AND GERMAN INVESTIGATORS. VIRUS PERPS CAUGHT!!!!! Microsoft: Separate trail led to second virus writer By Robert Lemos CNET News.com May 10, 2004 Microsoft confirmed on Monday that German authorities had arrested a man suspected of writing and releasing a program widely used to compromise and surreptitiously control computers on the Internet. The program, known as Agobot, has caused concern among many security experts because it allows a single individual to control a vast network of computers, potentially as a means to attack Internet sites. The coder was captured Friday, the same day that an 18-year-old man, also a resident of Germany, was arrested for creating all five versions of the Sasser worm. While Microsoft aided in both cases, the two investigations were separate, said Hemanshu Nigam, a corporate attorney for the software giant. "Two different paths led to two different cases which resulted in arrests around the same time," he said. The investigation into the identity of Agobot's author is ongoing, and there could be more arrests, said Nigam, who would not elaborate. Other suspects were arrested in the Agobot case, according to press reports, but Nigam would not confirm the arrests. The two arrests possibly put into custody the creators of the two largest threats on the Internet--the Sasser worm and the widespread Agobot--and represent a big win for the software giant's efforts to dissuade attacks on its customers. The suspected author of the Sasser worm has also claimed to have written all 28 variants of the mass-mailing computer worm known as Netsky, another program that has plagued Microsoft Windows users, said Nigam. Though Microsoft had not announced any reward for information about the person or group that released, and presumably wrote, the Sasser worm, a group of informants approached the software giant's German office last Wednesday and inquired about whether such a cash award would be paid. Microsoft promised it would be, and believes that the informants aren't otherwise involved in the case. "We are comfortable" with their story, said Nigam. The arrest of the alleged creator of Agobot didn't come from informants, he added, but from other, unspecified, leads. Moreover, contrary to what some press reports had to say, Nigam did not believe that the person penned a variant of Agobot known as Phatbot. That program adds peer-to-peer capabilities to the original program. Nigam also refuted press reports that the latest variant of Sasser, Sasser.E, came out after the 18-year-old German resident was arrested. The suspected Sasser author apparently confessed to releasing a fifth version of the worm a week ago.
TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_WALLON.A. TrendLabs has received Several infection reports indicating that this malware is spreading in Germany and EMEA. This mass-mailing worm exploits certain vulnerabilities found on Windows systems. More information about these vulnerabilities can be found on the following Web sites: MS04-004: http://www.microsoft.com/technet/security/bulletin/ms04-004.mspx http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=MS_IE_VULNERABILITIES
According to Sophos: W32/Wallon-A is an email worm. The worm sends mail containing a deceptive link. The link appears to direct the user to drs.yahoo.com/<user's domain>/NEWS but in fact points to a location on another website.
Sasser.a and Sasser.b Worm Alert! The paragraphs below came from a CNet Newsletter. This worm has infected 3/4 million computers. It has disabled an entire postal service, many Universities in addition to multi businesses and individual PCs. Although the virus creator has been arrested his monster continues to be lethal to many machines. (Mike) Sasser and its variations are network-aware worms that do not require e-mail or user interaction to spread. Sasser takes advantage of a buffer-overrun flaw in the Local Security Authority Subsystem (LSASS), which allows an attacker to gain control of infected systems. Microsoft patched the flow with MS04-011on April 13. The worms use a bootstrap effect to infect new machines first then download the full code from a previously infected machine later. Sasser (w32.sasser.a) and Sasser.b (w32.sasser.b) are both 15,872 bytes in length and randomly scans local networks and the Internet to look for additional systems to infect. This scanning could slow normal traffic on the Internet. Vulnerable systems include Windows 2000, Windows XP, and Windows Server 2003 that have not installed the Microsoft Security Bulletin patch MS04-011, and are not running desktop firewall software. Sasser does not affect any other version of Windows, nor Linux, Unix, Mac OS, or any other operating system. Microsoft has created a special page on how to prevent a Sasser infection. Basically, a desktop firewall should protect vulnerable systems until the Microsoft security patch can be downloaded. If you do not have a personal firewall, you should install one first to limit the affects of the Sasser worm. The Microsoft security patch MS04-011 is available here.
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THIS NEXT SITE IS FOR YOU. Free Virus scans. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Computer Associates, another reputable and reliable anti virus developer introduced a new free program which allows anyone to do a virus scan without downloading any software or registering for an anti virus program. You must use Internet Explorer for access to Computer Associates and to perform the scan. This is a good one and very simple to operate The address is http://www3.ca.com/threatinfo/virusinfo/scan.aspx
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/us/us_dwnl_free.php Another good free program to take a look at is: http://www.free-av.com/
This list from Trend Micro represents the top 10 reported threats April 30, 2004 to May 07, 2004) 1. WORM_MYDOOM.A 2. WORM_NETSKY.P 3. WORM_MOFEI.B 4. HTML_NETSKY.P 5. WORM_NETSKY.D 6. WORM_NETSKY.B 7. PE_VALLA.A 8. PE_NIMDA.E 9. PE_ELKERN.D 10. TROJ_SCTHOUGHT.C
Tried and Untrue Viruses and Warning Letters of Impending Doom. Believe it or not, the amount of harm done by sending false computer virus alarms and letters of impending doom to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus or latest doom warning, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your antivirus software provider probably knows about it too and already has an update for it. Sophos supplies this current information about actual hoaxes. Look at them. Read about them. If you are sent one of them, delete it.
Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.quatloos.com/ http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.sophos.com/virusinfo/hoaxes/ http://www.truthorfiction.com/
TECHNICALLY SPEAKING: AVG Update Failures This one from the Langalist. It will be of interest to AVG users. Fred; I think something strange is happening over at Grisoft.com with their AVG Free version. Over the past couple of months, I've gotten some problems when trying to update the signature file and this has always been a free update. I've tried reporting the problem to their SUPPORT e-mail address and gets refused because the FREE version has no support, which I think is a good decision on their part except in the very rare cases where a user actually comes up with a real problem. In the years over which I've used AVG and gotten many other people using it, I've never known AVG to actually have a bug. When I run the AVG Control Center, select the Update Manager tab and try to UPDATE, I get the error message "An automatic connection to the Internet could not be established. ...". I am using a DSL "always on" connection and I am able to access Internet sites before trying the update and while the error message is displayed. I've gotten this on several computers at various friends houses, some on WindowsXP and others on Windows98se which is what I'm running on this system. The way I've gotten around this at friends computers and mine is to simply re-download the whole AVG, but that ties up their server for a longer length of time. A week ago I had the problem last. Tonight I again tried the download and it worked. Is there actually a problem? Regards, Chris Coddington I saw that too, Chris, on the one test PC I have here with AVG on it. The auto-updates simply failed for days on end. My guess is there was a problem with the AVG servers. But even then, you could get a manual update by going to the http://www.Grisoft.Com site, drilling down to the version you have (the free version is based on 6.0), downloading the appropriate file into your AVG folder, and restarting AVG. Not very convenient, true, but it works even when the auto-update is broken.
Reducing the size of pictures This one from Kim Komando (I decided to be fair and print the plug for the Kim Komando book.) I liked her suggestion of Irfanview. She could have plugged Paint Shop Pro, Microsoft's Picture It, Adobe's Photo Suite, etc. She chose a free picture manipulation program instead. We studied and played with the Irfanview program in the Advanced Users Group and gave it a hearty thumbs up for usability. (Mike) Q. Please tell me how to make a picture that I put on my PC from my digital camera smaller. I want to join a contest, and it says that the picture has to be no larger than 1 megabyte. I don't know what to do. The size of my picture is 1,145 kb. Please help me. It sounds like your picture is a JPEG, in the form photoname.jpg. JPEG is a method of compression. At 1,145 kilobytes, that is a large JPEG. You could use photo-editing software to shrink it, if you have such a program. If you don't, I suggest you use IrfanView, which is both easy and free. You can get it at: http://www.irfanview.com/ Once you have IrfanView running, click File>>Open. Navigate to the folder where your picture is stored and double-click the picture file. It will open in the IrfanView window. Next, click Image>>Resize/Resample. You can set the size on the right side in pixels. For instance, you could set it to 1024x768, or 1280x960. Both are large dimensions, but should give you a much smaller file size. For instance, I used IrfanView to shrink a file that was nearly 1.2 megabytes. Just changing it to 1024x768 reduced it to 54 kilobytes. On the left side, you can do more customization. You can specify the size in inches, pixels or centimeters. You may also want to change the DPI (dots per inch) setting. If the picture will be viewed on a monitor, 72 is fine. If it will be printed, the DPI should be at least 150. The DPI setting also affects the size. Your contest directions may tell you what dimensions and DPI to submit. After IrfanView resizes the picture, click File>>Save As. Give the resized picture a new name, and save the original in case you need it again. And here's a shameless plug: If you're interested in digital photography, my book--The 50 Greatest Secrets of Digital Photography--will walk you through it from A to Z. It's available at: http://www.komando.com/kk_estore_40/list.asp?CtgID=18
The next three tips direct from David at Worldstart. This is a good tip sheet to get each day. Register at http://store.worldstart.com/customer/home.php scroll about two thirds down and right column to register for excellent newsletters. (Mike) Every time I go to print seems to take longer than it used to—a lot longer. Is there a way to get my quick printing back? Most likely your printer settings got changed from "draft" to "best". I know because I did the same thing. I was printing some photos and changed the print quality to "Best" mode and it stayed there. Every time I went to print a simple Word document, it would take forever to print. If I remembered to change the properties, it would go right back the next time I printed. Finally, I figured it out... Rather than opening my print properties in Word, I needed to change them in the Control Panel. Go to Start/Control Panel then "Printers and Faxes". Find your printer on the list, right-click then choose "Properties" (or Alt+double-click the printer). Click the "Printing Preferences" button Next, change the Print Quality to "Draft" and make sure the Paper Setting is on "Plain Paper". Click OK and you're all set. These should now be your default settings.
Print Email Text Bigger We learned in this week's Video Tip how to make the font bigger in an email using a scroll-wheel mouse, but you may know that it still prints normal size. You'd think there would be a way to specify the font size that you print with, but it seems like we're stuck with 12 pt. or smaller. I know that just won't do for many of you. After some time in my thoughtful spot, I figured out a process you can use to make email fonts larger and more readable when printed. Actually, I thought of two ways this could be done, but the overall concept is the same, so you decide which way works best for you. Method #1: In Outlook Express hit Forward then make sure that you have "Format" set to "Rich Text (HTML)". Now click inside the text area and Ctrl +A to highlight all the text. from there you can change the font and the font size to your preference. You can also edit the email to your liking—taking out what you don't want to print. In order to print, you must Send it to yourself by putting your own address in the To field. Netscape Mail works pretty much the same way. Click Forward then highlight the text you want enlarged (or Ctrl+A for all). Click the +a button until the font is the size you want. The nice thing about NSM is that you can print without sending it to yourself—just go to File / Print. Method #2: Copy the text and Paste it into Word, Works, or any other word processor, then change the font size and Print. Here's to easy reading.
Digital Imaging Tip: Buffer Overload "I love my digital camera, but sometimes when I take a lot of photos all at once it seems to 'overload'. It gets to a point where it just won't take any more pictures for a minute or so. It's really annoying when I am trying to get a shot and the camera won't work. Do you know what causes this?" Yup, sure do. Your buffer is full. For those who haven't experienced the situation described above, let me tell you one of my buffer horror stories... So, there I was taking pictures of my daughter's Girl Scout troop getting awards. One girl after the other marched up on stage to receive their badges. The more they marched, the more maxed out my buffer got - till the camera finally had too much and needed to take a break to catch up. I remember wanting to shout, "Hey! Wait a minute! My buffer is jammed with pixels!" Since my wife was sitting next to me and made me promise not to be a geek, I had to stay quiet. So, I did the best I could, missed some shots, and learned from the experience. So, why does this happen and how does it work? Glad you asked :-) When you snap a photo with your digital camera, it doesn't instantly write that info to the memory card. Instead, your photo goes into a faster "buffer" area first and then the image gets transferred to your card. Why not just go straight to the card and skip the buffer? Memory cards just aren't fast enough to keep up. In fact, if it weren't for your buffer, you would have to wait until the write was complete to the card before you could take the next photo - probably 5-15 seconds for most cameras (and it would feel a lot longer than that, trust me). That's why the majority of digicams won't let you shut them down immediately after taking a shot - they have to finish writing the image to the card from the buffer. Buffer sizes vary widely from camera to camera. Some hold as little as one photo, others can hold up to 40. Most, however, hold between 5-10 full size images. Here are three ways to help you avoid the buffer blues: 1. Get a camera with a better buffer (that twinge of pain you just felt was from your wallet). After all, it's a photographic rule that every missed shot = a trip to the camera store :-) 2. Shoot at a lower resolution. Yeah, I know. I always say you should shoot at the highest resolution your camera has to offer, since that's what you paid for. However, if you know you're going to be in a situation where your buffer could fill up, you may need to rethink this. See, the lower the resolution, the more pics you can cram into your buffer. Getting all the shots may be a better choice than only getting half of what you need. 3. The last solution is to try and let the buffer catch up. Try to be more selective as you shoot. I know that, depending on the situation, this is not always possible. However, if you keep in mind how fast you can shoot before the buffer fills, you may decide to hold back on a shot while you wait for an even better one. The good news is that as these cameras get better, this problem will eventually become a thing of the past. A new pro camera was recently introduced that can take a whopping 40 shots at a time before the buffer was filled! And if memory serves, it took less than a minute to write the data from the buffer to the memory card. So, hang tight—we're getting there :-)
The following is from CNET's Q & A Weekly Newsletter. The Question and Reader answer are: All of a sudden, my PC is running slower and I'm getting a ton of advertising pop-ups when I go online. Someone told me it might be spyware or adware. What are they and how do I get rid of them? Submitted by Douglas A. of Paradise Valley, AZ Answer: Spyware and adware are programs that are installed on your computer without you knowing it. These programs can send information about you from your computer through the Internet. Some also just pop up advertisements that the software downloads. They can be installed when you install various software programs such as Kazaa, and some shareware. They can also be installed on your computer by visiting some websites. Because these programs are running in the background and are sending and receiving data, they will eat up system resources and slow your computer down. To Remove these programs you can do the following. 1.) Run a virus scan with an up to date Anti-Virus software package (like Norton or McAfee) to make sure that the spyware is the only problem slowing your computer down. 2.) Download a copy of either Spybot Search and Destroy or AdAware which will identify and eliminate most of the spyware and adware programs. 3.) Download a popup stopper/blocker. www.google.com has a free toolbar that you can download for free that has a built in popup blocker which works about 95% of the time. 4.) Delete your cookies and temporary internet files. You can store a lot of these when you're browsing awhile. This can contribute to slowing your computer down also. On your Internet Explorer Menu, Select "Tools", the "Internet Options" which you can delete the cookies and Files in the "General" tab. 5.) Make sure you Defragment your Hard Drive on a regular basis
Another good one from Worldstart Sometimes when I install software, I get options for "typical", "custom", or "compact" installations. How do I know which one to use? I don't know about most of our readers, but I generally make my selection after a series of coin flips. If my lucky penny says "custom", then who am I to question it? Ok, Ok. That may not be the best way, and it does make co-workers think you're slippin' something in yer coffee. Unless space is a problem, I tend to avoid "compact" installs. Back in the ancient days of computing, hard drives held less then 1 Gig of information (gasp!). Back then, you were always running out of hard drive space, so doing a compact install was often the solution used by the early pioneers. However, that time has long past (it was over 4 years ago), and most computers now have hard drives big enough to allow either a "custom" or "typical" install. Of course, if you've used all those modern gigabytes of space with excess programs, images, and music, you may still want to think about a compact install. Just remember, when you go compact, you may lose certain features or find that you need to have the CD handy in order to run the program. OK, so what about choosing "typical" or "custom"? Typical is good for a quick, no brainer install, but here again, you may be missing out on some features. I generally choose the "custom" install option. It's been my experience that when the component selection screen pops up, the stuff it would have done in a "typical" install is selected by default. So, I just look though and decide if there is anything that's not selected thatI want selected—or if there's anything that is selected that I don't need (like foreign language files and such). Most of the time, I glance over the options and end up leaving everything alone. However, there are times when a certain feature I want is not selected by default, so taking a second to look things over really pays off.
INTERESTING SITES: The Toymaker This fun one from Amanda Whether you have a child or grandchild to entertain or you're just a child at heart, you'll love the Toymaker.com. It's whimsical and fun, and cheap. It is a site full of paper toys that you can make. You can print them, cut them out, and glue them together and get hours of amusement. Or you can make it a fun project for the kids and get them to do all the work. Visit the Workshop to learn how to invent your own paper toys. With ideas and suggestions to get you started, all you will need is a little imagination to make your project soar. Or you can spend a little time looking at the Holiday section where all the toys follow a holiday theme. Some of my favorites on the site were the Sunbox, A Window to Fairyland, and the Pop-up box with Unicorn. All of them are a joy to make. You’ll need Adobe Acrobat Reader if you plan on looking at the easier to print versions because they are .pdf files. Enjoy the hours of fun from this site. http://www.thetoymaker.com/
Welcome to the Cities Collection of images. This collection hosts the best views of cities around the globe as photographed by astronauts while in orbit. There are three ways to search through the collection of cities images. The Map Search method is an interactive graphical representation of the globe that contains dots which represent the cities to further narrow the search. The Form Search method allows for a search queried by the country, and then the cities within that country. The Registered Cities List is a complete list of the images of cities that are registered, or geometrically corrected, and tweaked to match a map of the cities with even scale. This collection is based on the complete collection of astronaut photography hosted at the Gateway to Astronaut Photography of Earth. http://city.jsc.nasa.gov/cities/default.htm
Speech Accent Archive Another good one from Amanda. "This site examines the accented speech of speakers from many different language backgrounds reading the same sample paragraph. Currently, we have obtained 335 speech samples." You can choose a dialect from the side menu or you can use the drop down menu in the middle of the page to navigate the site. To listen to the samples you will need Quick Time, if you don’t have it there is a button on the site that says “Get Quick Time” you’ll be redirected to a site to download the newest version. After choosing a dialect, you can then choose from a list if there is more than one speaker. The sample will load and you can then hear the accented phrase. I spent almost an hour listening to samples and didn’t even get partially through. There were quite a few for English, here meaning, a very long list of samples. But it was interesting to see how differently English is spoken in our country let alone other countries where English is a first language. A very neat listening experience, Enjoy! http://classweb.gmu.edu/accent/
WHERE DO the PAPARAZZI POST THEIR PICTURES? Whoopeee!!!! At SplashNews. If Britney spits chewing tobacco, the live action shot will be here. If the Olsen Twins fall down drunk, you'll see them laying on the sidewalk first at SplashNews! http://www.splashnews.com/ I couldn't find the pic of Britney and the chew. (Mike)
Virtual matinee Movie buffs will love Reel Classics. Thanks to Kim Komando This Web site was started by a Princeton freshman who loves classic films. The wealth of information here is staggering. You'll find articles, pictures and information on old movies. There's also a lot of information on actors, directors, producers and others in the movie biz. The best part has to be the audio/video section. Watch and listen to theme songs or notable quotes. http://www.reelclassics.com/
Epinion is an opinion search site for just about anything you can think of. Consumers have been there and done that, how did they like it? What surprises did they discover that weren't advertised? Everything under the sun is critiqued. You can leave a rant about a product, too. http://www.epinions.com/
Cute Site Paranormal Potato Chip Gallery of All Stars! Stop! Before you chomp-down on that handful of potato chips you're holding, take a moment to see if you may be in the potato chip presence of a Hollywood celebrity, famous world leader or even your great aunt Edna. Strange as it may seem, every so often the Great Chip Lover in the sky sees fit to create potato chips that resemble people or things we all can recognize. Please take a moment to behold the all around awesome-ness of our most recent paranormal potato chip discoveries! Found a Nixon in your bag of Barbecued? Spotted an Elvis in your Salt 'n Vinegar? Here's your chance to share your amazing discovery with chip lovers and devotees of the bizarre everywhere! Just send us a picture of your amazing potato chip discovery and we'll post it right here for all to behold! http://www.chipofthemonth.com/html/gallery.html