KCNET NEWSLETTER 05/23/04 TECHNICAL PAGE
VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
VIRUS AND OTHER STINKY STUFF Friday, May 14 - Friday, May 21 According to Sophos, a leader in Anti Virus Software development, 20 new/improved viruses which required Anti Virus upgrades were released into cyberspace via email.
KCnet's antivirus program caught and "defanged" 3972 email viruses yesterday. This was just one day and is similar to every day lately. Viruses are still coming in by the buckets. Nearly 32,500 spam messages were refused.
Bobax worm turns computers into spam zombies, Sophos reports May 18, 2004 The Bobax worm can make a zombie of your computer Virus researchers at Sophos have warned users about a new internet worm which is capable of turning infected computers into spam factories and launchpads for denial-of-service attacks against websites. The W32/Bobax-A worm uses the same Microsoft security vulnerability as the Sasser worm to break into computers, enabling attacks to gain full control of the infected PC. "Worms like Bobax are gold dust to the spam gangs - as it gives them an easy way to build up a network of innocent computers to send their spam from," said Graham Cluley, senior technology consultant for Sophos. "Computers which are not properly protected with anti-virus updates, firewalls and Microsoft's security patch are asking for trouble." Because the Bobax worm does not travel via email (instead it exploits a vulnerability described in Microsoft Security Bulletin MS04-011) users do not have to launch an email attachment to be infected. "Computer users must put protection in place now against this kind of internet assault. If you leave it to chance you shouldn't be surprised if your computer is turned into a "zombie", launching thousands of spam messages at other internet users," continued Cluley. "More than 30 percent of the world's spam is sent from compromised computers, underlining the need for a co-ordinated approach to spam and viruses." Sophos anticipates that the impact on businesses of the Bobax worm will be limited because of the large number of corporations who have already put the Microsoft patch and reconsidered their firewall protection since the Sasser outbreak, but urges users not to be complacent.
Why we may not have seen the last of Sasser Robert Vamosi Senior Associate Editor May 17, 2004 Despite the the $250,000 reward offered by Microsoft, the original author of the MSBlast worm remains on the loose, as do those responsible for the Sobig virus and MyDoom worms. So security experts were surprised--and somewhat skeptical--last week when German authorities announced the arrest of the Sasser author just seven days after the code's release. PC-cillin Internet Security 2004 Stay ahead of the virus writers with a personal firewall/antivirus solution such as PC-cillin. PC-cillin Internet Security 2004 Previously, I've reported that the author of the Sasser worm, which doesn't use e-mail but spreads via the Internet and crashes vulnerable Windows XP and Windows 2000 machines, is part a virus-writing gang also responsible for the Netsky virus. While the suspect has confessed and German authorities haven't ruled out more arrests as a result of their investigation, I have a gut feeling that the true programming geniuses behind these worms lie outside the vocational school in rural Germany that's now under investigation. With friends like these... Despite teams of investigators working worldwide, the Sasser arrest was actually the result of three to five individuals walking into Microsoft's German offices on Wednesday, May 5, 2004, unannounced. They inquired whether the $250,000 (U.S.) reward offered for information leading to the arrest of the individual(s) responsible for MSBlast, Sobig, and MyDoom outbreaks also applied to the Sasser worm. Microsoft had not announced such a reward for Sasser, but apparently took the information very seriously. Concurrently, Microsoft and other security experts were parsing the Sasser code, looking for programming clues to its origin. Analysis reveals that Sasser is a poorly modified version of the Netsky virus, augmented with off-the-shelf scripting tools from online virus-writing kits available from underground hacker Web sites. In other words, any script kiddie or criminal hacker without technical skills could have created Sasser. Acting on the informants' information, on Friday, May 7, 2004, German authorities arrested an 18-year-old, Sven Jaschan of Waffensen in Lower Saxony, Germany. This would fit the clue "Mr.SJ" found within the Sasser viral code. Further, German authorities report finding the source code for the Sasser on Jaschan's computers, along with source code for 20-some variations of the Netsky virus. Questioning the Sasser investigation But here's where it gets really interesting: about 3 hours and 45 minutes after Jaschan's arrest, a fifth variant, Sasser.e, was reported in the wild. As part of his confession, Jaschan allegedly stated he intended for Netsky to be an "antivirus"--that is, Netsky and Sasser would remove copies of other viruses such as MyDoom and Bagle. Early forms of Netsky and Sasser, in fact, did not remove other viruses, and Netsky opened ports on infected computers, allowing remote access. Oddly, Sasser.e, released after Jaschan's arrest, appears to be preventative: it attempts to warn users if their computers are vulnerable to the lsass.exe flaw (which Sasser exploits) and urges them to download the patch from Microsoft. This warning displays on the infected computer's desktop and is signed by the "Skynet Team for malicious activity prevention." Sasser.e also attempts to remove previous infections by Bagle, a virus that seeks to delete copies of the Netsky virus, and MyDoom--just as Jaschan said. While it's possible that Mr.SJ released the Sasser.e code just minutes before his arrest and that it took a while to surface, it's more probable that more than one person is behind Sasser. Antivirus researcher Mikko Hypponen of F-Secure has pointed out that previous text messages found within Netsky indicated a possible Russian connection. Not only were Russian and Czech references found in the viral code statements, so were Russian words. Thus, many antivirus researchers were surprised when the arrest happened in Germany. Hypponen admits the Netsky and Sasser text messages could all be misdirection--however, there are credible signs that multiple authors are at work. The plot thickens Last Tuesday, May 11, 2004, the German authorities raided five more homes near Sven Jaschan's home and uncovered more copies of the Netsky and Sasser source code on additional computers. The five others are all schoolmates of Jaschan, who recently graduated from a 2,300-student vocational school. Here's what I think: I think the individuals who turned in Jaschan are themselves connected in some way. Perhaps these guys are the authors of the Bagle virus, which sought to remove copies of Netsky infections. But deep down, I think these German virus writers are merely tweaking someone else's code, perhaps for profit. Netsky, for example, is capable of creating large networks of remote-control compromised computers; this has financial value to spam operators (who can send their mail anonymously worldwide) and shake-down artists (who can extort money from Web sites in exchange for not shutting them down via denial-of-service attacks). I don't think these kids in Germany are operating on that level. I think they're pawns--but willing pawns and, therefore, no less guilty. I just hope we get to the bottom of this and don't settle for a few very easy arrests.
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THIS NEXT SITE IS FOR YOU. Free Virus scans. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Computer Associates, another reputable and reliable anti virus developer introduced a new free program which allows anyone to do a virus scan without downloading any software or registering for an anti virus program. You must use Internet Explorer for access to Computer Associates and to perform the scan. This is a good one and very simple to operate The address is http://www3.ca.com/threatinfo/virusinfo/scan.aspx
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/us/us_dwnl_free.php Another good free program to take a look at is: http://www.free-av.com/
This list from Trend Micro represents the top 10 reported threats April 30, 2004 to May 07, 2004) 1. PE_ELKERN.D 2. WORM_NETSKY.P 3. HTML_NETSKY.P 4. PE_VALLA.A 5. WORM_NETSKY.D 6. PE_FUNLOVE.4099 7. WORM_NETSKY.B 8. WORM_NETSKY.Z 9. PE_PARITE.A 10. WORM_NETSKY.C
Tried and Untrue Viruses and Warning Letters of Impending Doom. Believe it or not, the amount of harm done by sending false computer virus alarms and letters of impending doom to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus or latest doom warning, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your antivirus software provider probably knows about it too and already has an update for it. Sophos supplies this current information about actual hoaxes. Look at them. Read about them. If you are sent one of them, delete it.
Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.quatloos.com/ http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.sophos.com/virusinfo/hoaxes/ http://www.truthorfiction.com/
TECHNICALLY SPEAKING: How Firewalls Work This one from Worldstart and promised for the Advanced Users this past Wednesday Session . (There are a few minor modifications from the original article.) There are mean people out there that want very badly to get into your system or network. Maybe they want to steal information, to simply cause as much destruction as possible, or to use your system for their own uses. If you're online a lot or have a broadband connection, the attempts to enter your system may be relentless. The first line of defense between you and the Internet is the firewall. A firewall isn't going to stop you from getting a lot of viruses, unless they’re the kind of virus that proactively scans systems for open ports like the 32.Sasser that has recently stepped onto the virus scene. Where firewalls really come into play is in the area of Internet or Network access. A firewall will keep hackers at bay. There are two basic types of firewalls: hardware and software. A common hardware firewall is a router. In a small network, it sits in-between your PC and modem. These firewalls feature the ability to hide your PC from others on the Internet by assigning you private IP addresses through a process called NAT (Network Address Translation) or DHCP (Dynamic Host Configuration Protocol). A router will take the Internet address that your Internet Service Provider has doled out to you and give the PCs that are connected to the router a generic private IP address (not valid for the internet). The other primary job is to close ports (these are numbers that are associated with certain jobs, for example most email clients and servers use SMTP port 25 and POP3 port#110) ports can be a vulnerability as seen in the past and a hacker can have an easy time getting into your PC with ports wide open to the world. When hackers try to scan your network for known vulnerable ports the Firewall simply drops the packets because they contain data that no PC on the network requested. Software firewalls are a little bit different and they have good points and bad points. It is always better to have a firewall then not to. The main difference between the two styles of firewalls is that one is an external device that runs on its own hardware. The software firewall is an application that runs on your PC. This is the one down side because it's one more application running on your PC while you're trying to surf the web and can cause resource overhead and slow things down in older PCs. In concept the firewalls really are the same. The point is, a firewall is desirable, especially if you are on broadband. To learn more about firewalls, or any other subject, use a search engine such as Google, www.google.com, and search for your topic. That will keep you busy until next week!
Will a mouse eat your battery? I don't often get a chance to relate to Laptop problems and this is a good question handled by Kim Komado in a recent Newsletter tip. Kim was asked: I am doing genealogical work, and have to go to cemeteries, libraries, etc. I use a laptop. It has a touchpad, which I don't like. If I use a mouse, will it deplete my battery faster? Kim wrote the following: I received this question on a recent radio show. It was something I had not considered, but I told the caller I didn't think it would make much difference. Last week, I received an e-mail from Dave Snyder, a hardware engineer at Microsoft who tests mice. He had further information on this issue. And, he was kind enough to send me a detailed e-mail. According to Dave, an optical mouse always uses more power than a mouse with a trackball. It has to illuminate the light-emitting diode on the bottom, and also power some chips inside. So optical mice may draw twice as much power as their trackball cousins. Dave included an erudite discussion of milliamps and milliamp hours. I won't go into all that. But the upshot was this: He gets about 2 and one-half hours from his computer without a mouse. He figured he would get about nine minutes less using an optical mouse connected to a USB port. Presumably, a trackball mouse would give him a few more minutes. So he came to the same conclusion as me: It doesn't much matter. He suggests you buy a mouse you like and ignore the power draw. I agree. If I were looking at laptop mice, I'd go for a miniature mouse. You may have trouble finding one with a trackball. But, again, the difference is probably only a few minutes of battery time.
We played with this one in the Advanced Users Group a couple four or more weeks ago using a tip from Kim Komando. We had great consternation about the situation as we used the teaching machine for the research. I feel much better with Worldstarts advice on this subject. I wish I would have seen this tip first. In Windows XP when I go into Task Manager (Ctrl+Alt+Del) there are a lot of programs running under "Processes" that I have never seen before and don't know what they are for. How can I find out what these "processes" are for and how to keep them from loading if I don't really need them? Think of those processes as the parts under the hood of your car. They help Windows run and you don't really think about them. Your clock synchronization, audio, imaging, printing, and other essential functions are all separate running processes. If you really want to monkey around under there, then go to Start/Run and type "services.msc" (without the quotes). You'll find the name of each service, a description, and whether it starts automatically, when needed (manual), or is disabled. Most of the descriptions tell you what will happen if you disable a process. The only ones that you really need to concern yourself with are the automatic ones since these start at boot up. Click the header for "Startup Type" and all the automatic processes will be grouped together. Now you can go down the list and read what each one does and the consequences of disabling. If you see one you don't want/need then double click. The resulting window will again give you the name and description of the process. You can also change the startup type here from automatic to manual. To be honest, I'd recommend just leaving them alone unless we send you a tip about a rogue process (like Messenger Service). Most processes have a function and if you disable one that you need you can run into problems. If you have anti-virus and spyware scanning software then you shouldn't get any alien processes lurking about to worry you. Now, close the hood and get back to driving the information super highway.
Study says 100 million PCs to be replaced in 2004 By Dinesh C. Sharma Special to CNET News.com May 20, 2004 Nearly 100 million PCs are likely to be replaced this year, with 120 million being swapped out in 2005, according to data research firm Gartner released Thursday. The volume of replacements in the next two years will surpass the number of units replaced in the run-up to Y2K in 1998 and 1999, Gartner said. In 2004, replacement units will drive global shipments to 186.4 million--an increase of 13.6 percent over 2003. "Our first-quarter results suggest the...replacement cycle that vendors have been anticipating for more than a year is under way," George Shiffler, principal analyst for Gartner's client platforms research, said in a statement. Gartner analysts said more than 30 percent of installed PCs are now at least three years old. Many of those machines run older versions of Windows operating systems, for which full technical support may not be available. This, they said, will play a major role in pushing sales of replacements. Strong economic growth in the United States, the Asia-Pacific region and Japan is also likely to boost sales of new PCs. In a forecast it issued in February, Gartner had said consumer sales would be driven by upgrades to new desktops in order to handle new applications like digital photography or multimedia. The market researcher said PC shipments for the second quarter of 2004 are projected to increase 14.3 percent from the second quarter of last year.
The next two from Worldstart Both are early level PC stuff but just in case you forgot or if you are early level. What do those version numbers, like 1.0.1 mean? To find the version number of a program, just click Help, then find "About..." Now, let's say we have program with a version number of 6.1.2 The first number (6) represents the "major" version number. Normally these are only updated if there has been lots of major changes to a program. The next number (1) represents a minor update. Maybe a feature or two was added to the program, but the overall program remained the same. The third number (2) represents a bug fix. Our example shows that version 6.1 has had 2 bug fixes so far. That's the gist of it. Some programs use letters rather than numbers, especially for minor update and bug fixes. Additionally, it's open to interpretation by the programmer (or the marketing department ;-) as to whether the current update constitutes a major version change or just a minor enhancement.
Installing a New Font When you buy some new fonts or download them off the internet you may need to manually install them. Sounds difficult, but it really isn't. If you downloaded the font it may be in your downloads folder in a zipped format, so first you need to unzip the folder. If they are on a disk, then just have the disk in your drive. Now, open the Fonts folder. You can go to Start / Run and type in "fonts" (without the quotes) or go the longer way through the Control Panel. On the File menu select "Install New Font". Choose the drive and folder where the new fonts are located. Click the fonts you want to add while holding down the Ctrl key, or "Select All" then click OK. The fonts will then be added to your folder. Now when you use your word processing program, the new fonts should appear.
Add this Freebie to the Newsletter CD Burning tip from Langalist in the last KCnet Newsletter. From Joe to Fred Langa: Another Free CD Burner Tool Despite the name, this tool is said to work on Win98 and ME, too: A recent issue mentioned cd burning software and I wanted to share CDBurnerXP Pro, a nifty (FREE) program that lets you do far more then XP can alone, and almost as fast. Like copy cds and burn ISO images (for us Linux fans). It can be found at http://www.cdburnerxp.se/
Spybot - Search & Destroy 1.3 New features and an improved interface enhance this all-important spyware-removal tool. License: Free http://download.com.com/3000-8022-10122137.html
INTERESTING SITES: Aquarium This one from Amanda and it is a good one. Sue and I visited the Monterey Aquarium in 1988. I have seen four Aquariums and Monterey is tops. This is a good site. Welcome to the Shark Exhibit at Monterey Bay Aquarium, full of fun videos, a live web cam of the sharks, and tons of cool shark facts . You’ll have your fins full exploring this exhibit. Whether you watch the Hula Dancers praise the Shark God with dance, or you check out the sharks as they’re swimming, you’ll enjoy yourself. Monterey Bay Aquarium is the only Aquarium to have a Galapagos shark on display, a fun fact about this particular shark is that it displays threat behaviors prior to attack. This type of shark is known to attack humans, unlike the Blacktip Reef Shark which is considered harmless because of its small size. You can check out all kinds of sharks from different kinds of water sources. Your options are Coral Reefs, Freshwater Rivers, Kelp Forest, Open Waters, and Sandy Seafloors. Among the sharks you’ll find some rays, and skates. You might want to check out the other Exhibits at the main part of the site, which you can get to by clicking on "Aquarium Exhibits" at the top of the page. There are live cams of otters, penguins, kelp and Monterey Bay. The otter section was really neat, and I highly recommend it for you viewing pleasure. http://www.mbayaq.org/efc/sharks.asp
Hey in these times of lawsuits for downloading music there is at least one totally legal download/upload site for "not the to worry"! Furthernet is a peer-to-peer network dedicated to the exchange of live concerts. Only artists that approve of this policy are traded. There are many musical groups who allow fans to tape their shows and share them. Fortunately, for music lovers, there are a lot of groups that allow taping and trading of concerts. You'll find top[ groups and individual performers like AC/DC, Crosby, Stills, Nash and Young, Dave Matthews Band, Pearl Jam, U2 and more. http://www.furthurnet.com/
Need a birthday surprise? Here is a site to tell the grandkids about and totally frustrate your son. Overflite Model Hot Air Balloons -- Instructions How to Build Small Homemade Birthday Candle Engine Powered UFO Fire Balloons -- Mathematics and Technology for Science and Design Birthday Candle Balloons can rise over two thousand feet high, sail for miles, and shine like Big Orange Stars, for over ten minutes. It's like having your own Cape Canaveral. See: What Fire Balloons Can and Cannot Do. Had a lot of fun launching balloons, from Central Park -- Overflite's Home Base. Models include Dry Cleaner Bag Balloons and Homemade Plastic Bag Balloons. The heat engines are made by melting birthday candles together, either single-file, or double-file. The frames are made with balsa wood sticks or drinking straws, shaped into either an "H" or an "X." http://www.overflite.com/
Welcome to Project Gutenberg Bill Myers sent this one and it is a good one. Project Gutenberg is the Internet's oldest producer of free electronic books (eBooks or etexts). Our present collection of more than 10.000 eBooks was produced by hundreds of volunteers. Most of the Project Gutenberg eBooks are older literary works that are in the public domain in the United States. All may be freely downloaded and read, and redistributed for non-commercial use (for complete details, see the license page). http://www.gutenberg.org/
Animated Engines I suggested this one a year or so ago. It is worth reposting I have loved mechanical things since I was a kid. Engines in particular have always intrigued me. All my life I've pored over books, studying cutaway diagrams, hungry to understand how things worked. These pages are an attempt to share that magic. Some of the animations are rather large, so you may need to allow a few extra seconds while each page loads. These pages use animated GIF files, so they require a fairly recent browser -- any but the oldest browsers will do. If the main illustration at the top of each page isn't moving, you'll need to update your browser for the full effect. http://www.keveney.com/Engines.html
For the Bird Lovers Remember George Gobel, "Well I'll be a dirty bird." This one is about bird sounds, about 3 dozen of 'em. This site contains bird songs and other vocalizations recorded by Northeastern State University students and community volunteers as part of a project funded by a FASTT grant to integrate technology into the experience of biology students through the scientific examination of bird song, the manipulation and analysis of those songs in the lab, and the organization of this material into this educational website. http://arapaho.nsuok.edu/~birdsong/
Reserve America Thanks to Amanda for this site. It’s soon to be summer time. It’s time to start planning the summer trips. Maybe you want to visit some of our gorgeous natural parks? Or maybe you want to check out some of the beautiful land in Canada? Well, if you’re going camping you should check out this site. At Reserve America you can use their Campground Search to find where you’d like to stay on your trip. Do you want to rent an RV? Or do you just need a place to pitch your tent for the night? Then this is your site! You just put in the date of your trip, the facility type you are looking for, and the state or campground name and it will tell you if there are any spots left that you could reserve. Another neat thing about this site is that you can check out some of the parks that are featured on the site with the "Campground spotlight". Just choose the park of your choice and you’ll get lots of details about that park. I checked out Willow River State Park, mainly because of the gorgeous picture of the river. You'll find information about the Setting, the Facility, and Tips. Very thorough information that will help make planning your trip easier! http://www.reserveamerica.com/