VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
Hacking--do the pros now rule? By Ong Boon Kiat Special to CNET News.com October 28, 2004 The chief scientist of security company Internet Security Systems believes 2004 could prove to be a watershed year for hacking. Robert Graham says that many hackers are graduating into the pro ranks, a development that carries worrisome implications for corporate security. "Before this year, we really saw just kids that are playing and pretending to be masterminds," said Graham, who did important early work in the development of intrusion-prevention systems. "But this year, we saw the rise of the professional hacker." For many years, hackers were content with the thrill of breaking into other systems, or with whatever elevated peer status they achieved through their exploits. But not anymore, according to Graham, who says that both the pattern of hacker attacks, and the motives behind the attacks, are changing. Hackers are now far more coordinated, and they no longer merely rely on copycat tools and random attacks. What's more, Graham detects a dangerous intent to profit financially from hacking. He recently spoke with CNETAsia about this evolving security challenge. Are hackers getting paid now? It's not so much that they get paid to hack, but that they earn money from hacking. Take phishing attacks: It's usually the people who are running the attacks themselves that are earning money; no one is paying them to do it. How would you define a "pro hacker"? Before this year, hackers really were just kids playing and pretending to be masterminds. They could download hacking utilities from the Internet, but they were really clueless. And they were relatively unskilled...and it's only after running their tools through tens of thousands of machines that they were able to find one to break into. More importantly, they weren't really criminal masterminds. It's been largely a game for hackers up until now. This is notwithstanding the fact that law enforcement agencies have been taking this game seriously--because the hackers haven't. This year, things are changing, and you can see it from the FBI's activities in the U.S. this year. In one arrest by the FBI, the subject was a spammer who had thousands of machines under his control used to forward spam. Is that pro mind-set reflected in the exploit patterns? Well, what I'm seeing is more hackers are now writing their own exploits. In the past, they would just use well-known attacks. Before, whenever there was a new bug, hackers would compete among themselves to see who would be the first to write exploit programs for those bugs and then publish them to Web sites and mailing lists like BugTraq and Full-Disclosure. And then everyone else would go there, download those attack programs and run them blindly. It's been largely a game for hackers up until now. Today, more people write their own exploits. Why are they able to do it? If you look at the kids graduating from school all over the world, they got interested in hacking when they were, like, 12-year-olds, in the mid-'90s. Over the years, their interests have grown into a skill set that lets them write their own attack programs. Speaking of new exploits, what do you make of the rising number of bug variants that we've seen this year? In the past, antivirus vendors would compete with each other to see which would be able to write signatures faster for each new virus that came out. But with (the) Netsky and Bagle (viruses), we saw the reverse. Now we have virus writers who compete to see how fast they can update their viruses in response to each new antivirus signature. That's why we see a Netsky a, b, c, d and so on. But why were hackers suddenly interested in making variants? Well, with previous virus writers, their goal was to create a virus and see if it could be done. After that, these virus writers were done. There seems to be a change in the psyche among virus writers now. You see this with Netsky and Bagle. There are two teams of people competing with each other. The Netsky people hated the Bagle people, and Bagle people hated the Netsky people. So it was kind of like a feud between them. So how worried should we be? Are viruses becoming more sophisticated in a hurry? No. Viruses today are really no more sophisticated than they've been over the last several years. As a matter of fact, Netsky and Bagle are pretty unsophisticated. As security professionals, we know how to create a sophisticated virus. The reality is that hackers that write viruses really aren't all that smart. They focus more on whatever defenses they see. They try to do one extra step. And so we rarely see a huge advance in hacking techniques. Rather, we see gradual growth. Most virus writers only try to stay one step ahead. And only one step, not five or 10 steps. Hey, there are are more words in this interesting article: http://news.com.com/Hacking--do+the+pros+now+rule/2008-1082-5429687.html?part=dht&tag=ntop&tag=nl.e703
THE TALLY: Thursday, October 14 -- Thursday, October 21 According to Sophos, a leader in Anti Virus Software development, 27 new/improved viruses, which required Anti Virus upgrades were released into cyberspace via email. This was an exceptionally busy week for Anti Virus updates. & KCnet's anti virus program caught and "defanged" 12,586 email viruses in addition to refusing 175,567 spam messages. There were 199,423 non spam or non virus messages delivered to KCnet subscribers.
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THIS NEXT SITE IS FOR YOU. Free Virus scans. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Computer Associates, another reputable and reliable anti virus developer introduced a new free program which allows anyone to do a virus scan without downloading any software or registering for an anti virus program. You must use Internet Explorer for access to Computer Associates and to perform the scan. This is a good one and very simple to operate The address is http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/us/us_dwnl_free.php Another good free program to take a look at is: http://www.free-av.com/
Top 5 Viruses for October 15 to October 22 from Trend Micro 1. WORM_NETSKY.P 2. PE_ZAFI.B 3. HTML_NETSKY.P 4. WORM_NETSKY.D 5. JAVA_BYTEVER.A
True Viruses and Warning Letters of Impending Doom. Believe it or not, the amount of harm done by sending false computer virus alarms and letters of impending doom to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus or latest doom warning, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your anti virus software provider probably knows about it too and already has an update for it. Sophos supplies this current information about actual hoaxes. Look at them. Read about them. If you are sent one of them, delete it.
Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.quatloos.com/ http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.sophos.com/virusinfo/hoaxes/ http://www.truthorfiction.com/
TECHNICALLY SPEAKING: Is Patch Order Important? This one from Fred Langa. I've often wondered about this too. (Mike) Fred, Your newsletter continues to rank 4.0. I am an old retired salt. 4.0 was/is the highest rank one could get on an annual evaluation (and other things). Anyway, in the past you recommended for those interested to download all the Win 98 updates from the Windows Update Site (before they went away). I, of course, did! I recently had the need to format a drive and ended up downloading all the Win 98 updates again to the machine I was reloading. I could not figure out what order to install the updates I already had on file. Does it even matter what order they are installed in? Thanks for all your hard work. ---Jeff Denton That's a tough one, Jeff, not so much in concept as in execution. The concept's easy: Generally, it's safest to install patches in chronological order, oldest to newest. This mimics the real-life order in which the patches appeared, and so should build your system in a positive way, with none of the accidental "downgrading" that can sometimes happen if you install an old patch over newer software. (Newer versions of Windows have gotten pretty good about warning you of such problems, and even actively preventing them; but Win98's protection is rudimentary at best.) The hard part can be figuring out that chronological order. If you previously saved the patches locally to your hard drive, as they came out one by one, and if the original time/date stamps are intact, you can use that as a guide. If that's not available, you may be able to use the "KB" (Knowledgebase) number that's associated with most patches: In general, lower KB numbers are older items; the higher the number, the newer the item. Similarly, you can look up the "release date" of each patch by opening and reading the associated Knowledgebase article for a given patch. But that's very laborious, and not always 100% reliable because the date of Knowledgebase articles can change as the text is edited. To try looking up the KB number or full Knowledgebase text for a patch or patches, use Update's "View Installation History" option in the Update window's left hand nav bar. If the History is unavailable or otherwise not working for you, you can look up any/all patches for any Windows OS via the Update "Catalog" function: In the main Windows Update window, select "Personalize Windows Update" from the "Other options" nav bar on the left. When the right hand pane shows "Personalize your Windows Update experience" check the box marked "Display the link to the Windows Update Catalog under _See Also_" and then click "Save Settings." In the left hand nav bar, under the "See Also" heading, you'll then be able to explore the entire Windows Update Catalog, which shows all patches that apply to whatever operating system you select. Again. use the KB numbers and release dates as a guide to patch chronology. One tool that also can help in Win98 is SFC, the "system file checker." If you make an SFC snapshot of your system when it's freshly installed, and regularly re-run SFC as you apply patches, it can help to detect version conflicts and unintentional rollbacks of important files. See http://search.atomz.com/search/?sp-q=sfc&sp-a=0008002a-sp00000000 and http://www.google.com/search?q=sfc+98 for more info.
Two icon entries from Worldstart I downloaded a bunch of icons, but how do I change the icons on my desktop? There's not a whole lot to it. Just Right Click the folder you want to change and choose Properties. Now choose the Customize Tab, and select the Change Icon button. A window will appear showing a lot of different icons to choose from. The standard icons are in your System32\SHELL32.dll folder, but you can have icons in other folders (especially if you downloaded some from today's weekly download). Just click Browse and navigate to the other folder that you put the icons in. Find one you like, select it and choose OK. Click OK again to finalize the change.
Weekly Download: Personalize Your Icons @ Leo's The Windows Icon selection leaves a lot to be desired, not to mention it seems like most of them are very similar to other icon choices you have. You can make Icons but you usually need some third party program and unless you know what you're doing it's going to look like a bunch of little Picasso's, or digital amoebas all over your desktop. Besides, who wants to spend their time making Icons (unless you're into that), not me, I don't have enough time to do the things I really want to do. So, after years of all my personalize folders either looking like a tree, star, or some techie who-knows-what, I decided to look up some alternatives. Well, I found a site you're going to love. You can go out to Leo's icons and search through a library of literally thousands of icons. There are all types of categories completely free—find the group, or individual icons you want, download, unzip, and use, "it's that easy". I have seen free icons before, and there was a reason they were free—they were either too small, or dark, or simply low quality. The selection is really exquisitely made—you'll have people asking where they can get them, not what is that? I was impressed. I found so many icons out at Leo's that it was hard for me to find time to write this article. Go out and at least take a look—you'll go crazy I guarantee there's something out there for everyone. The download selection pages have complete instructions on how to use the icons, even how to use them instead of the "My Computer" or "My Documents" folders. If you don't catch the install "Read Me" at the site (it's at the bottom of the individual download pages) you can always read the How-To Change Icons Q&A at the beginning of this Newsletter. Hope you enjoy the fresh look to your desktop, I know I do. Here's where to go... http://www.iconarchive.com/
Replying to Forwarded Email Another Worldstart pointer. We all knew this but just in case... Do you ever get email forwarded to you, maybe second or third hand, and want to reply to the original sender. We run into that same problem here. One person gets an e-mail, but someone else needs to respond to it. Most likely you click the original senders address and start a new message. However, since you want the original message included you have to copy and paste that into the new message. There must be a better way? What we do when we get the forwarded e-mail is to hit the Reply button. Now, I know what you're thinking, all that's going to accomplish is sending it back to the person who forwarded it in the first place. But this is where the trick comes in... After you hit Reply, delete the sender's e-mail. Then, just highlight, copy, and paste the original sender's e-mail address (from the e-mail) into the "To:" line of the e-mail. For example, let's say Joe forwards you an e-mail from Bob. You hit Reply and remove Joe's address from the "To:" field and replace it with Bob's.
Spyware Countermeasures Another Langalist. I would like to bring your attention to this site which offers links to some of the more popular anti-malware programs and also easy to understand tutorials for using them in an optimal manner. I have it right at the top in my favorites in a folder named AAAAA. Thanks for great newsletter, Bruce http://snipurl.com/a1yd Thanks, Bruce. Nice find!
INTERESTING SITES: In Pennsylvania Gary n' Patti sent this one. Last Updated: August 2004 Lock Haven, Beech Creek and McElhattan have Haunting Mentions including one that was recently torn down, Assantes. I wasn't aware of the Mcghee School situation but I had heard of a ghost at Kmart which was not mentioned. Now I'm beginning to think something is swooshing about my basement. Tools and other stored things get moved, actually hidden. Things never seem to be where I distinctly remember placing them. Eerie. http://theshadowlands.net/places/pennsylvania.htm
Humpty Dumpty The King James Version This is tongue in cheek but pretty funny. An excerpt from "Mother Goose:The King James Version", a work in progress by Meryl Arbing & Lorne Brown (marbing@ican.net) sponsored by The Storytellers School of Toronto. Feel free to distribute it as long as you let people know where it came from. http://www.catholic-pages.com/grabbag/humpty.asp
Encyclopedia Mythica Amanda sent this one. Welcome to one of the nicest encyclopedias I have found in a long time. This is an encyclopedia about mythology, folklore, and legend. To use the encyclopedia choose the "Explore" section. This will allow you to explore through the articles until you find something that strikes your fancy. It is setup by categories: Mythology, Folklore, Bestiary, Heroes, Image Gallery, Genealogy, and Featured Items. On the side menu you will notice those topics all listed under "Areas", you'll also see a section called "Miscellaneous". Under this section you can find the Pronunciation section. Which, if you want to talk about your subject of interest, could be quite helpful. If you are looking for a specific subject say, griffins, then you should go to the "Search" section and type in "griffin" and hit search. This brings up an article with information on the creature and allows you to cite, rate, or print the information. Then there is the "What's New" section which gives you a summary of the recent additions or updates. If you want to know more about the encyclopedia you can choose "About" and learn all about the encyclopedia itself. This one is bookmark worthy. Enjoy! http://www.pantheon.org/
What time is it? This one for clock watchers. This was a Kim Komando suggestion. As you know, I live in Phoenix, Arizona. We don't observe Daylight Saving Time. Why? When you have over 100 days of 100 degree temperatures, you don't want an extra hour of daylight! Not observing Daylight Saving Time can get real confusing--is it 3 hours to New York or 2? This web site helps eliminate those questions. It displays the official U.S. time for all 50 states and U.S. territories. It also has a map of the world. Lighted areas are regions with daylight and the dark areas represent night time. It's pretty cool! http://www.nist.time.gov/
THE WORLD's DAILY CONSUMPTION-O-METER I found this site very interesting. I changed the clock and was surprised at some of the projections. Astonishing figures are listed in tons, ohms, dollars, acres, hecktars, grams and Roman Numerals. The site uses your computer's clock, so if you are curious how much we will have HIV-infected in 2050 then just change your system time to 2050. Please note that it will just calculate values based on current statistics. *nix users: there are compatibility issues with Konqueror browser. Please use Opera, Mozilla or Firefox. Sorry for the inconvenience. http://www.worldometers.info/
Pick a color, any color This is one of those personality-likes/dislikes exercises based on colors. It was interesting to learn what color choices might tell about your being. Try it--you'll like it. http://www.chinapaint.com/eng/flash/colorandme_en.swf
MARTHA TALKS http://www.marthatalks.com/