VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
Daffy ZAFI - WORM_ZAFI.D Trend Micro for this one WORM_ZAFI.D is a memory-resident, mass-mailing worm that is currently spreading in-the-wild. On December 14 Trend Micro declared a Yellow Alert to control the spread of this worm. It uses its own built-in Simple Mail Transfer Protocol (SMTP) engine to send malicious Christmas greetings. It runs on Windows 98, ME, NT, 2000, and XP. Upon execution, this mass-mailing, memory-resident worm displays a message box. It drops a copy of itself as NORTON UPDATE.EXE, and drops copies of itself as .DLL files with 8-character random file names. Some .DLL files are copies of itself while others are email log files in the Windows system folder. It also drops a log file called S.CM in the root folder. It then adds a registry entry that allows it to automatically execute at every system startup. This worm drops a copy of itself using either of the following filenames: * WINAMP 5.7 NEW!.EXE * ICQ 2005A NEW!.EXE It drops the file in folders that contain one of the following strings: * share * upload * music Most file-sharing applications, such as KaZaA, Shareaza, and Morpheus, use folder names with these strings when sharing files through peer-to-peer (P2P) networks. P2P users who search for Winamp and ICQ installers may inadvertently download this dropped ZAFI copy instead. This worm uses its own built-in Simple Mail Tranfer Protocol (SMTP) engine, which allows it to send malicious Christmas greetings without having to use other email applications like Outlook Express. The language used in the message body is dependent on the domain of the email recipient. For example, When the Top Level Domain of the user's email address is .COM, the message is sent in English. When the Top Level Domain of the user's email address is .DE, the message is sent in German. Please visit the Technical Details of this virus description to view samples and screenshots of the email it sends. It searches the following files for target email addresses: * ADB * ASP * DBX * EML * FPT * HTM * INB * MBX * PHP * PMR * SHT * TBB * TXT * WAB However it skips email addresses that contain the following strings: * admi * cafee * google * help * hotm * info * kasper * micro * msn * panda * secur * sopho * suppor * syman * trend * use * viru * webm * win * yaho This worm terminates antivirus and firewall programs. It searches for folders and files from all folders found on the system. It then reads the contents of the files and checks whether the string “firewall or virus” exists. If three or more files contain the specific string, the folder name is stored in a registry entry. When all the folders are obtained, it then traverses the specific registry entry. If the folder name contains the following strings, it terminates all executable files running in the folders: * cafee * Kasper * panda * secure * sopho * syman * trend * viru
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THIS NEXT SITE IS FOR YOU. Free Virus scans. Computer Associates, a reputable and reliable anti virus developer introduced a new free program which allows anyone to do a virus scan without downloading any software or registering for an anti virus program. You must use Internet Explorer for access to Computer Associates and to perform the scan. This is a good one and very simple to operate The address is http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use one of the programs offered above first and then download and install one of the free programs listed below or install any anti virus program you have purchased.
Free Anti Virus programs to download. Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed.
AVG Free AVG Free Edition is the well-known anti-virus protection tool. AVG Free is available free-of-charge to home users for the life of the product! Rapid virus database updates are available for the lifetime of the product, thereby providing the high-level of detection capability that millions of users around the world trust to protect their computers. AVG Free is easy-to-use and will not slow your system down (low system resource requirements). http://free.grisoft.com/freeweb.php/doc/2/lng/us/tpl/v5
Avast Avast has been "anti virusing" for quite awhile. The following info comes from their download page: Avast! Home is now free of charge for HOME users for NON-COMMERCIAL use. You can find more info here. http://www.avast.com/eng/down_home.html Note: This product is free for home non-commercial use after registration! HINTS: Click on the English Version Link and download the installation file. Then click on the installation file and follow the directions. You will need to return to the download page and click on the link to get the registration key. It will be sent to you in an email after you provide some registration information. This will give you 14 months of coverage including any updates which can be set to auto download. You can reregister for additional free coverage at the end of the 14 months. You will want to browse around and choose from the many options available for operation. This process will take some time and digging.
Another good free program to take a look at is: http://www.free-av.com/ This one installs a bit easier than Avast.
Top 5 Viruses for December 10 to December 17 from Trend Micro 1. WORM_NETSKY.P 2. HTML_NETSKY.P 3. WORM_SOBER.I 4. WORM_NETSKY.D 5. WORM_ZAFI.D
True Viruses and Warning Letters of Impending Doom. Believe it or not, the amount of harm done by sending false computer virus alarms and letters of impending doom to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus or latest doom warning, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your anti virus software provider probably knows about it too and already has an update for it. Sophos supplies this current information about actual hoaxes. Look at them. Read about them. If you are sent one of them, delete it.
Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.quatloos.com/ http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html http://www.sophos.com/virusinfo/hoaxes/ http://www.truthorfiction.com/
TECHNICALLY SPEAKING: I'm going to dedicate some space in this Newsletter for Spyware and Spybots information. The subject got rolling in the Advanced Users Class this Wednesday. I had personally encountered "About Blank" in my Internet Explorer and Maxthon browsers. The regular Spybot Search and Destroy and Lavasoft's Adaware did not see the problem. The up to date antivirus program also let the bugger in. Early searches on Google seemed to indicate that riddance of About Blank would involve some costs. I'll keep you updated as the battle ensues.
Some background on the subject of Spyware and Spybots: This will be the number-one topic in the year 2005, guaranteed. Panic Over Spyware By John C. Dvorak, reputable writer for PC Magazine I'm chatting with the CEO of a spyware company and he tells me that he knows for a fact that Dell support lines have been getting 70,000 calls a week regarding machine performance and anomalies. Dell has been referring the callers to Web sites discussing spyware. It's spyware causing the problems. I'm thinking to myself that if Dell is getting 70,000 calls, then Microsoft must be getting 700,000 calls, since the smart money would always assume that it's a software problem. Whatever the call volume, this situation with spyware is now officially out of control. This subject is near and dear to me, since my laptop was infected via a hotel network connection recently. The culprit is the webrebates.exe Trojan horse. Like many of these pests, once it gets on your machine it starts installing loaders all over the place. These are essentially spyware spies. They all look to make sure that the spyware stays in place. If you manage to erase it one of the little drones will reinstall it. You cannot erase the drones and the spyware fast enough to prevent this simple process from continuing unless you use special software to ferret out all the drones first. Many of these pests also contaminate the Registry, and many of the drones are in subdirectories that cannot be seen using any normal process. As an aside I should mention that I've always wondered why Microsoft Windows has weird deeply rooted directories that cannot be seen in Internet Explorer, DOS, or any tool. They are scattered all over the place. The nasty spyware drones often end up buried so deep that finding them requires lengthy deep searches by antispyware tools. Now, if you think that the free antispyware programs are going to help with the nastiest of infections, you are kidding yourself. I've chatted with four spyware vendors over the past couple of weeks and they all agree that it's gotten so bad that the public is only partially aware of the problem. Few users know that their machines are infected. There is now a firm belief that organized crime, including the Russian mafia, is behind much of this activity. The scene is no longer dominated by kids out for fun. So what is the spyware used for? There appear to be four primary uses. Market research. Yes, it's true. A lot of spyware is used just to track browsing and other online behavior for market-research companies. This was one of the two initial uses. Employee and spousal monitoring. This is the second initial use for this stuff. Key loggers and other systems that are usually installed directly onto machines by the person or institution doing the spying. The FBI has been known to capture passwords using such software. Spambots. The more recent use of spyware has been to create legions of spambots for spammers to rack up big numbers without taxing their own servers. There are probably millions of drone machines, sometimes called zombie PCs. At night they are brought to life to serve spam all over the world. Yet another reason why the 24/7 always-on Internet is a complete disaster. Identity and credit-card theft. This is the latest twist and the fastest-growing trend. Last week, a new combination scam somehow got through my spam-filtering mechanism and tried to install a Trojan horse loader onto my system through the preview window of Microsoft Outlook Express. (Wasn't this supposed to be fixed?) My Kaspersky antivirus software saw the loader and stopped it cold. But what I found interesting was that this was one of those "Your account is temporarily closed" scams designed to collect personal information. The notable thing about spyware is that because it isn't virulent like a virus and seldom spreads from your machine to another, it manages to stay out of the spotlight. The national media pay little attention to the problem, and many mainstream media tech writers are Mac users, so they don't get it. Who knows what will happen when the Mac community gets hit? They feel immune, and are for now. But when they get hit, there will be few resources to help them, since the antispyware community is busy with all the PC-related problems. Since spyware has not spread quickly and tends to be installed via browsers one computer at a time, we are seeing slow—but relentless—growth. We can expect it to continue. I'm looking at all the spyware packages and I'll have a few to recommend in the months ahead. For now you'll probably need multiple systems to get rid of this stuff. This will be the number-one topic in the year 2005, guaranteed.
Worst spyware queues up December 21, 2004 By Dan Ilett Special to CNET News Beware of CoolWebSearch, a program that can change Microsoft Internet Explorer's security settings and wreak havoc on computers. Anti-spyware company Webroot Software said Tuesday that CoolWebSearch self-installs malicious HTML applications and exploits security flaws in IE. "This has vexed all of us," said Nick Lewis, managing director of Boulder, Colo.-based Webroot. "For consumers, CoolWebSearch is probably one of the most vicious programs in terms of how nasty it is. It completely hijacks the browser so you can't do anything." "The people who write this stuff are gaining sophistication in their coding practices, as they attempt to evade detection and removal," said Richard Stiennon, Webroot's vice president of threat research. "These 10 are the most insidious programs in terms of prevalence and effect." Webroot recommends that people install Microsoft security patches, avoid using freeware and disable downloads via ActiveX in Internet Explorer. CoolWebSearch is the most dangerous program on Webroot's latest list of the 10 worst spyware and adware threats. Webroot's list of top 10 threats also includes: Name: PurityScan Description: PurityScan frequently displays pop-up advertisements onto your computer whenever you are online. It induces you to install it by claiming to find and delete pornographic images. Name: n-CASE Description: (msbb.exe) – n-CASE is an adware program that delivers targeted pop-up advertisements to your computer. This program is usually bundled with freeware applications. Name: Gator Description: Gator (GAIN) – is an adware program that has the ability to display banner advertisements based on your Web surfing habits. Gator is usually bundled with numerous free software programs, including the popular file-sharing program Kazaa. Name: CoolWebSearch Description: CoolWebSearch (CWS) – CoolWebSearch has the ability to hijack your Web searches, home page, and Internet Explorer settings. Recent variants of CoolWebSearch install using malicious HTML applications or security flaws, such as exploits in the HTML Help format and Microsoft Java Virtual machines. Name: Transponder Description: Transponder (vx2) – Transponder is an IE Browser Helper Object that monitors requested web pages and data entered into online forms, then delivers targeted advertisements. Name: ISTbar/AUpdate Description: ISTbar/AUpdate – ISTbar is a toolbar used for searching pornographic web sites that has been reported to display pornographic pop-ups and to hijack your homepage and Internet searches. Name: KeenValue Description: KeenValue – KeenValue is an adware program that collects personal information and delivers advertisements to your computer. Name: Internet Optimizer Description: Bargain Buddy delivers targeted pop-up advertisements to your computer based on key words you might enter while surfing the Web. Method of Infection:Internet Optimizer – Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com. Name: Perfect Keylogger Description: Perfect Keylogger – Perfect Keylogger is a monitoring tool that records all visited web sites, keystrokes and mouse clicks. For example, it can log passwords, account numbers and other sensitive information. It is usually installed manually. Name: TIBS Dialer Description: TIBS Dialer – TIBS Dialer is a dialer program that hijacks your modem and dials toll numbers, usually to access pornographic "pay" Web sites.
Here is a good tip from the latest Worldstart I wish there was a way to alphabetize all the programs under Start/Programs? Well, save your wishes for something good, because you can! Here's how: 1. Click the Start button, Programs. Highlight any program group (i.e. menu item) that's listed there. 2. Now, just right-click and select "Sort by name" from the resulting menu. That's it. Remember that you can still drag and drop program groups around if you want to manually specify which ones sit at the top of the list.
Weekly Download: SpoofStick I featured this one last week. One week later it was a featured topic in a Worldstart Newsletter and I decided to push it again. We have explored this program in the Advanced Users group. It works. Well, this week's download goes a long with the phishing article I did a few weeks ago (12-8-2004). It comes from one of our attentive, informed readers who happened to be on the ball and sent me an email describing a program that I should consider exposing to our readers. Well, this morning I finally had a chance to run the program through it's paces and I couldn't agree more—this is a defensive measure for potential phishing attacks and could save you some unwanted grief. Just to refresh your memory or give you a basic rundown, "Phishing" is when a hacker creates a website that looks just like an actual legitimate site. Then the hackers try various ways to get unsuspecting users to go to these sites—usually through some bogus email stating that your account needs some sort of attention. There'll be a link to the spoofed site where it'll try to capture your account information. This has been around for a while, but as of late it has become a growing security threat. There are a couple of ways you can determine if the site is phony or legitimate, but today's download makes all of this just a little bit easier. Spoofstick is a download from Core Street which plugs into your Internet Explorer or Firefox 1.0 and helps you verify URL's (web addresses). The program integrates with either of these browsers seamlessly and needs no configuration. (Actually SpoofStick intergrates with any Mozilla Browser in addition to Internet Explorer. Mike) It simply sits on your browser and verifies every URL you visit. For instance, if you go to Worldstart.com the SpoofStick window toolbar plug-in will display a message that reads, "You're on worldstart.com". On the other hand, if you are on a spoofed site the message will read something like this "You're on 129.68.122.54" When you think you're on Ebay. Basically Spoofstick compromises the spoofed website showing you where you really are. All in all SpoofStick is a great security tool that's easy to use, and can potentially protect you from being scammed and taken advantage of. There isn't a ton of help out at Core Street's site but you really don't need it. The program works with Firefox 1.0 and Internet explorer 6, although they are different downloads. You also want to pay attention to the FireFox version install—it's a little different than what you may be used to, but it's no big deal. Once it's installed, restart whichever of the two browsers you're using and you'll see it. Next to the display field for SpoofStick in your browser you'll see the options pull-down—there's only three things you can configure (size, color, and what it displays) none of which need to be tweaked in order to get the program to work, they are simply there for aesthetic purposes. Well, thank you Stephen for the heads up—nice program. I hope you enjoy it as much as I do. http://www.corestreet.com/spoofstick/ Now lets take this one step further. Suppose you do determine that the address of the site is suspicious. You can identify the actual owner by performing a "Whois" search. First highlight and copy the suspected address. Go to the URL http://www.networksolutions.com (caution here) if you highlight and copy the Network Solutions address you will lose the copy of the suspected address. I suggest that you type the Network Solutions address and then Bookmark/Favorite save the Network Solutions address for subsequent use. Now choose Whois from the top row of choices on the Network Solutions page. Paste or type the suspect address into the appropriate space. Choose whether you are searching for a domain name, nic handle or an IP address. Then click "Search" and you will learn the actual owner of the address. If it is not who you think you should be doing business with you should stop any activity on the suspected site. You might want to report the suspected site to your ISP. (Mike) TrustWatch is another type of domain tester. We reviewed this program last week and it is worth repeating. It will only function with Internet Explorer. TrustWatch is a web site rating system that gives Internet users information on the security and trustworthiness of domains and web sites. Before you exchange sensitive information, such as a providing a credit card number, personal identification information or other confidential data, TrustWatch allows you to check that the site has been verified by a trusted third party and is using appropriate safeguarding measures. TrustWatch is a free, publicly-available utility that checks several sources and then reports back to the user a verification rating for that domain or web site. Based on a variety of factors, TrustWatch reports a rating very much like a credit bureau reports an individual's credit score. TrustWatch has been developed by GeoTrust, a leader in identity and trust services, and the world's second largest Certification Authority. GeoTrust's business is helping individuals and organizations obtain trusted digital identities - whether that's for a person, device or an application. (Mike) Download TrustWatch http://trustwatch.com/
More Worldstart and just in time for those new Christmas gift computers. My new computer doesn't have a floppy drive and my old one doesn't have a CD burner. Is there any other way to transfer files? If both computers have network cards, you could create a simple network, allowing you to use your old computer as an extra hard drive. You can bring up files as needed with your new system and leave them on the old—this saves you memory space on the new system. You'll probably figure out that you hardly access any of those old files anyway! Another option is to send files as email attachments from the old computer, then receive the email with your new computer. Save the attachments to your desktop, then file them away where you need them. Make sure that the files aren't too big and that you have a fast connection, otherwise you could be sitting around for a while, or your ISP might even block it. You could also use a USB key drive, portable hard drive, or external memory card reader/writer then "sneaker net" to your new computer. Lastly, if your new computer has Windows XP, you can just connect the computers together with a serial cable using an open COM port, then run the "File and Settings Transfer Wizard" (see today's tip). One way or another, you should be able to get your files moved over. Files and Settings Transfer Wizard We're off to see the wizard, the wonderful Files & Settings Transfer Wizard. This XP feature makes it easier for you to get files off your old computer onto your new one. You can move personal display properties, folder and taskbar options, and Internet browser and e-mail settings from your old computer and place them on the new one. The wizard will also move specific files or entire folders, such as My Documents, My Pictures, and Favorites. To open the Files and Settings Transfer Wizard go to Start / All Programs / Accessories / System Tools then click "Files and Settings Transfer Wizard". The Wizard will walk you through the process. If your old computer does not have Win XP, then you'll be prompted to create a Wizard Disk on a floppy or a CD. You can collect your old files and settings on the Wizard disk, or if you have the two computers connected via serial port, you can transfer that way. Not as painful as you thought, is it.
INTERESTING SITES: New Year 2005 sites.
Countdown to New Year 2005 Some fun here. http://www.timeanddate.com/counters/newyear.html
Greeting Cards, Parties, fun, frolic, food, and wishes, and of course, resolutions. that's what new year is. It brings us hope for prosperity and peace for the new year, to connect with our friends and family, to make new resolutions, and (maybe) to break them :-). Enjoy your new year celebrations at TheHolidaySpot. Send greetings, get a wallpaper for your PC, post your resolutions, plan your party, some tidbits on its history, and so much more. http://www.theholidayspot.com/newyear/ hat do the stars have planned for you in 2005? Whether you want to know what's going to happen with your romance, your career or your life in general, Astrology.com has the answers you're looking for -- from the best days for love to the best days to ask for a raise to just the best days, period. Click on your Sun sign below for your 2005 Overview -- from there, you can link to Your Career in 2005 and Your Love Life in 2005. Here's to a fun, happy and successful New Year! Astrology.com http://www.astrology.com/year/?arrivalSA=1&cobrandRef=0&arrival_freqCap=1&pba=adid=12648602 New Year's Eve 2005 - In New York City As 2005 approaches, New York City gets ready for its annual Times Square celebration. The famous ball drop atop One Times Square has been a tradition dating back to 1906. Each year, hundreds of thousands of people descend upon Times Square to experience this free event. If you are planning to join the festivities, get there early and be prepared - you'll be corralled into barricaded areas where you'll have to stay for the duration. If you leave, you can't get back to where you were. photos and scheduled events featured. http://www.nyctourist.com/newyears1.htm New Years Eve In Las Vegas http://www.lvol.com/events/newyear.html
I was reading the latest email from the Seniornet Folks ( http://www.seniornet.org ) The following article caught my attention: New shows, new conversations, a new way to spend time with friends or family. Create an oasis from the daily grind by starting your own PBS Program Club where you live and use the dramatic, funny, moving and entertaining variety of shows on PBS to talk about what matters to you most. Log on to pbs.org/pbsprogramclub to access discussion questions and tips for getting the conversation started. SeniorNet would love to have you join our online PBS Program discussions too and take advantage of the resources we put together and publish online for our monthly discussions. You can report in to let us know what your local club members are talking about. Next month invite a few friends to watch Do You Speak American? on Wednesday, January 5th at 8pm ET. Then get together and talk about this intriguing glimpse into the dynamic state of American English, from wickety-wack to catty whompus! And, for a limited time (while supplies last) receive a free PBS Program Club starter gift package of gourmet goodies to help kick-start your first gathering when you register your club with PBS. (Please also email marcie@seniornet.org to let SeniorNet know if you start a local club.) Go to: http://www.pbs.org/pbsprogramclub/startaclub.html and click "Register your club today" in the middle of the page. This is what the PBS site suggests: Starting a club is easy and it's free! 1. Pick the show. Choose from the new programs featured on this site each month, or check your local station schedule for a show that looks good to you. 2. Pick some friends. Get together with a bunch of your friends who watched it, too. 3. Pick it apart and have some fun! Talk about it! Use the discussion questions provided or just use the show as a springboard to talk about what matters most to you. http://www.pbs.org/pbsprogramclub/startaclub.html
WEHT.net Thanks to Amanda for this one. WEHT stands for "What Ever Happened To?" This is where you can find out where all those one hit wonders, child stars, sitcom stars, and many more. There are a lot of categories to search through and a lot of information on different people. There is a top five list of the most searched for, last added, top 5, top 5 of the week, to make some searching easier. I know I learned a lot while I was here. Of course you can always just put in the name of who you are looking for and search that way. Like Fabio "now runs his own film production company specializing in animation." That's right the fashion model who graced the covers of tons of romances has settled down to a very private life running his own business. There are so many to browse through. You will feel like you are really getting a history lesson on what's been going on in these people's lives. This site is very fun and frisky. Try not to get lost browsing it though, I found myself looking up one person only to get distracted by more options and spending a good deal of time just reading and looking around. There is a newsletter you can sign up for too, as well as discussion boards so you can discuss your favorites with others on this site. From History to Pop Culture if you are wondering what ever happened to them—you'll probably find it here. http://www.weht.net/
Friday, December 17th 2004 by Andrew Moulden The earliest .net and .org domains? Worthly of note, I think, as they are coincident with the oldest 100 .com domains, this list of what may be the earliest handful of .net and .org registrations: MITRE.ORG 10-Jul-85; SRC.ORG 25-Mar-86; SUPER.ORG 10-Jul-86; NSF.NET 05-Nov-86; AERO.ORG 07-Jan-87; MCNC.ORG 15-Jan-87; RAND.ORG 02-Apr-87; MN.ORG 04-Apr-87; RTI.ORG 01-May-87; UU.NET 20-May-87; USENIX.ORG 14-Jul-87; SESQUI.NET 21-Jul-87; SOFTWARE.ORG 03-Sep-87 kcnet.org was registered January 3, 1997. The First 100 Dot Coms were: http://www.jottings.com/100-oldest-dot-com-domains.htm
Do you want to know how to say your name in Japanese? This script will translate your name so you could say it in Japanese. There are a few things you need to keep in mind though: Also available from the home page and legit: (The name thingie probably isn't...legit but the conversions are cute). You will find a link on the main page called Games and Calculations. Calculators include: Scientific The Pi Calculator Cube a Number! Square Roots Temperature Converter Volume Calculator Wind Chill Calculator http://www.rcs.k12.va.us/csjh/japanesename.htm