[MikesWhatsNews] MWN #478

• From: "Mike" <mikebike@xxxxxxxxx>
• To: mikeswhatsnews@xxxxxxxxxxxxx
• Date: Tue, 23 Apr 2002 17:00:14 -0700

MikesWhatsNews, 24, 04, 2002
in today's issue #478
We Can See You
Klez.H Continues To Spread
ToySafety.net
How Virtual Memory Works
Truth About Computer Virus Hysteria
Microsoft Pushes Back XP Upgrade Roll Out
ZoneAlarm Pro 3.0 Review
CCC      ToySafety.net
        Resetting Internet Explorer To The Default Settings
____________________________________________________________
NOTE: Any time you see the "  ++ ",  it means there is more of the 
article, or story, on the linked site. Mike
____________________________________________________________

There is a complete archive of past MikesWhatsNews newsletters 
available to members on the Yahoo page, it is searchable by word or
issue #. Here is the address direct to the messages;
http://groups.yahoo.com/group/MikesWhatsNews/messages
NEW Freelists archives;
http://www.freelists.org/archives/mikeswhatsnews/
____________________________________________________________

We can SEE YOU and we can PROVE IT!
http://passthison.com/cu/?exit=3Dno
NOTE: As per our strict privacy policy, absolutely NONE of the 
information obtained on this page will be stored in any way or 
shared with others. This page will not spread any computer 
viruses or hack into your computer. It is brought to you by a 
trusted service, PassThisOn.com. This is only a demonstration. 

With that said, look at what information we have already 
successfully gathered about your online session... 

Your computer's Internet Address is: 66.xxx.xx.??? (edited by Mike)
You clicked to this page from: http://www.passthison.com/
Your browser and operating system are: 
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)

[Click] (hyperlink on web page)
here to see what your desktop looks like from our monitoring station. 

Now here's the scary part. On your computer system, we detect a 
LIEEE442 compatible monitor screen. This type of monitor is capable 
of sending data over the Internet about electronic pulses in its 
immediate vicinity. The sensor is located on the upper right hand 
side of your particular monitor's screen. You may not be able to see 
it, but trust us... it's working right now. We'll prove it. Move your 
face towards your screen and then look towards the upper right 
hand side of your screen. 
Open your mouth and go "Ahhh!" 
Then [click here] to trigger your monitor's data sending system. 
You won't believe what results we will show you. 
++
____________________________________________________________

This press release comes from F-Secure. 
For release April 23, 2002

Klez.H continues to spread quickly for the second week 

F-Secure maintains Level 2 Radar Alert

F-Secure Corporation (HEX:FSC) is still monitoring the Klez.H virus, 
which has been spreading around the world for a week. Klez.H is a 
mass-mailing Windows worm, which can generate massive amounts 
of e-mail traffic.

Klez.H
 was found in the wild on April 17th in various countries in Asia.
After that, the worm has been spreading globally. 
In addition to Asia, infections have been reported especially in the 
USA, UK and Central Europe.

"It looks like Klez.H is going to be around for a while - 
probably months," comments Mikko Hypponen, Manager of 
Anti-Virus Research at F-Secure. "
It hasn't shown much sign of slowing down over the past few 
days although all major antivirus programs detect it already - 
proving that there are lots of users out there without 
up-to-date anti-virus protection".

Klez is 8th in a series of viruses written by an individual, 
operating most likely from mainland China or Hong Kong. 
The first virus in this family was found in October 2001. 
Most of the viruses in the Klez family have spread
worldwide. Klez.H, like other Klez viruses, spreads as an 
e-mail attachment.
On some systems the attachment can execute automatically 
when the e-mail is read.

Klez.H has a long list of different e-mail subjects it uses 
when sending itself around. Sometimes Klez puts random text 
as the e-mail subject. The worm can generate different types 
of e-mails that look like they have been sent by people or by 
companies. Also, the name of the attachment used by
Klez.H is random.
But always has the extension BAT, PIF, SCR or EXE.

Klez.H also sometimes picks data files (such as Word 
documents or JPG pictures) from the infected machine and 
attaches them to the messages it sends out. 
This results in confidential information being disclosed to third
parties. This means that Klez.H might sometimes spread other
viruses unintentionally. For example, if a user has DOC files 
infected with a macro virus, Klez might send them to third 
parties, spreading the macro virus further.

F-Secure Corporation is still maintaining Klez.H as a Level 
2 alert under the F-Secure Radar alerting system. 
Level 1 is the highest level of alert.

F-Secure Anti-Virus detects and disinfects the worm. 
Users can also combat Klez and similar viruses by updating 
their web browser and e-mail client with the latest security 
patches. 
System administrators can stop Klez and many similar threats 
by filtering dangerous e-mail attachment types either at the 
firewall or at the e-mail gateway level. 

F-Secure is distributing a free tool to disinfect Klez. 
This program, as well as technical description and screenshots 
of the Klez virus is available at 
http://www.F-Secure.com/v-descs/klez_h.shtml
~~~
more info;
http://www.symantec.com/avcenter/venc/data/w32.klez.
h@xxxxxxx
http://vil.nai.com/vil/content/v_99455.htm
http://www.commandcom.com/virus/klez.html
http://www.Europe.f-secure.com/v-descs/klez_h.shtml
http://www.ravantivirus.com/virus/showvirus.php?v=3D98
More detailed information on Klez.H can be found here:
http://www.viruslist.com/eng/viruslist.html?id=3D4292.
~~~
Methods of protection: 
Free of charge utility that will detect and remove all wide-spread 
versions of the Klez worm family (including Klez.H). 
Download this utility here:
ftp://ftp.kaspersky.ru/utils/clrav.com. 

Kaspersky Labs also recommends users install the 
Microsoft Internet Explorer security patch. Found at:
<http://www.microsoft.com/windows/ie/download/
critical/Q290108/default.asp.>
~~~
Symantec Security Response has developed a tool to
remove both W32.Klez.H@mm and W32.Klez.E@mm.
available at
<http://securityresponse.symantec.com/avcenter/venc/
data/w32.klez.removal.tool.html>
This is the easiest way to remove these threats and
should be tried first.
____________________________________________________________

How Virtual Memory Works -
  http://www.howstuffworks.com/virtual-memory.htm
  Virtual memory makes your computer act like it has a lot more
  RAM than it does. Find out what virtual memory is and how it
  increases the speed of your PC.
From; http://www.howstuffworks.com
____________________________________________________________

Truth About Computer Virus Hysteria
http://Vmyths.com

--------------- Useful links ------------------

A-Z list of computer virus hoaxes
http://Vmyths.com/hoax.cfm

How to spot a hoax computer virus alert
http://Vmyths.com/resource.cfm?id=3D19&page=3D1

Reduce virus hoaxes inside your company
http://Vmyths.com/resource.cfm?id=3D20&page=3D1

False Authority Syndrome
http://Vmyths.com/fas/fas1.cfm

Hoaxes NOT related to computer security
http://Vmyths.com/hoax.cfm?id=3D16&page=3D3

From; Vmyths.com "What's New" Newsletter
____________________________________________________________

Microsoft Pushes Back XP Upgrade Roll Out  by  Peter Galli ~ eWEEK
http://www.pcmag.com/article/0,2997,s=3D1582&a=3D25639,00.asp

SEATTLE =96 
Microsoft Corp. has pushed back the release of the next version of 
the Windows operating system, code-named Longhorn, until 2004. 

In an interview here at its 11th annual Windows Hardware Engineering 
Conference, WinHEC, Jim Allchin, the group vice president of platforms 
at Microsoft, told eWeek that Longhorn was unlikely to ship before 2004. 

The news represents yet another shift in the roadmap for the Windows 
operating system. Initially Microsoft planned to follow XP with the version=
 
code-named Blackcomb, but that was pushed back when it was decided 
to introduce the Longhorn release, which was expected to be a relatively 
minor, point release that would hit the market sometime in 2003. 
 ++
From;  PC MAGAZINE TRENDWATCH  
   www.pcmag.com/pipeline
____________________________________________________________

  ZoneAlarm Pro 3.0 Review
http://www.winplanet.com/winplanet/reviews/4159/1/
Just Say No To Hackers, Ads, and Cookies
Eric Grevstad

Why is Zone Labs like a gangster, and why are you like a neighborhood 
storekeeper? Because Zone wants you to pay for protection. 

The difference is that it's not extortion from crooks, but protection=
 against 
crooks -- the company's famous ZoneAlarm firewall, one of the Web's best 
defenses against hackers, snoops, and Trojan horses, especially for PCs 
with always-on cable or DSL connections. And the company's main 
challenge in getting you to pay is that it offers a version of ZoneAlarm
2.6 that's free for personal use. 

But ZoneAlarm Pro 3.0 works hard for your $50. While the previous 
ZoneAlarm Pro differed from the free firewall only in detail (better e-mail
and networking support, password protection for changes to security 
settings), the new release combines a stronger firewall with extra 
privacy and convenience -- tools putting you in control of the cookies 
(cached text files) that Web sites use to track your identity and surfing 
history, and blocking unwanted banner ads and annoying pop-up and 
pop-under ads that clog your browser and waste your bandwidth. 
++ 
From; www.winplanet.com
____________________________________________________________

Christies Computer Corner thanks to Christy;
<1stPicksites-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>

ToySafety.net

http://www.toysafety.net/

If your shopping list includes toys for children, a visit to
"ToySafety" may be in order.

"ToySafety.net is a project of the National Association of State
Public Interest Research Groups (PIRGs). The information
contained on this site was researched and compiled by state PIRG
staff across the
country and published in the state PIRGs 16th annual "Trouble In
Toyland" report. "

This practical and consumer oriented website presents a list of
potentially hazardous toys and tips for the safety-conscious
buyer. The main focus of concern deals with.  Hop over to the
website and brush up on toy safety before visiting your favorite
toy department.

~~~~~~~

Resetting Internet Explorer To The Default Settings

Occasionally mistake happen when changing the Internet Explorer
settings. But, if it should happen that you make numerous changes
and then Internet Explorer is no longer working as it should, you
can go back and reverse the last few changes you made to see if
that helps.

If things have gone beyond the last few setting changes you made
in IE, you just reset the whole thing and start over again. To do
this, choose Tools|Internet Options. When the dialog box opens,
click the Programs tab and then click Reset Web Settings. Click
OK to close the dialog box and start with fresh default settings.

Was this forwarded to you ?
Get your own subscription here:
<1stpickPCtips-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
http://groups.yahoo.com/group/1stpickPCtips

____________________________________________________________

Antivirus software is a good choice to scan your system for possible 
viruses, however no virus scanner is 100% effective as manufactures
cannot keep up with the rapid change of viruses that happens daily.
Be sure to update yours regularly.
http://www.hackfix.org/software/antivirus.html
____________________________________________________________

Please feel free, to offer constructive criticism, as that will help me 
keep it interesting.
I also welcome any submissions about new products, web pages, or 
articles of interest.

All submissions posted in the newsletter will be given proper credit.
"MikesWhatsNews" believes in giving credit where credit is due but
at times deadlines and information that is very important to readers 
we accidentally misspost an item.
If you believe something to be miscredited, or you know the author
of one of the articles which we have posted as 'unknown', please do 
let us know so we can correct the information where applicable.

Many times in a article you may see a [click here] for more 
information, or to go to a link, these often will not work, as the 
original information, was taken from a page with HTML links.
This is when you will want to go to the webpage indicated in 
the article, ++ ,for 'the rest of the story'
***MfM*** indicates that I am adding my own information to a 
                  particular article.
Mike ~It's a good day if I learned something new.
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
You can read a sample of my newsletter on my web page
http://www3.telus.net/mikebike/
My virus pages http://virusinfo.hackfix.org
mytech@xxxxxxxxxxx


~*~*~*~*~
Was this forwarded to you? Want to subscribe? Send an email
to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe.

For a complete list of email commands for our list send an email 
to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without 
the quotes.

If you wish to unsubscribe from our list send an email to 
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe

To contact the list moderators send an email to 
mikeswhatsnews-moderators@xxxxxxxxxxxxx
~*~*~*~*~

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription