MikesWhatsNews, 03, 10, 2002 in today's issue #565 F-Secure raising Bugbear alert to highest level Networking With WinXP Pro PC as the "Master" ICEOWS v4.10 NoAds OE Backup and Restore Un-Formatting Ant War Tina's FrontPage Tips CCC Puzzle Choice Mysterious Fonts ____________________________________________________________ NOTE: Any time you see the " ++ ", it means there is more of the article, or story, on the linked site. Mike ____________________________________________________________ There is a complete archive of past MikesWhatsNews newsletters available to members on the Yahoo page, it is searchable by word or issue #. Here is the address direct to the messages; http://groups.yahoo.com/group/MikesWhatsNews/messages and; //www.freelists.org/archives/mikeswhatsnews/ ____________________________________________________________ From F-Secure. PRESS RELEASE For release Oct. 2, 2002 Bugbear e-mail worm spreading at an alarming rate W32/Bugbear-A ~ Aliases: Tanat, Tanatos F-Secure raising alert to highest level as Bugbear becoming the most widespread virus currently in circulation Helsinki, Finland, October 2, 2002 - The Bugbear e-mail worm (also known as Tanatos) was first seen on Monday, September 30. Since then it has been located in dozens of countries worldwide and continues to spread at an increasing rate. Current statistics show that Bugbear/Tanatos has passed Klez as the most common virus currently in the world. Klez was the most common virus for almost all of 2002. Bugbear is a Windows mass mailer, spreading itself in infected e-mail attachments, sometimes executing the attachment automatically. It also tries to spread through open Windows fileshares. A side effect of this is that the worm sometimes prints massive amounts of nonsense text on network printers. The worm also attempts to terminate the processes of various antivirus and firewall programs. Once a machine is infected, it can be remotely controlled via a graphical backdoor, allowing the hacker to steal and delete information from affected computers. VIRUS OPERATION The worm can pick up old e-mail messages from an infected system and send them to random e-mail addresses. This means that private e-mails will be disclosed to third parties. "Forwarding old e-mails is actually a social engineering trick," comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. "When people receive such e-mails, they will be baffled by the contents. In many cases they will click on the file attachment just to figure out what the strange e-mail is all about - thereby becoming infected." Some e-mails sent by Bugbear will use the IFRAME vulnerability. This means that on an unpatched Windows system the worm attachment will execute automatically as soon as it is previewed or read. In some cases the worm fakes the e-mail address of the sender - making it look as if an innocent third party sent the worm. This creates further confusion and makes it difficult to warn the infected parties of the problem. The worm spreads effectively within corporate LANs once one machine gets infected via e-mail. The worm will enumerate all network shares and try to copy itself to them. On Windows machines with hard drives shared for several users, the worm attempts to copy itself to the Startup folder, activating when the machine is rebooted. The worm tries to copy itself to all types of shared network resources - including printers. Printers will not and cannot get infected by Bugbear, but they will attempt to print out the binary code of the worm - resulting in dozens or hundreds of pages of garbage. The Bugbear worm tries to terminate various processes in the memory of an infected computer. This includes processes used by most of the popular antivirus and personal firewall products - including the outdated F-Secure Anti-Virus v4.x series. However, the worm does not affect the current F-Secure Anti-Virus v5.x series. In any case, the worm can only attack security programs if it executes in the first place - and up-to-date anti-virus programs will prevent it from executing. "As this worm is already widespread, there must now be thousands and thousands of computers in the Internet without any antivirus or firewall protection, because Bugbear has removed them," comments Hypponen. The worm will install a backdoor to all infected systems. This backdoor can be exploited by the virus writer or by hackers, allowing them to connect to infected machines using a web browser. The worm will show a web user interface through which the attacker can browse local files or execute programs. "We haven't seen such an advanced backdoor in a worm before," says Mikko Hypponen. "Fortunately, it is not easy for script kiddies to enable this functionality." "It was such a nice and quiet year virus-wise - up until the middle of September," continues Hypponen. "After that we have had many large outbreaks, including the Slapper and Devnull Linux worms, and the Opaserv and Bugbear Windows worms." The year 2001 is generally considered to have been the worst virus year ever. "During 2002, the Klez virus has been the most common virus for months and months. As Bugbear is quite similar to Klez in many ways, I am afraid Bugbear will still be widespread in 2003," finishes Mikko Hypponen from F-Secure Corporation. A detailed technical description of the worm as well as screenshots are available in the Global Bugbear Information Center at http://www.F-Secure.com/bugbear/ . F-Secure Anti-Virus 5.40 can detect, stop and disinfect the Bugbear worm, even if the system is already infected with the worm. F-Secure Anti-Virus can be downloaded from http://www.f-secure.com ~~~~~ More refferences; from "CENTRALCOMMAND.COM Vexira Antivirus" Full virus description can be read at: <http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph p?p_refno=020930-000024> ~~~~ More details covering the Tanatos Internet worm are now available in the Kaspersky Virus Encyclopedia at: http://www.viruslist.com/eng/viruslist.html?id=52245. ~~~~ From Sophos More information about W32/Bugbear-A can be found at http://www.sophos.com/virusinfo/analyses/w32bugbeara.html Download the IDE file from http://www.sophos.com/downloads/ide/bugbeara.ide ____________________________________________________________ If you intend to use the WinXP Pro PC as the "Master," here's a tutorial that may help. http://www.homenethelp.com/web/howto/net-browse-xp.asp TCP/IP Home Networking and File Sharing Tutorial Finding Computers using Search and Adding network places Windows XP Home and Pro ++ Thanks to; Thanks to; Jasmine, Owner/Group Moderator: http://groups.yahoo.com/group/pro_tech and http://groups.yahoo.com/group/computersupport_2 Group Moderator: http://groups.yahoo.com/group/techsupportfordummies ____________________________________________________________ ICEOWS v4.10 [636k] Windows (All) FREE http://www.mywebattack.com/gnomeapp.php?id=105364 ICEOWS (formerly ArjFolder) is a de/compression tool that integrates into Windows Explorer and opens zip files as if they were regular folders. All you have to do is click on a zipped file and it will be opened just as any other folder. Furthermore it offers built-in decompression for ICE,ARJ, ZIP, GZIP, TAR, MS-CAB, RAR, ACE, Quake 3 compressed files, Internet Mail files (Mime, UUE, XXE, B64, HQX), Java Archive (JAR, EAR, WAR), LZS, LZH, LHA, IMP and BZ2. All of ICEOWS features are integrated into the Windows Explorer right click menu. From; Lockergnome http://www.lockergnome.com/issues/daily/20020930.html ____________________________________________________________ NoAds ~ free http://www.southbaypc.com/NoAds/ Win 95/98/Me/NT/2000/XP NoAds stops Internet popup ads from getting in the way of your web surfing. NoAds is fully configurable, allowing you to specify which ads you want to be destroyed automatically. It supports most popular web browsers, including Microsoft Internet Explorer, Netscape Navigator, America Online, and Opera. The program is very easy to use, and stays running in the system tray for quick access. ____________________________________________________________ OE Backup and Restore http://www.tomsterdam.com/insideOE/backup/index.htm "There are three basic approaches to backing up your Outlook Express files and settings. The Simple Backup is only for your email folders and mail and news accounts settings, and it is indeed pretty simple. The Complete, or Clone, Backup is for everything in your OE Identity, including email folders, news folders, message rules, blocked senders, even your current view settings. It is very complex to describe, but takes about 2-5 minutes to complete in practice. The Partial Backup is for groups of messages, message rules only, blocked senders, etc. I suggest you read through all three sections and then decide which best suits your needs." ++ ____________________________________________________________ Un-Formatting Have you ever tried copying text from a document or web page into Word, and experienced formatting problems? If you paste the text into Notepad first then copy and paste it into Word, you will 'loose' the formatting that had been applied to the original document. ____________________________________________________________ Ant War http://www.antwar.com/ Hi, my name is Adam Ant! I'll be your guide to help you start your first ANT COLONY! Starting an ANT COLONY is easy! The first thing you'll want to do is get some Ants! We all know you can't have an ANT COLONY without Ants, so choose a type of Ant from the selections to your right! --> ++ ____________________________________________________________ Tina's FrontPage Tips, by Tina Clarke HOW TO MAKE A VERTICAL LINE Make a table with 3 cells Make a 1X1pixel transparent gif Configure the width of the middle cell to one and the background to the colour of choice. Insert your 1x1 gif This will make vertical line between the two cells and separate your content. AccessFP ~ FrontPage Resource Centre Site ~ http://www.accessfp.net/ Ezine & Forums ~ http://anyfrontpage.com/ FREE FP E-Books Journal ~ http://groups.yahoo.com/group/AccessFPJournal ____________________________________________________________ Christies Computer Corner thanks to Christy; <1stPicksoftware-request@xxxxxxxxxxxxx?Subject=subscribe> Puzzle Choice http://www.puzzlechoice.com/ "A wide choice of free printable and interactive puzzles and games for all the family. Crosswords, Wordsearches, Logics, Jigsaws, Sliders, Number puzzles, Quizzes, Word games and more." ~~~~~~~ Mysterious Fonts After you've worked on a computer for any length of time, you've likely accumulated a collection of fonts. Often, they're placed on your system during a program's installation without your knowledge. You don't have to guess what any of these mysterious fonts look like, or resort to the time-consuming method of typing text into your word processor using that font to see its style. Open up Control Panel and double-click on the Fonts icon. You'll now see a long list of the font names of all your system's installed fonts. When you double-click on one, a sample page will pop up showing you both upper and lowercase letters, as well as how that font looks in many different point sizes. If you'd like to put together a binder of your fonts, click on the Print button at the top of the window to print that sample page. This also works if you have uninstalled fonts stashed away in a folder on your hard drive, although the approach is different. Open up Windows Explorer, navigate to the folder where the uninstalled fonts reside, and double-click on one. The same sample page will pop up. Was this forwarded to you ? Get your own subscription here: <1stpickPCtips-request@xxxxxxxxxxxxx?Subject=subscribe> ____________________________________________________________ Antivirus software is a good choice to scan your system for possible viruses, however no virus scanner is 100% effective as manufactures cannot keep up with the rapid change of viruses that happens daily. Be sure to update yours regularly. http://www.hackfix.org/software/antivirus.html ______________________________________________________________________ Please feel free, to offer constructive criticism, as that will help me keep it interesting. I also welcome any submissions about new products, web pages, or articles of interest. All submissions posted in MWN will be given proper credit. "MikesWhatsNews" believes in giving credit where credit is due but at times deadlines and information that is very important to readers we accidentally misspost an item. If you believe something to be miscredited, or you know the author of one of the articles which we have posted as 'unknown', please do let us know so we can correct the information where applicable. Many times in a article you may see a click here for more information, or to go to a link, these often will not work, as the original information, was taken from a page with HTML links. This is when you will want to go to the webpage indicated in the article, ++ ,for 'the rest of the story' ***MfM*** indicates that I am adding my own information to a particular article. `~*~*~*~*~*~` Mike ~It's a good day if I learned something new. You can read a sample of my newsletter on my web page http://www.mwn.ca My virus pages ~ http://virusinfo.hackfix.org mytech@xxxxxxxxxxx ~*~*~*~*~ Was this forwarded to you? Want to subscribe? Send an email to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe. For a complete list of email commands for our list send an email to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without the quotes. If you wish to unsubscribe from our list send an email to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe To contact the list moderators send an email to mikeswhatsnews-moderators@xxxxxxxxxxxxx ~*~*~*~*~