[MikesWhatsNews] MWN #565
- From: "Mike" <mikebike@xxxxxxxxx>
- To: mikeswhatsnews@xxxxxxxxxxxxx
- Date: Wed, 02 Oct 2002 17:45:03 -0700
MikesWhatsNews, 03, 10, 2002
in today's issue #565
F-Secure raising Bugbear alert to highest level
Networking With WinXP Pro PC as the "Master"
ICEOWS v4.10
NoAds
OE Backup and Restore
Un-Formatting
Ant War
Tina's FrontPage Tips
CCC Puzzle Choice
Mysterious Fonts
____________________________________________________________
NOTE: Any time you see the " ++ ", it means there is more
of the article, or story, on the linked site. Mike
____________________________________________________________
There is a complete archive of past MikesWhatsNews newsletters
available to members on the Yahoo page, it is searchable by word or
issue #. Here is the address direct to the messages;
http://groups.yahoo.com/group/MikesWhatsNews/messages
and; //www.freelists.org/archives/mikeswhatsnews/
____________________________________________________________
From F-Secure.
PRESS RELEASE
For release Oct. 2, 2002
Bugbear e-mail worm spreading at an alarming rate
W32/Bugbear-A ~ Aliases: Tanat, Tanatos
F-Secure raising alert to highest level as Bugbear becoming the most
widespread virus currently in circulation
Helsinki, Finland, October 2, 2002 - The Bugbear e-mail worm (also known as
Tanatos) was first seen on Monday, September 30. Since then it has been
located in dozens of countries worldwide and continues to spread at an
increasing rate. Current statistics show that Bugbear/Tanatos has passed
Klez
as the most common virus currently in the world. Klez was the most common
virus for almost all of 2002.
Bugbear is a Windows mass mailer, spreading itself in infected e-mail
attachments, sometimes executing the attachment automatically. It also tries
to spread through open Windows fileshares. A side effect of this is that the
worm sometimes prints massive amounts of nonsense text on network printers.
The worm also attempts to terminate the processes of various antivirus and
firewall programs. Once a machine is infected, it can be remotely controlled
via a graphical backdoor, allowing the hacker to steal and delete
information
from affected computers.
VIRUS OPERATION
The worm can pick up old e-mail messages from an infected system and send
them to random e-mail addresses. This means that private e-mails will be
disclosed to third parties. "Forwarding old e-mails is actually a social
engineering trick," comments Mikko Hypponen, Manager of Anti-Virus Research
at F-Secure. "When people receive such e-mails, they will be baffled by the
contents. In many cases they will click on the file attachment just to
figure
out what the strange e-mail is all about - thereby becoming infected."
Some e-mails sent by Bugbear will use the IFRAME vulnerability. This means
that on an unpatched Windows system the worm attachment will execute
automatically as soon as it is previewed or read. In some cases the worm
fakes the e-mail address of the sender - making it look as if an innocent
third party sent the worm. This creates further confusion and makes it
difficult to warn the infected parties of the problem.
The worm spreads effectively within corporate LANs once one machine gets
infected via e-mail. The worm will enumerate all network shares and try to
copy itself to them. On Windows machines with hard drives shared for several
users, the worm attempts to copy itself to the Startup folder, activating
when the machine is rebooted. The worm tries to copy itself to all types of
shared network resources - including printers. Printers will not and cannot
get infected by Bugbear, but they will attempt to print out the binary code
of the worm - resulting in dozens or hundreds of pages of garbage.
The Bugbear worm tries to terminate various processes in the memory of an
infected computer. This includes processes used by most of the popular
antivirus and personal firewall products - including the outdated F-Secure
Anti-Virus v4.x series. However, the worm does not affect the current
F-Secure Anti-Virus v5.x series. In any case, the worm can only attack
security programs if it executes in the first place - and up-to-date
anti-virus programs will prevent it from executing. "As this worm is already
widespread, there must now be thousands and thousands of computers in the
Internet without any antivirus or firewall protection, because Bugbear has
removed them," comments Hypponen.
The worm will install a backdoor to all infected systems. This backdoor can
be exploited by the virus writer or by hackers, allowing them to connect to
infected machines using a web browser. The worm will show a web user
interface through which the attacker can browse local files or execute
programs. "We haven't seen such an advanced backdoor in a worm before," says
Mikko Hypponen. "Fortunately, it is not easy for script kiddies to enable
this functionality."
"It was such a nice and quiet year virus-wise - up until the middle of
September," continues Hypponen. "After that we have had many large
outbreaks,
including the Slapper and Devnull Linux worms, and the Opaserv and Bugbear
Windows worms."
The year 2001 is generally considered to have been the worst virus year
ever.
"During 2002, the Klez virus has been the most common virus for months and
months. As Bugbear is quite similar to Klez in many ways, I am afraid
Bugbear
will still be widespread in 2003," finishes Mikko Hypponen from F-Secure
Corporation.
A detailed technical description of the worm as well as screenshots are
available in the Global Bugbear Information Center at
http://www.F-Secure.com/bugbear/ .
F-Secure Anti-Virus 5.40 can detect, stop and disinfect the Bugbear worm,
even if the system is already infected with the worm. F-Secure Anti-Virus
can
be downloaded from
http://www.f-secure.com
~~~~~
More refferences;
from "CENTRALCOMMAND.COM Vexira Antivirus"
Full virus description can be read at:
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph
p?p_refno=020930-000024>
~~~~
More details covering the Tanatos Internet worm are now available in the
Kaspersky Virus Encyclopedia at:
http://www.viruslist.com/eng/viruslist.html?id=52245.
~~~~
From Sophos
More information about W32/Bugbear-A can be found at
http://www.sophos.com/virusinfo/analyses/w32bugbeara.html
Download the IDE file from
http://www.sophos.com/downloads/ide/bugbeara.ide
____________________________________________________________
If you intend to use the WinXP Pro PC as the "Master," here's a
tutorial that may help.
http://www.homenethelp.com/web/howto/net-browse-xp.asp
TCP/IP Home Networking and File Sharing Tutorial
Finding Computers using Search and Adding network places
Windows XP Home and Pro
++
Thanks to; Thanks to; Jasmine,
Owner/Group Moderator: http://groups.yahoo.com/group/pro_tech and
http://groups.yahoo.com/group/computersupport_2 Group Moderator:
http://groups.yahoo.com/group/techsupportfordummies
____________________________________________________________
ICEOWS v4.10 [636k] Windows (All) FREE
http://www.mywebattack.com/gnomeapp.php?id=105364
ICEOWS (formerly ArjFolder) is a de/compression tool that integrates into
Windows Explorer and opens zip files as if they were regular folders. All
you have to do is click on a zipped file and it will be opened just as any
other folder. Furthermore it offers built-in decompression for ICE,ARJ, ZIP,
GZIP, TAR, MS-CAB, RAR, ACE, Quake 3 compressed files, Internet Mail files
(Mime, UUE, XXE, B64, HQX), Java Archive (JAR, EAR, WAR), LZS, LZH, LHA, IMP
and BZ2. All of ICEOWS features are integrated into the Windows Explorer
right click menu.
From; Lockergnome
http://www.lockergnome.com/issues/daily/20020930.html
____________________________________________________________
NoAds ~ free
http://www.southbaypc.com/NoAds/
Win 95/98/Me/NT/2000/XP
NoAds stops Internet popup ads from getting in the way of your web surfing.
NoAds is fully configurable, allowing you to specify which ads you want to
be destroyed automatically. It supports most popular web browsers, including
Microsoft Internet Explorer, Netscape Navigator, America Online, and Opera.
The program is very easy to use, and stays running in the system tray for
quick access.
____________________________________________________________
OE Backup and Restore
http://www.tomsterdam.com/insideOE/backup/index.htm
"There are three basic approaches to backing up your Outlook Express files
and settings.
The Simple Backup is only for your email folders and mail and news accounts
settings, and it is indeed pretty simple.
The Complete, or Clone, Backup is for everything in your OE Identity,
including email folders, news folders, message rules, blocked senders, even
your current view settings. It is very complex to describe, but takes about
2-5 minutes to complete in practice.
The Partial Backup is for groups of messages, message rules only, blocked
senders, etc. I suggest you read through all three sections and then decide
which best suits your needs."
++
____________________________________________________________
Un-Formatting
Have you ever tried copying text from a document or web page into Word, and
experienced formatting problems?
If you paste the text into Notepad first then copy and paste it into Word,
you will 'loose' the formatting that had been applied to the original
document.
____________________________________________________________
Ant War
http://www.antwar.com/
Hi, my name is Adam Ant! I'll be your guide to help you start your first
ANT COLONY!
Starting an ANT COLONY is easy! The first thing you'll want to do is get
some Ants!
We all know you can't have an ANT COLONY without Ants, so choose a type of
Ant from the selections to your right! -->
++
____________________________________________________________
Tina's FrontPage Tips, by Tina Clarke
HOW TO MAKE A VERTICAL LINE
Make a table with 3 cells
Make a 1X1pixel transparent gif
Configure the width of the middle cell to one and
the background to the colour of choice.
Insert your 1x1 gif This will make vertical line
between the two cells and separate your
content.
AccessFP ~ FrontPage Resource Centre
Site ~ http://www.accessfp.net/
Ezine & Forums ~ http://anyfrontpage.com/ FREE FP E-Books
Journal ~ http://groups.yahoo.com/group/AccessFPJournal
____________________________________________________________
Christies Computer Corner thanks to Christy;
<1stPicksoftware-request@xxxxxxxxxxxxx?Subject=subscribe>
Puzzle Choice
http://www.puzzlechoice.com/
"A wide choice of free printable and interactive puzzles and
games for all the family. Crosswords, Wordsearches, Logics,
Jigsaws, Sliders, Number puzzles, Quizzes, Word games and more."
~~~~~~~
Mysterious Fonts
After you've worked on a computer for any length of time, you've
likely accumulated a collection of fonts. Often, they're placed
on your system during a program's installation without your
knowledge.
You don't have to guess what any of these mysterious fonts look
like, or resort to the time-consuming method of typing text into
your word processor using that font to see its style.
Open up Control Panel and double-click on the Fonts icon. You'll
now see a long list of the font names of all your system's
installed fonts. When you double-click on one, a sample page will
pop up showing you both upper and lowercase letters, as well as
how that font looks in many different point sizes.
If you'd like to put together a binder of your fonts, click on
the Print button at the top of the window to print that sample
page.
This also works if you have uninstalled fonts stashed away in a
folder on your hard drive, although the approach is different.
Open up Windows Explorer, navigate to the folder where the
uninstalled fonts reside, and double-click on one. The same
sample page will pop up.
Was this forwarded to you ?
Get your own subscription here:
<1stpickPCtips-request@xxxxxxxxxxxxx?Subject=subscribe>
____________________________________________________________
Antivirus software is a good choice to scan your system for possible viruses,
however no virus scanner is 100% effective as manufactures cannot keep up with
the rapid change of viruses that happens daily.
Be sure to update yours regularly.
http://www.hackfix.org/software/antivirus.html
______________________________________________________________________
Please feel free, to offer constructive criticism, as that will help me keep it
interesting.
I also welcome any submissions about new products, web pages, or articles of
interest.
All submissions posted in MWN will be given proper credit.
"MikesWhatsNews" believes in giving credit where credit is due but at times
deadlines and information that is very important to readers we accidentally
misspost an item.
If you believe something to be miscredited, or you know the author of one of
the articles which we have posted as 'unknown', please do let us know so we can
correct the information where applicable.
Many times in a article you may see a click here for more information, or to go
to a link, these often will not work, as the original information, was taken
from a page with HTML links. This is when you will want to go to the webpage
indicated in the article, ++ ,for 'the rest of the story'
***MfM*** indicates that I am adding my own information to a particular
article.
`~*~*~*~*~*~`
Mike ~It's a good day if I learned something new.
You can read a sample of my newsletter on my web page http://www.mwn.ca
My virus pages ~ http://virusinfo.hackfix.org
mytech@xxxxxxxxxxx
~*~*~*~*~
Was this forwarded to you? Want to subscribe? Send an email
to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe.
For a complete list of email commands for our list send an email
to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without
the quotes.
If you wish to unsubscribe from our list send an email to
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe
To contact the list moderators send an email to
mikeswhatsnews-moderators@xxxxxxxxxxxxx
~*~*~*~*~
Other related posts:
- » [MikesWhatsNews] MWN #565
