MikesWhatsNews, 20, 02, 2004 in today's issue #720 Virus Alert W32/Netsky-B HackFix Updates 2 Free Online PestScan 3 Outpost Firewall Pro 2.1 4 NSA/CSS Kids' Page 5 Windows Server 2003 Resource Kit Tools 6 EasyCleaner 2.0.6.369 7 The Nunavut Game 8 CCC MP3 Cataloguer 9 Spunkier Menus 10 Dictionary Attack 11 Remove Some of the Restore Points in XP 12 Windows Security Update CD ZoneLabs Security update ____________________________________________________________ NOTE: Any time you see the " ++ ", it means there is more of the article, or story, on the linked site. Mike ____________________________________________________________ There is a complete archive of past MikesWhatsNews newsletters available to members on the Yahoo page, it is searchable by word or issue #. Here is the address direct to the messages; http://groups.yahoo.com/group/MikesWhatsNews/messages and; //www.freelists.org/archives/mikeswhatsnews/ ____________________________________________________________ Please rate this Ezine at the Cumuli Ezine Finder http://www.cumuli.com/ezines/ra20853.rate <a href="http://www.cumuli.com/ezines/ra20853.rate";> AOL Users</a> ___________________________________________________________ W32/Netsky-B Also Known As: W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky] Information about W32/Netsky-B can be found at: CERT; http://www.cert.org/incident_notes/IN-2004-02.html Computer Associates; http://www3.ca.com/virusinfo/virus.aspx?ID=38332 Kaspersky: http://www.viruslist.com/eng/alert.html?id=983343 Panda: http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus =44815 Sorphos: http://www.sophos.com/virusinfo/analyses/w32netskyb.html Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@xxxxxxx W32.Netsky.B is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. This worm also searches drives C through Z for folder names containing "Share" or "Sharing," and then copies itself to those folders. Symantec Security Response has developed a removal tool to clean the infections of W32.Netsky.B@mm. http://www.symantec.com/techsupp/vURL.cgi/sctyrsp2 Trend; http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY .B For worm removal instructions; http://www3.telus.net/mikebike/worm_removal.htm ___________________________________________________________ HackFix updates, thanks to Christy; staff@xxxxxxxxxxx Http://www.hackfix.org This weeks Virus Pattern Updates (02/19/2004) All Software listed Alphabetically by Company name as some companies manufacture more then one product. Aladdin Knowledge Systems Esafe Desktop/Gateway/Enterprise Last Updated Feb 18/2004 To update your software Visit: http://www.esafe.com/esafe/downloads/virusig.asp Or From the Esafe folder in your Start Menu select Download Updates ~~~~~ AlWil Software Avast Antivirus Last Updated Feb 18/2004 To update your software: Visit: http://www.avast.com/i_kat_69.html Or Right click on the AVAST icon in the system tray, Select iAVS Update, AVAST will check for updates and download the appropriate files as needed. ~~~~~ Authentium Software Systems Command antivirus Last Updated Feb 18/2004 To update your software Visit http://www.authentium.com/support/downloads/index.cfm ~~~~~ Center for Antivirus Technologies (CAT) Quickheal Last Updated Feb 12/2004 To update your software Visit: http://www.quickheal.com/winupg.htm Or Open Quickheal select Utility from the top toolbar and liveupdate. Follow the onscreen prompts. Alternately you can select Liveupdate directly from the QuickHeal program menu on the startmenu. ~~~~~ Frisk Software Systems Fprot Last Updated Feb 18/2004 To update your software Visit: http://www.f-prot.com/download/home_user/ ~~~~~ Computer Associates E-Trust Last updated feb 19/2004 To update your software http://support.cai.com/Download/virussig.html Or From the Respective folder in your Start Menu select Autodownload For Vet Anti virus http://www.vet.com.au/html/software/update.html Be sure to have your Customer ID and your registered email address handy for verification. **Note** We knew this time would come eventually, that Computer Associates would not continue to support/update the older program https://www2.my-etrust.com/services/ipe_support?? ~~~~~~ GeCad Software Rav (Reliable AntiVirus) Last Updated: Feb 19/2004 To update your software: Visit: http://www.ravantivirus.com/pages/dldupdate.php?type=Daily Or Open Rav and select Rav Update from the toolbar ~~~~~ Grisoft Inc. AVG Last updated Feb 18/2004 To update your software Visit: http://www.grisoft.com/us/us_index.php Or Open AVG and click Virus Database to check for updates Or Open AVG control centre and click Update Manager/update now **Note: To help speed up AVG updates you can set your program to use an alternate download site. Open AVG control centre->update manager->download from server. The drop downbox should have listed www.grisoft.com (default) and www.grisoft.cz. (be sure to select "apply" when done to save the changes) The default site is most often used so can at times become temporarily unavailable. By using the secondary site (www.grisoft.cz) helps to ease the server and makes your update go quicker as most don't use it! ~~~~~ H+Bedv AntiVir Last updated Feb 19/2004 To update your software Visit: http://www.free-av.com/antivirus/allinonen.html Or Open AntiVir, from the top toolbar select Tools-> start internet update and follow the on screen prompts. Vexira Last updated Feb 19/2004 To update your software Visit: http://www.centralcommand.com/updates.html Or Open Vexira, from the top toolbar select Tools-> start internet update and follow the on screen prompts. Vexira Antivirus is marketed by Central Command however it is the same program as Antivir with only a different name. ~~~~~ Kaspersky Kaspersky Anti-Virus (formerly AVP) Last updated Feb 13/2004 To update your software Visit: http://www.kasperskylabs.com/updates.asp Or Open AVP from the top toolbar click Tools-> Update virus definition Or From the Kaspersky folder in your Start Menu select AVP updater *Note* Avp now has available a cumulative update and a daily update with the daily being any important items they feel shouldn't wait till the next cumulative update. Our dates here are based on the most recent Major update. **Note: Improved update accessiblity. To ease the update web traffic Kaspersky labs has additional servers for autoupdating. The program defaults to use one server but can be altered to check a variety of servers. Select Kaspersky updater, select update via the internet to open the drop down box(es) select "location" Check the box labeled "Use alternate locations from the list" select next and next to update. This option should stay selected after the first time. This helps Kaspersky lighten the load for updates and helps you obtain updates easier. ~~~~~ Network Associates Mcafee Last updated Feb 18/2004 To update your software For Mcafee Visit http://www.networkassociates.com/us/downloads/updates/superdat.asp (for Virus and Engine updates) Drsolomn (Product no longer available for new users however updates still available for current users): Go to the following Internet site: http://download.mcafee.com/updates/4x.asp IMPORTANT: When you get to this site you may notice that it refers to VirusScan. This update is not only for VirusScan. It also works with Dr.Solomon's. Or Open your respective software virus scan scheduler, double click Auto update, click Run Now to do a manual live update, or click Schedule to set up a timed live update. ~~~~~ Norman Data Defence Norman Virus Control Last updated Feb 18/2004 To update your software Visit: http://www.norman.com/downloads.shtml#definition_files_updates Be sure to have your Valid Username and password handy for verification. Or From the Norman folder in your Start Menu select Internet Update **Note Norman Virus Control web updates are only for version prior to 5.0. Norman 5.0 can only be updated via the update in the program itself. Thunderbyte Anti Virus Current Version: This product is no longer being supported. http://www.norman.com/tbav.shtml ~~~~~ Softwin BitDefender (Previously known as AVX - AntiVirus eXpert as of Nov 06/01) Last Updated Feb 13/2004 To update your software Visit: http://www.bitdefender.com/bd/site/downloads.php?menu_id=19&s_id=3 Or Open BitDefender select Protection Options->live upgrade Or From the BitDefender folder in your Start Menu select Bitdefender Live Press Release on the software change http://www.bitdefender.com/press/ref1.php ~~~~~ Sophos Sophos Anti Virus Last IDE available Feb 19/2004 To obtain the latest IDE files Visit: http://www.sophos.com/downloads/ide/ **Note: Sophos does not update as other products do. They update the Engine/software once a month (or so) to include all the previous IDE files. New IDE files are available with new virus threats and must be downloaded individually until the next software update is available. Our update dates reflect the most recent available IDE file. ~~~~~ Symantec Nortons AntiVirus Last updated Feb 19/2004 To update your software Visit: http://www.symantec.com/avcenter/defs.download.html select your language -> product from the list Or Open Nortons software and click the "live update" button Or From the Nortons folder in your Start Menu select LiveUpdate - Norton Antivirus ~~~~~ Trend Micro PcCillin Last updated Feb 19/2004 To update your software Visit: http://www.antivirus.com/download/pattern.asp Be sure to have your Registration number handy for verification Or Open PcCillin click Update then click Update Now (or Update later to Schedule a timed update) ~~~~~~~~~ If there is an Anti Virus program that is Not listed here that you would like to see added to the weekly updates list Please feel free to let us know. Remember Your anti virus software is only as good as the user... If you don't keep it updated it won't provide you with maximum protection. This weekly Update will be sent every Thursday on or after 6pm (eastern) to keep you up to date on virus pattern updates available. Virus patterns are checked for most recent update date as of 6pm Thursdays. ~~~~ ~ Hackfix Project Staff staff@xxxxxxxxxxx Http://www.hackfix.org ____________________________________________________________ 2 Free Online PestScan http://www.zonelabs.com/store/content/promotions/pestscan/pestscan2.jsp Detect bugs your antivirus doesn't even look for. Do you already have spyware, unwanted cookies or other Internet security breaches on your PC? Take the free PestScan online detector and get a status of your machine. It's a quick and easy way to scan your PC for pests in the places they're most likely to be hiding. How it works: PestScan from PestPatrol is an ActiveX-based scanner that runs right from this Web site, downloading just two small components to your computer. ++ ____________________________________________________________ 3 Outpost Firewall Pro 2.1 http://www.agnitum.com/products/outpost/ Agnitum has released Outpost Firewall Pro 2.1, the latest upgrade to the award-winning personal firewall program. Performance, functionality and interactivity have been significantly expanded and now provide the users with more control, flexibility and better security and privacy protection. New version is easy to install for both the new users and those who already benefit from earlier versions of Outpost. Seamless migration with the Agnitum Update provides one-click instant online upgrade. ++ ____________________________________________________________ 4 NSA/CSS Kids' Page http://www.nsa.gov/programs/kids/index.html The Puzzle Solvers at Cryptic Manor was developed to share the fun and excitement of solving challenging problems--and hopefully get you thinking about careers in math, computer science, and technology. The National Security Agency employs some of the world's leading code makers and code breakers, many of whom are also talented computer scientists, mathematicians, engineers, and analysts. So you'll discover a number of the puzzles involve codes. In fact, Codey, your owlish guide for this site, was named for the codes created by our master cryptanalysts as well as the programming instructions (also called code) generated by our computer experts. Explore the rooms of the Cryptic Manor to find hidden links to the puzzles. The site contains both interactive puzzles and ones to print out and work with paper and pencil. We designed the puzzles to be challenging, so you'll need both time and brainpower to work out the solutions. You'll find more information by clicking on the yellow buttons on the left under Codey. Happy puzzle solving! ++ ____________________________________________________________ 5 Windows Server 2003 Resource Kit Tools <http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae 7-96ee-b18c4790cffd&displaylang=en> The Microsoft® Windows® Server 2003 Resource Kit Tools are a set of tools to help administrators streamline management tasks such as troubleshooting operating system issues, managing Active Directory®, configuring networking and security features, and automating application deployment. Supported Operating Systems: Windows Server 2003, Windows XP 30 MB of free disk space Windows XP Windows XP SP1 Windows Server 2003 family ++ ____________________________________________________________ 6 EasyCleaner freeware http://personal.inet.fi/business/toniarts Second, the "new" site is limited, the traffic is enormous so temporary errors (file not found) are to be experienced. Just try again... I released EasyCleaner 2.0.6.369 with 4 new languages. It has a load of improvements as well as few fixes. An update is recommended! ++ ____________________________________________________________ 7 The Nunavut Game http://www.athropolis.com/game-nunavut.htm Nunavut - "our land" in the Inuktitut language - has been home to Inuit for millennia and part of Canada for more than a century. Guess the locations that are within Nunavut. To guess a letter - just click on it. If you're right - it appears in the name spaces. If you're wrong - it just disappears. Poof! Gone! Tavvauvusi! ____________________________________________________________ 8 'Christy's Computer Corner' thanks to Christy; http://www.1stpick.org MP3 Cataloguer Freeware http://users.skynet.be/fa210674/MP3Cataloguer/Index.html Compatibility: Win98, 2000, NT, XP MP3 Cataloguer allows you to store all information about your MP3 compilations. A compilation is a group of one or more MP3 albums. When all albums are added in the application, you can easily view the content of a compilation: all albums and for each album, all songs. You can also search for an expression in all compilations. One more feature is to create a customized report of all your compilations. ~~~~~~~~ 9 Spunkier Menus This is a Registry Tip! Be sure to back up your registry before making any changes! See the links at the end of this article Are your menus a bit sluggish? Well, you'll be happy to learn that you can speed up their display speed. This trick is most noticeable for sub menus (like on your Programs menu). These faster menus are better! It kind of makes your computer seem a bit faster and more responsive. Here's how you change your menu display speed: 1. Hit the Start button, Run. 2. Type: regedit and hit Enter (or click OK if you prefer). 3. Navigate to: HKEY_CURRENT_USER\Control Panel\Desktop Once you open the Desktop folder, scroll down to the "MenuShowDelay" item on the right. Special Note: If you don't see a "MenuShowDelay" item, you can make one. Just right-click a blank area in the right hand pane. Select New, String from the resulting menu. Next, type in: MenuShowDelay Exactly as shown. Once that's done, you can proceed to the next step: Double-click the "MenuShowDelay" item and change the value to a lower number (default is 400 or 500 depending on the system). I like 100 myself (enter 0 for instant menus). Oh, those numbers are in milliseconds, in case you were worried about it. Be sure to enter something here (even 0) if you had to create the value using the special note above! Hit OK, exit the registry editor, and restart your computer. Once you're restarted, head to the Start button, Programs. Play around with the sub menus and I think you'll find they are much more responsive. Keep in mind if your system resources are maxed out - or if the thing is just plain slow - you may not see much improvement. Remember: Before making Any registry change either suggested by us or anyone else, Backup your registry! One wrong move in the registry could render windows inoperable! With a current backup you can restore your registry to its previous condition before you made the change. Backing up is a simple procedure that takes seconds and can save you hours of work later if you make a mistake. To backup the registry in win95/98/98se: http://1stpick.org/pctips/registry.shtml#win9x To backup the registry in winME: http://1stpick.org/pctips/registry.shtml#winme To backup the registry in win2K: http://1stpick.org/pctips/registry.shtml#win2k To backup the registry in winXP: http://1stpick.org/pctips/registry.shtml#winxp Was this forwarded to you ? Get your own subscription here: <1stpickPCtips-request@xxxxxxxxxxxxx?Subject=subscribe> ____________________________________________________________ 10 Dictionary Attack deffinition http://www.webopedia.com/TERM/D/dictionary_attack.html (n.) (1) A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with words that have a higher possibility of being used, such as names and places. The word ?dictionary? refers to the attacker exhausting all of the words in a dictionary in an attempt to discover the password. Dictionary attacks are typically done with software instead of an individual manually trying each password. (2) An e-mail spamming technique in which the spammer sends out thousands or millions of e-mails with randomly generated addresses using combinations of letters added to known domain names in the hopes of reaching a percentage of actual e-mail addresses. For example, a dictionary attack list might begin with john@xxxxxxxxxxxxx, john1@xxxxxxxxxxxxx, john2@xxxxxxxxxxxxx, and so on until all possible combinations of letters and numbers has been exhausted. From; Webopedia http://www.webopedia.com ____________________________________________________________ 11 Mike's Friday Tip ~ Remove Some of the Restore Points in XP Sometimes we need to remove some of the accumulated restore points in XP. Go to; Start=> My Computer=> Right click on Hard Disk Drive=> Properties=> on the General tab click Disk Cleanup=> More Options=> System Restore remove the older ones. ____________________________________________________________ Windows Security Update CD I was reading the latest news from PCWORLD.com and came across some really interesting information about Microsoft offering a Free CD Disc, provides dial-up users with necessary patches, but lacks the latest fixes. Here are the links, for you to check out, if you want to let people know about this great information. http://www.pcworld.com/news/article/0,aid,114849,00.asp http://www.microsoft.com/security/protect/cd/order.asp As a bonus, the disc includes information on PC protection and free trial versions of antivirus and firewall software, according to the Microsoft Web site. The Windows Security Update CD is available for Windows XP, Windows Millennium Edition (ME), Windows 2000, Windows 98, and Windows 98 Second Edition (SE). Thank you for your time and have a great day! Wayne Thanks to; Wayne ____________________________________________________________ Zone Labs SMTP Processing Vulnerability http://download.zonelabs.com/bin/free/securityAlert/8.html Overview: A security vulnerability exists in specific versions of ZoneAlarm®, ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity? client. This vulnerability is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing which could lead to a buffer overflow. In order to exploit the vulnerability without user assistance, the target system must be operating as an SMTP server. Zone Labs does not recommend using our client security products to protect servers. Upgrading an affected Zone Labs product will remove this vulnerability. Date Published: February 18, 2004 Last Update: February 18, 2004 Impact: If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code?s privileges. Zone Labs recommends affected users update their software to the current versions which address the issue. Affected Products: ZoneAlarm family of products and Integrity client versions 4.0 and above. Unaffected Products: ZoneAlarm and Integrity client versions earlier than 4.0. Integrity Server and Integrity Clientless Security products are not affected. Description: Zone Labs desktop security products process SMTP in order to perform various security functions. Due to an unchecked buffer in the SMTP processing system, a skilled attacker could cause the firewall to stop processing traffic or execute arbitrary code. Successful exploitation requires one of the following scenarios and applies only to SMTP traffic: A program listening on port 25/TCP (SMTP) of the target system. This condition is usually only present on SMTP servers. Zone Labs does not recommend using our client security products to protect servers. A malicious program running on the protected system could trigger the buffer overflow and gain SYSTEM privileges if the user or administrator has given it permission to access the network. In all cases, the program requesting network access must be approved by the user through the Program Control policy. Recommended Actions: ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro users should upgrade to version: 4.5.538.001. To update your Zone Labs client product: Select Overview > Preferences. In the Check for Updates area, choose an update option. Automatically: Zone Labs security software automatically notifies you when an update is available. Manually: You monitor the Status tab for updates. To invoke an update check immediately, click "Check for Update". Integrity 4.0 users should upgrade to Integrity client version: 4.0.146.046. Integrity 4.5 users should upgrade to Integrity client version: 4.5.085. Integrity updates are available on the Zone Labs Enterprise Support web site. ____________________________________________________________ If you wish to unsubscribe from our list send an email to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe Antivirus software is a good choice to scan your system for possible viruses, however no virus scanner is 100% effective as manufactures cannot keep up with the rapid change of viruses that happens daily. Be sure to update yours regularly. http://www.hackfix.org/software/antivirus.html ______________________________________________________________________ Please feel free, to offer constructive criticism, as that will help me keep it interesting. I also welcome any submissions about new products, web pages, or articles of interest. All submissions posted in MWN will be given proper credit. "MikesWhatsNews" believes in giving credit where credit is due but at times deadlines and information that is very important to readers we accidentally misspost an item. If you believe something to be miscredited, or you know the author of one of the articles which we have posted as 'unknown', please do let us know so we can correct the information where applicable. Many times in a article you may see a click here for more information, or to go to a link, these often will not work, as the original information, was taken from a page with HTML links. This is when you will want to go to the webpage indicated in the article, ++ ,for 'the rest of the story' ***MfM*** indicates that I am adding my own information to a particular article. `~*~*~*~*~*~` Mike ~It's a good day if I learned something new. You can read a sample of my newsletter on my web page http://www.mwn.ca My virus pages ~ http://virusinfo.hackfix.org mytech@xxxxxxxxxxx ~*~*~*~*~ Was this forwarded to you? Want to subscribe? Send an email to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe. For a complete list of email commands for our list send an email to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without the quotes. If you wish to unsubscribe from our list send an email to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe To contact the list moderators send an email to mikeswhatsnews-moderators@xxxxxxxxxxxxx ~*~*~*~*~