[MikesWhatsNews] MWN #720 HackFix
- From: "Mike" <mikebike@xxxxxxxxx>
- To: mikeswhatsnews@xxxxxxxxxxxxx
- Date: Thu, 19 Feb 2004 16:58:54 -0800
MikesWhatsNews, 20, 02, 2004
in today's issue #720
Virus Alert W32/Netsky-B
HackFix Updates
2 Free Online PestScan
3 Outpost Firewall Pro 2.1
4 NSA/CSS Kids' Page
5 Windows Server 2003 Resource Kit Tools
6 EasyCleaner 2.0.6.369
7 The Nunavut Game
8 CCC MP3 Cataloguer
9 Spunkier Menus
10 Dictionary Attack
11 Remove Some of the Restore Points in XP
12 Windows Security Update CD
ZoneLabs Security update
____________________________________________________________
NOTE: Any time you see the " ++ ", it means there is more
of the article, or story, on the linked site. Mike
____________________________________________________________
There is a complete archive of past MikesWhatsNews newsletters
available to members on the Yahoo page, it is searchable by word
or issue #. Here is the address direct to the messages;
http://groups.yahoo.com/group/MikesWhatsNews/messages
and; //www.freelists.org/archives/mikeswhatsnews/
____________________________________________________________
Please rate this Ezine at the Cumuli Ezine Finder
http://www.cumuli.com/ezines/ra20853.rate
<a href="http://www.cumuli.com/ezines/ra20853.rate";>
AOL Users</a>
___________________________________________________________
W32/Netsky-B
Also Known As:
W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda],
WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure],
I-Worm.Moodown.b [Kaspersky]
Information about W32/Netsky-B can be found at:
CERT;
http://www.cert.org/incident_notes/IN-2004-02.html
Computer Associates;
http://www3.ca.com/virusinfo/virus.aspx?ID=38332
Kaspersky:
http://www.viruslist.com/eng/alert.html?id=983343
Panda:
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus
=44815
Sorphos:
http://www.sophos.com/virusinfo/analyses/w32netskyb.html
Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@xxxxxxx
W32.Netsky.B is a mass-mailing worm that uses its own SMTP engine to send
itself to the email addresses it finds when scanning the hard drives and
mapped drives. This worm also searches drives C through Z for folder names
containing "Share" or "Sharing," and then copies itself to those folders.
Symantec Security Response has developed a removal tool to clean the
infections of W32.Netsky.B@mm.
http://www.symantec.com/techsupp/vURL.cgi/sctyrsp2
Trend;
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY
.B
For worm removal instructions;
http://www3.telus.net/mikebike/worm_removal.htm
___________________________________________________________
HackFix updates, thanks to Christy;
staff@xxxxxxxxxxx
Http://www.hackfix.org
This weeks Virus Pattern Updates (02/19/2004)
All Software listed Alphabetically by Company name as some
companies manufacture more then one product.
Aladdin Knowledge Systems
Esafe Desktop/Gateway/Enterprise
Last Updated Feb 18/2004
To update your software
Visit: http://www.esafe.com/esafe/downloads/virusig.asp
Or
From the Esafe folder in your Start Menu select Download Updates
~~~~~
AlWil Software
Avast Antivirus
Last Updated Feb 18/2004
To update your software:
Visit: http://www.avast.com/i_kat_69.html
Or
Right click on the AVAST icon in the system tray, Select iAVS Update,
AVAST will check for updates and download the appropriate files as needed.
~~~~~
Authentium Software Systems
Command antivirus
Last Updated Feb 18/2004
To update your software
Visit http://www.authentium.com/support/downloads/index.cfm
~~~~~
Center for Antivirus Technologies (CAT)
Quickheal
Last Updated Feb 12/2004
To update your software
Visit: http://www.quickheal.com/winupg.htm
Or
Open Quickheal select Utility from the top toolbar and liveupdate.
Follow the onscreen prompts.
Alternately you can select Liveupdate directly from the
QuickHeal program menu on the startmenu.
~~~~~
Frisk Software Systems
Fprot
Last Updated Feb 18/2004
To update your software
Visit: http://www.f-prot.com/download/home_user/
~~~~~
Computer Associates
E-Trust
Last updated feb 19/2004
To update your software
http://support.cai.com/Download/virussig.html
Or
From the Respective folder in your Start Menu select Autodownload
For Vet Anti virus
http://www.vet.com.au/html/software/update.html
Be sure to have your Customer ID and your registered email address
handy for verification.
**Note**
We knew this time would come eventually, that Computer Associates would
not continue to support/update the older program
https://www2.my-etrust.com/services/ipe_support??
~~~~~~
GeCad Software
Rav (Reliable AntiVirus)
Last Updated: Feb 19/2004
To update your software:
Visit: http://www.ravantivirus.com/pages/dldupdate.php?type=Daily
Or
Open Rav and select Rav Update from the toolbar
~~~~~
Grisoft Inc.
AVG
Last updated Feb 18/2004
To update your software
Visit: http://www.grisoft.com/us/us_index.php
Or
Open AVG and click Virus Database to check for updates
Or
Open AVG control centre and click Update Manager/update now
**Note: To help speed up AVG updates you can set your program to use
an alternate download site.
Open AVG control centre->update manager->download from server. The
drop downbox should have listed www.grisoft.com (default) and
www.grisoft.cz. (be sure to select "apply" when done to save the changes)
The default site is most often used so can at times become temporarily
unavailable. By using the secondary site (www.grisoft.cz) helps to ease
the server and makes your update go quicker as most don't use it!
~~~~~
H+Bedv
AntiVir
Last updated Feb 19/2004
To update your software
Visit: http://www.free-av.com/antivirus/allinonen.html
Or
Open AntiVir, from the top toolbar select Tools->
start internet update and follow the on screen prompts.
Vexira
Last updated Feb 19/2004
To update your software
Visit: http://www.centralcommand.com/updates.html
Or
Open Vexira, from the top toolbar select Tools->
start internet update and follow the on screen prompts.
Vexira Antivirus is marketed by Central Command however it is
the same program as Antivir with only a different name.
~~~~~
Kaspersky
Kaspersky Anti-Virus (formerly AVP)
Last updated Feb 13/2004
To update your software
Visit: http://www.kasperskylabs.com/updates.asp
Or
Open AVP from the top toolbar click Tools-> Update virus definition
Or
From the Kaspersky folder in your Start Menu select AVP updater
*Note* Avp now has available a cumulative update and a
daily update with the daily being any important items they
feel shouldn't wait till the next cumulative update. Our
dates here are based on the most recent Major update.
**Note: Improved update accessiblity. To ease the update web traffic
Kaspersky labs has additional servers for autoupdating. The program
defaults to use one server but can be altered to check a variety of
servers. Select Kaspersky updater, select update via the internet to
open the drop down box(es) select "location" Check the box labeled
"Use alternate locations from the list" select next and next to update.
This option should stay selected after the first time. This helps
Kaspersky lighten the load for updates and helps you obtain updates
easier.
~~~~~
Network Associates
Mcafee
Last updated Feb 18/2004
To update your software
For Mcafee Visit
http://www.networkassociates.com/us/downloads/updates/superdat.asp
(for Virus and Engine updates)
Drsolomn (Product no longer available for new users however
updates still available for current users): Go to the following
Internet site: http://download.mcafee.com/updates/4x.asp
IMPORTANT: When you get to this site you may notice that it refers
to VirusScan. This update is not only for VirusScan. It also works
with Dr.Solomon's.
Or
Open your respective software virus scan scheduler, double click
Auto update, click Run Now to do a manual live update, or click
Schedule to set up a timed live update.
~~~~~
Norman Data Defence
Norman Virus Control
Last updated Feb 18/2004
To update your software
Visit: http://www.norman.com/downloads.shtml#definition_files_updates
Be sure to have your Valid Username and password handy for verification.
Or
From the Norman folder in your Start Menu select Internet Update
**Note Norman Virus Control web updates are only for version prior to
5.0. Norman 5.0 can only be updated via the update in the program itself.
Thunderbyte Anti Virus
Current Version: This product is no longer being supported.
http://www.norman.com/tbav.shtml
~~~~~
Softwin
BitDefender (Previously known as AVX - AntiVirus eXpert as of Nov 06/01)
Last Updated Feb 13/2004
To update your software
Visit:
http://www.bitdefender.com/bd/site/downloads.php?menu_id=19&s_id=3
Or
Open BitDefender select Protection Options->live upgrade
Or
From the BitDefender folder in your Start Menu select Bitdefender Live
Press Release on the software change
http://www.bitdefender.com/press/ref1.php
~~~~~
Sophos
Sophos Anti Virus
Last IDE available Feb 19/2004
To obtain the latest IDE files
Visit: http://www.sophos.com/downloads/ide/
**Note: Sophos does not update as other products do. They update
the Engine/software once a month (or so) to include all the previous
IDE files. New IDE files are available with new virus threats and must
be downloaded individually until the next software update is available.
Our update dates reflect the most recent available IDE file.
~~~~~
Symantec
Nortons AntiVirus
Last updated Feb 19/2004
To update your software
Visit:
http://www.symantec.com/avcenter/defs.download.html select
your language -> product from the list
Or
Open Nortons software and click the "live update" button
Or
From the Nortons folder in your Start Menu select LiveUpdate -
Norton Antivirus
~~~~~
Trend Micro
PcCillin
Last updated Feb 19/2004
To update your software
Visit: http://www.antivirus.com/download/pattern.asp
Be sure to have your Registration number handy for verification
Or
Open PcCillin click Update then click Update Now (or Update later
to Schedule a timed update)
~~~~~~~~~
If there is an Anti Virus program that is Not listed here that
you would like to see added to the weekly updates list Please
feel free to let us know.
Remember Your anti virus software is only as good as the user...
If you don't keep it updated it won't provide you with maximum
protection.
This weekly Update will be sent every Thursday on or after
6pm (eastern) to keep you up to date on virus pattern updates
available. Virus patterns are checked for most recent update
date as of 6pm Thursdays.
~~~~
~ Hackfix Project Staff
staff@xxxxxxxxxxx
Http://www.hackfix.org
____________________________________________________________
2
Free Online PestScan
http://www.zonelabs.com/store/content/promotions/pestscan/pestscan2.jsp
Detect bugs your antivirus doesn't even look for.
Do you already have spyware, unwanted cookies or other Internet security
breaches on your PC?
Take the free PestScan online detector and get a status of your machine.
It's a quick and easy way to scan your PC for pests in the places they're
most likely to be hiding.
How it works:
PestScan from PestPatrol is an ActiveX-based scanner that runs right from
this Web site, downloading just two small components to your computer.
++
____________________________________________________________
3
Outpost Firewall Pro 2.1
http://www.agnitum.com/products/outpost/
Agnitum has released Outpost Firewall Pro 2.1, the latest upgrade to the
award-winning personal firewall program. Performance, functionality and
interactivity have been significantly expanded and now provide the users
with more control, flexibility and better security and privacy protection.
New version is easy to install for both the new users and those who already
benefit from earlier versions of Outpost. Seamless migration with the
Agnitum Update provides one-click instant online upgrade.
++
____________________________________________________________
4
NSA/CSS Kids' Page
http://www.nsa.gov/programs/kids/index.html
The Puzzle Solvers at Cryptic Manor was developed to share the fun and
excitement of solving challenging problems--and hopefully get you thinking
about careers in math, computer science, and technology.
The National Security Agency employs some of the world's leading code makers
and code breakers, many of whom are also talented computer scientists,
mathematicians, engineers, and analysts. So you'll discover a number of the
puzzles involve codes. In fact, Codey, your owlish guide for this site, was
named for the codes created by our master cryptanalysts as well as the
programming instructions (also called code) generated by our computer
experts.
Explore the rooms of the Cryptic Manor to find hidden links to the puzzles.
The site contains both interactive puzzles and ones to print out and work
with paper and pencil. We designed the puzzles to be challenging, so you'll
need both time and brainpower to work out the solutions. You'll find more
information by clicking on the yellow buttons on the left under Codey. Happy
puzzle solving!
++
____________________________________________________________
5
Windows Server 2003 Resource Kit Tools
<http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae
7-96ee-b18c4790cffd&displaylang=en>
The Microsoft® Windows® Server 2003 Resource Kit Tools are a set of
tools to help administrators streamline management tasks such as
troubleshooting operating system issues, managing Active Directory®,
configuring networking and security features, and automating application
deployment.
Supported Operating Systems: Windows Server 2003, Windows XP
30 MB of free disk space
Windows XP
Windows XP SP1
Windows Server 2003 family
++
____________________________________________________________
6
EasyCleaner freeware
http://personal.inet.fi/business/toniarts
Second, the "new" site is limited, the traffic is enormous so temporary
errors (file not found) are to be experienced. Just try again...
I released EasyCleaner 2.0.6.369 with 4 new languages. It has a load of
improvements as well as few fixes. An update is recommended!
++
____________________________________________________________
7
The Nunavut Game
http://www.athropolis.com/game-nunavut.htm
Nunavut - "our land" in the Inuktitut language -
has been home to Inuit for millennia and part of Canada for more than a
century.
Guess the locations that are within Nunavut.
To guess a letter - just click on it. If you're right - it appears in the
name spaces.
If you're wrong - it just disappears. Poof! Gone! Tavvauvusi!
____________________________________________________________
8
'Christy's Computer Corner'
thanks to Christy;
http://www.1stpick.org
MP3 Cataloguer
Freeware
http://users.skynet.be/fa210674/MP3Cataloguer/Index.html
Compatibility: Win98, 2000, NT, XP
MP3 Cataloguer allows you to store all information about your MP3
compilations.
A compilation is a group of one or more MP3 albums.
When all albums are added in the application, you can easily view the
content of a compilation:
all albums and for each album, all songs.
You can also search for an expression in all compilations.
One more feature is to create a customized report of all your compilations.
~~~~~~~~
9
Spunkier Menus
This is a Registry Tip!
Be sure to back up your registry before making any changes!
See the links at the end of this article
Are your menus a bit sluggish?
Well, you'll be happy to learn that you can speed up their display speed.
This trick is most noticeable for sub menus (like on your Programs menu).
These faster menus are better!
It kind of makes your computer seem a bit faster and more responsive.
Here's how you change your menu display speed:
1. Hit the Start button, Run.
2. Type: regedit and hit Enter (or click OK if you prefer).
3. Navigate to:
HKEY_CURRENT_USER\Control Panel\Desktop
Once you open the Desktop folder, scroll down to the "MenuShowDelay" item on
the right.
Special Note:
If you don't see a "MenuShowDelay" item, you can make one.
Just right-click a blank area in the right hand pane.
Select New, String from the resulting menu.
Next, type in:
MenuShowDelay
Exactly as shown.
Once that's done, you can proceed to the next step:
Double-click the "MenuShowDelay" item and change the value to a lower number
(default is 400 or 500 depending on the system).
I like 100 myself (enter 0 for instant menus).
Oh, those numbers are in milliseconds, in case you were worried about it.
Be sure to enter something here (even 0) if you had to create the value
using the special note above!
Hit OK, exit the registry editor, and restart your computer.
Once you're restarted, head to the Start button, Programs.
Play around with the sub menus and I think you'll find they are much more
responsive.
Keep in mind if your system resources are maxed out - or if the thing is
just plain slow -
you may not see much improvement.
Remember:
Before making Any registry change either suggested by us or anyone else,
Backup your registry!
One wrong move in the registry could render windows inoperable!
With a current backup you can restore your registry to its previous
condition before you made the change.
Backing up is a simple procedure that takes seconds and can save you hours
of work later if you make a mistake.
To backup the registry in win95/98/98se:
http://1stpick.org/pctips/registry.shtml#win9x
To backup the registry in winME:
http://1stpick.org/pctips/registry.shtml#winme
To backup the registry in win2K:
http://1stpick.org/pctips/registry.shtml#win2k
To backup the registry in winXP:
http://1stpick.org/pctips/registry.shtml#winxp
Was this forwarded to you ?
Get your own subscription here:
<1stpickPCtips-request@xxxxxxxxxxxxx?Subject=subscribe>
____________________________________________________________
10
Dictionary Attack deffinition
http://www.webopedia.com/TERM/D/dictionary_attack.html
(n.) (1) A method used to break security systems, specifically
password-based security systems, in which the attacker systematically tests
all possible passwords beginning with words that have a higher possibility
of being used, such as names and places. The word ?dictionary? refers to
the attacker exhausting all of the words in a dictionary in an attempt to
discover the password. Dictionary attacks are typically done with software
instead of an individual manually trying each password.
(2) An e-mail spamming technique in which the spammer sends out thousands or
millions of e-mails with randomly generated addresses using combinations of
letters added to known domain names in the hopes of reaching a percentage of
actual e-mail addresses. For example, a dictionary attack list might begin
with john@xxxxxxxxxxxxx, john1@xxxxxxxxxxxxx, john2@xxxxxxxxxxxxx, and so on
until all possible combinations of letters and numbers has been exhausted.
From; Webopedia http://www.webopedia.com
____________________________________________________________
11
Mike's Friday Tip ~ Remove Some of the Restore Points in XP
Sometimes we need to remove some of the accumulated restore points in XP.
Go to; Start=> My Computer=> Right click on Hard Disk Drive=>
Properties=>
on the General tab click Disk Cleanup=> More Options=> System Restore
remove the older ones.
____________________________________________________________
Windows Security Update CD
I was reading the latest news from PCWORLD.com and came across some really
interesting information about Microsoft offering a Free CD Disc, provides
dial-up users with necessary patches, but lacks the latest fixes.
Here are the links, for you to check out, if you want to let people know
about this great information.
http://www.pcworld.com/news/article/0,aid,114849,00.asp
http://www.microsoft.com/security/protect/cd/order.asp
As a bonus, the disc includes information on PC protection and free trial
versions of antivirus and firewall software, according to the Microsoft Web
site.
The Windows Security Update CD is available for Windows XP, Windows
Millennium Edition (ME), Windows 2000, Windows 98, and Windows 98 Second
Edition (SE).
Thank you for your time and have a great day!
Wayne
Thanks to; Wayne
____________________________________________________________
Zone Labs SMTP Processing Vulnerability
http://download.zonelabs.com/bin/free/securityAlert/8.html
Overview: A security vulnerability exists in specific versions of
ZoneAlarm®, ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity?
client. This vulnerability is caused by an unchecked buffer in Simple Mail
Transfer Protocol (SMTP) processing which could lead to a buffer overflow.
In order to exploit the vulnerability without user assistance, the target
system must be operating as an SMTP server. Zone Labs does not recommend
using our client security products to protect servers.
Upgrading an affected Zone Labs product will remove this vulnerability.
Date Published: February 18, 2004
Last Update: February 18, 2004
Impact: If successfully exploited, a skilled attacker could cause the
firewall to stop processing traffic, execute arbitrary code, or elevate
malicious code?s privileges.
Zone Labs recommends affected users update their software to the current
versions which address the issue.
Affected Products:
ZoneAlarm family of products and Integrity client versions 4.0 and above.
Unaffected Products:
ZoneAlarm and Integrity client versions earlier than 4.0.
Integrity Server and Integrity Clientless Security products are not
affected.
Description: Zone Labs desktop security products process SMTP in order to
perform various security functions. Due to an unchecked buffer in the SMTP
processing system, a skilled attacker could cause the firewall to stop
processing traffic or execute arbitrary code.
Successful exploitation requires one of the following scenarios and applies
only to SMTP traffic:
A program listening on port 25/TCP (SMTP) of the target system. This
condition is usually only present on SMTP servers. Zone Labs does not
recommend using our client security products to protect servers.
A malicious program running on the protected system could trigger the buffer
overflow and gain SYSTEM privileges if the user or administrator has given
it permission to access the network.
In all cases, the program requesting network access must be approved by the
user through the Program Control policy.
Recommended Actions: ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro users
should upgrade to version: 4.5.538.001.
To update your Zone Labs client product:
Select Overview > Preferences.
In the Check for Updates area, choose an update option.
Automatically: Zone Labs security software automatically notifies you when
an update is available.
Manually: You monitor the Status tab for updates. To invoke an update check
immediately, click "Check for Update".
Integrity 4.0 users should upgrade to Integrity client version: 4.0.146.046.
Integrity 4.5 users should upgrade to Integrity client version: 4.5.085.
Integrity updates are available on the Zone Labs Enterprise Support web
site.
____________________________________________________________
If you wish to unsubscribe from our list send an email to
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe
Antivirus software is a good choice to scan your system for possible viruses,
however no virus scanner is 100% effective as manufactures cannot keep up with
the rapid change of viruses that happens daily.
Be sure to update yours regularly.
http://www.hackfix.org/software/antivirus.html
______________________________________________________________________
Please feel free, to offer constructive criticism, as that will help me keep it
interesting.
I also welcome any submissions about new products, web pages, or articles of
interest.
All submissions posted in MWN will be given proper credit.
"MikesWhatsNews" believes in giving credit where credit is due but at times
deadlines and information that is very important to readers we accidentally
misspost an item.
If you believe something to be miscredited, or you know the author of one of
the articles which we have posted as 'unknown', please do let us know so we can
correct the information where applicable.
Many times in a article you may see a click here for more information, or to go
to a link, these often will not work, as the original information, was taken
from a page with HTML links. This is when you will want to go to the webpage
indicated in the article, ++ ,for 'the rest of the story'
***MfM*** indicates that I am adding my own information to a particular
article.
`~*~*~*~*~*~`
Mike ~It's a good day if I learned something new.
You can read a sample of my newsletter on my web page http://www.mwn.ca
My virus pages ~ http://virusinfo.hackfix.org
mytech@xxxxxxxxxxx
~*~*~*~*~
Was this forwarded to you? Want to subscribe? Send an email
to mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe.
For a complete list of email commands for our list send an email
to ecartis@xxxxxxxxxxxxx with a subject line of "info mikeswhatsnews" without
the quotes.
If you wish to unsubscribe from our list send an email to
mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=unsubscribe
To contact the list moderators send an email to
mikeswhatsnews-moderators@xxxxxxxxxxxxx
~*~*~*~*~
Other related posts:
- » [MikesWhatsNews] MWN #720 HackFix
