W32.HLLW.Hai worm removal

"W32.HLLW.Hai is a worm written in C++. This worm spreads its infection in a manner that is very similar to worms such as W32.HLLW.Bymer and W32.HLLW.Qaz. It spreads by finding computers that share the \Windows folder with full access set to "Everyone." If such a share is found, the worm copies itself to the share and modifies the Win.ini file so that the worm is executed when the computer is restarted. This worm cannot spread to computers that do not have the NetBIOS protocol installed."..symantec.com

Cookie Patch issued for Internet Explorer

"On November 08, 2001, Microsoft released the original version of this bulletin. In it, we detailed a work-around procedure that customers could implement to protect themselves against a publicly disclosed vulnerability. On November 13, 2001, we released a patch that, when applied, eliminates all known vulnerabilities affecting IE 5.5 and IE 6. We therefore expanded the scope of the bulletin to discuss all of the vulnerabilities the patch addresses. Customers who disabled Active Scripting per the original version of this bulletin can re-enable it after installing this patch."
www.microsoft.com

Demo program by passes MD5 in personal firewalls...

"I put the idea of writing code to bypass outbound firewall control to the back of my mind since as stated it was really a futile idea when you thought about it. Of course it could be done in several possible ways so why waste the time. But of course being a programmer I sometimes can't resist just trying out ideas, and with all of the current fuss being made about the claims of various personal firewalls by many people I decided to write a proof of concept tool with the aim of obtaining a covert outbound network connection that would go undetected by the firewall. "
keir.net/firehole

Another Norton "false alarm"

"According to Symantec, Norton AntiVirus was reporting that an InstallShield file named ikernel.exe was infected with W32.Nimda.enc(dr). Symantec released an updated definition file on Nov. 12 that corrects the problem, the anti-virus firm said. By default, Norton AntiVirus "quarantines" infected files so that they cannot be used and must be deleted from the system. As a result of the false alarm, some software developers and their customers were inconvenienced over the weekend. Internet newsgroups contain reports from Norton AntiVirus users who encountered virus warnings while installing programs that use InstallShield"
www.newsbytes.com

If your ikernel.exe has been fried by norton anti virus -- get a replacement here support.installshield.com

WinXP bug can lose your data

Microsoft has admitted that a bug in Windows XP may result in data loss if users reinstall, repair or upgrade the operating system. The problem occurs with both Windows XP Home and Professional editions. It does, however, apply only to computers which have had Windows XP preinstalled by a computer manufacturer.
www.vnunet.com

Microsoft Passport -- cookie theft and 1 stop hacking...
www.dsinet.org
how it's done
www.theregister.co.uk

Sony's robot-dog gets hacked
www.zdnet.com

XP debuts -- and here come the patches!

TechRepublic, Inc.- On Oct 25, 2001, Microsoft pulled out all the stops in launching Windows XP in New York City. The following day, it was announced that around 20 MB of patches and updates for Windows XP Professional (around 12 MB for the Home Edition) were already available for download directly from Microsoft. While these patches are important for XP users, the way in which Microsoft prefers to deliver them using Windows Update has dubious value for IT departments.

McAfee VirusScan 4.5.1 can delete email in W2K and XP with Outlook Express 6.0 and 5.5...
http://www.theregister.co.uk

NIMBDA is back "new and improved"!

"Virus researchers at U.K.-based Sophos - which calls the new variant Nimda-D - say that, when arriving as a file attachment, the worm is now contained in a file called Sample.exe, rather than Nimda.A's Readme.exe attachment. "
www.newsbytes.com

New DDos threat targets home PC users!

DDos attackers also are targeting Windows users because it is relatively easy to find network address blocks for Internet service providers (ISPs) with known, large numbers of Windows end-users, such as AOL. "Based on reports we have received, intruders are leveraging easily identifiable network blocks to selectively target and exploit Windows end-user systems," the report said.
www.elcom.co.uk

Windows XP's firewall passes the Gibson nano -probe firewall test -
www.dsinet.org

Red Cross Warns Of Fraudulent Trojan Program

By Brian McWilliams, Newsbytes, -- The American Red Cross is warning Internet users to beware a credit-card-stealing Trojan horse program, delivered in an e-mail that is made to look as though it comes from the disaster relief organization. According to Symantec, the Trojan program will not allow users to close the displayed form by clicking on the "close window" icon in the program's upper right corner. The company advises users instead to use the Windows "end task" function displayed by holding down the control, alt, and delete keys simultaneously. Symantec said the Trojan attachment has a file size of 518,144 kilobytes. When viewed with Microsoft's Outlook e-mail program, the message will erroneously display the attachment with a World Wide Web icon. www.newsbytes.com

Publishers have been promised a new weapon to combat software that wipes advertisements off the Web, bringing a potential challenge to ad-free surfing.

Dusseldorf, Germany-based MediaBeam last month said it's testing a product that aims to detect ad-blocking software and charge the people using it a fee to view a Web site's content. The product, called AdKey, is scheduled for commercial release by November. "People using anti-ad software...have the advantage to use our service but (not to) participate in the advertising system. But we need someone to pay the bill," said MediaBeam CEO Frank Beckhert, whose 15-person company has been testing AdKey for the last two weeks. "We just couldn't accept that people were using our service for free" anymore. Industry executives estimate that the population of Net surfers using ad-blocking software is in the range of 2 percent to 5 percent. Software developers for Webwasher and AdSubtract, two popular ad-filter products, claim millions of users worldwide, including many who signed up this year. www.zdnet.com

Anthrax Spreading on the Internet?

By Thor Olavsrud , internetnews.com --"Security firms Tuesday warned that two worms have been discovered in the wild that attempt to play on recipients' fears concerning Anthrax....The e-mails that deliver the worms are both written in Spanish, and were created using the "VBSWG" virus generator that has been used to create other script-viruses in the "Lee" family of viruses, including the wide-spread Anna Kournikova worm. The e-mails arrive with the subjects "Informacion Sobre El Antrax," or "Antrax Info." Kaspersky Labs said that when an infected file is launched, the worms destroy all files on a computer with the VBS and BVE extensions and write their own copies instead." www.internetnews.com

Hackers have exposed a new vulnerability in Symantec's LiveUpdate 1.4, which could be used to download and run hostile code...

Symantec, which makes antivirus and security software, has confirmed that older versions of its virus definition software will allow the deployment of malware such as trojan application viruses, and the remote penetration of systems running LiveUpdate. The risk of unauthorized intrusion is lessened on systems running the latest version 1.6, but network degradation and outages could still be possible. http://www.zdnet.com

NIMDA worm spreading fast exploiting older IE 5,5.01&5.5

As antivirus experts complete a more detailed analysis of the Nimda worm and companies clean up their networks on Wednesday, several security groups are worried that home computer users will not secure their PCs.

DOWNLOAD Internet Explorer 6.0 Now!...patching older IE versions has become a daily effort -- better to just upgrade your system.... http://www.microsoft.com/windows/ie/downloads/ie6/default.asp

www.dsinet.org

www.securitywatch.com

www.newsbytes.com

A new virus, named W32/Magistr.b@mm can kill Zone Alarm....

(9/10/01)By Michael Singer, siliconvalley.internet.com- " Anti-virus firm McAfee.com (NASDAQ:MCAF) Friday says it has received a serious number of reports in South America and Europe of a virus circulating through e-mail boxes in the last two days. This virus, named "W32/Magistr.b@mm," is a variant of "Magistr.a" and has been rated "medium risk" for corporate and home users due to the number of reports coming from the two continents. The W32/Magistr.a@mm reportedly has a more complex encryption technique and some additional characteristics. These include the deletion of all .NTZ files on the local hard drive, the possible termination of the ZoneAlarm firewall program, and the use of random file extensions on the executables that it distributes. siliconvalley.internet.com

Hotmail hacked again for the 3rd time!

(09/11/2001) securitywatch.com, By Maarten Van Horenbeeck "...For the third time in row, Microsoft's Hotmail system was hacked.... By sending a specially crafted mail, an attacker could write a Java program that steals Hotmail login credentials. When this happens, the attacker can virtually do anything with the account. "www.securitywatch.com

Another Norton/Microsoft flaw found....

(09/10/2001) By Maarten Van Horenbeeck, securitywatch.com " According to Matthias Andree, when Norton Antivirus detects a virus infected file, it will put it into quarantaine and send a mail back to the user from which mail was received, stating a "Virus UNAUTHORIZED FILE was found".However, the "mail from:" will contain the entire path up to the user's mailbox-directory. Of course, this is information which should remain private and undisclosed. It is not really clear yet whether this is a Norton Antivirus or Exchange flaw, but it occurs when using a combination of the two. There has been no response yet from either vendor."www.securitywatch.com

Virtual basic worms can spread in MSN Messenger..

Thanks to the Vitrual Basic 6, Msvbvm60.dll and Windows Script Host your MSN Messenger can send files to your buddies without you initiating a file transfer. I personally encountered W32.Annoying.Worm, while it is not a high level threat, it's purpose is just to spread across the MSN IM network. Well, it wouldn't take much to add one of the new binary trojans that will slip thru your anti-virus program to "jerry" the name given to the worm by its author-"I come in piece (s.i.c. ...). My name is Jerry. The purpose of me is to spread. I'm not annoying, nor dangerous." . www.symantec.com

Verizon Wireless takes head out of sand and fixes serious security flaw!

By Brian McWilliams, Newsbytes- "Verizon Wireless has plugged a hole that was leaking private information about cell phone customers who used one of its Web sites, the company said today.... The privacy flaw, discovered by a Seattle software developer, enabled unauthorized individuals to browse some customers' account information, including billing details. Slemko, a founding member of the Apache Software Foundation, said he decided to go public with his discovery after reporting the privacy flaw to the wireless carrier two weeks ago and receiving no reply.... Brian Wood, executive director of corporate communications, said Verizon Wireless fixed the vulnerability early this morning." (IT and ISP firms need to take seriously and respond to abuse and security flaws pointed out to them by the on-line community-- instead of crying to CERT about witholding data on exploits -- they put us all at risk to save face and lose credibility in the process --- editor's opinion)
www.newsbytes.com

Bill Gates urges low cost broadband internet service!

" In an interview Wednesday, Gates urged government policymakers to meet with representatives of the cable and telephone industries to determine what it would take to provide broadband services for $30 a month, instead of the monthly fee of about $50 that consumers pay for access via cable lines or enhanced telephone wiring. Although most of the nation's heavily populated areas have high-speed access available, such access is used by less than 15 percent of the country. The broadband problem is particularly frustrating, Gates said, because it is the one piece of the physical infrastructure of computing that is limiting a "miracle environment" of new applications, thanks to ever-increasing computing speed, power and video-display capabilities." (perhaps Mr. Gates should make MSN internet a low cost cable ISP!!-- put his money where his mouth is!!!)www.newsbytes.com

Porn Websites and their not-so-"free software"

"Several adult Web site operators have agreed to settle charges that they fraudulently connected customers through an international phone line to Madagascar, costing unwitting subscribers thousands of dollars in long-distance fees. According to a series of settlements reached with the Federal Trade Commission (FTC), several Web sites routinely employed software that would disconnect customers from their regular Internet service provider and reroute their Internet connection to a provider in Madagascar..." www.newsbytes.com

Microsoft, ActiveX, Passport and XP

(An editorial opinion) After running a program called IE eradicator, I now understand the basis of the US Justice Deparment's anti-trust action against the Microsoft empire. IE eradicator removes ALL of the internet explorer, including the registry keys that create the "active desktop". It has opened my eyes to the integration of the IE to the desktop. If you wonder how your system can get hacked via the Internet Explorer, herein lies the answer.

Don't get me wrong, the IE 5.5 or the new IE6.0 are great web browsers. However, this desktop feature opens up a miriad of possibilities for hackers to script their way into your computer via the IE application!

IE's functions overlap Explorer's functions (if you are not aware, Explorer is actually the operating systems interface to the computer's file system, iExplore and Explorer are not the same) and the original intent was to make other web browsers marginally functional, hence, the anti- trust action against Microsoft.

Now, as the plot thickens, comes XP. XP will change the way we use the www, or so Microsoft claims. At the core of the XP and .net will be the use of the microsoft "passport". The idea is that you will log into "passport"(via a retained cookie) on a Microsoft SSL server (secure, encrypted, etc...) then, as you go from site to site, should you need to log in or make a puchase using the SSL protocol, the passport cookie will refer that server, to the passport server (that microsoft owns), to provide your personal information (wow, that makes me feel secure!).

Based on recent experience with MSN Messenger (which uses "passport") and the many times that Microsoft's Hotmail, Update and internal servers have been compromised, can we really trust Microsoft to hand out personal information, especially credit card data? After all, the great leap forward will be the Microsoft wallet feature in the "passport" that will fill in the data when we make a purchase!

The upcoming .net strategy is even better! Microsoft wants to "rent" you your applications, they will be stored on its servers (at a reasonable cost I'm sure). Microsoft is currently introducing C# language as a Java replacement too. XP will not include a Virtual Machine for Java applications-- you will have to download that as an add on application, bad news for SUN Microsystems.

Well, I guess if the public accepts XP and .net, our children will salute and pledge allegiance to the Windows multi-color flag and we shall turn to pray in the direction of Redmond, WA. A brave new world indeed...

Released by Siemens: White Paper Security Security for SecurityAgencies Information and Communications for internal use only!

"DSM Link-This encryption module guarantees secure voice transmission in analog and digital networks. Your telephone calls therefore remain confidential at all times. By deploying the DSM (Data Security Module) link, all information, user data and network address header are encrypted. This means that an attacker can neither decipher the content of the message nor the traffic flow of the message between sender and receiver."www.siemens.com

Sadmind Worm Strikes US Security Contractor

By Brian McWilliams, Newsbytes- "A Web server operated by Veridian Corporation has been infected with the Sadmind Worm, according to a report by a French hacking information site. The Sadmind worm, first identified in May, turns vulnerable Sun Microsystems servers running the Solaris operating system into robots that deface sites running unpatched versions of Microsoft's Internet Information Server (IIS) software. Last week, the Defense Intelligence Agency announced that it is awarding a contract to Veridian to assist the agency in analyzing network intrusions on Department of Defense networks." www.newsbytes.com

New UNIX worm X.C. affects telnetd

(08/31/2001) "The FBI is warning system administrators who run a wide variety of Unix operating systems of a new worm. X.C, as it is called, is targeting a vulnerability in the Telnet daemon included with many BSD's, Solaris, AIX and some Linux distributions. For the moment, no information is available concerning the impact of the worm, nor what it really does. The CERT is currently analyzing it and will release an advisory soon. Since the number of servers vulnerable to the telnetd flaw might be of the same quantity as those vulnerable to the Code Red worm, the impact might be comparable. "www.securitywatch.com

gnut bug discovered in gnutella

(08/31/2001) From securitywatch.com"Bughunter Philip Krammer discovered a bug in gnut, a gnutella client for linux and windows. The bug allows for html code to be injected in the search results page, which is used by the web interface of the program. An attacker can use this to circumvent certain security measures remotely. For example, when you deny all JavaScript from other sites than localhost, a hacker can run JavaScript on your machine remotely when you search for a music file that he has. He changes the filename to contain malicious JavaScript, and it is executed on your machine, since it is executed on localhost. The most recent version, gnut 0.4.27, has been patched and is available here." www.gnutelliums.com

Expert testifies to Congress that code red worm source linked to Guangdong, China

REUTERS-"The Code Red computer worm, which caused US$2.4 billion in estimated clean-up costs on Internet-linked computers last month, seems to have been born at a university in China's southern Guangdong province, according to the non-partisan investigative arm of the US Congress. "The worm is believed to have started at a university in Guangdong, China," Keith Rhodes, chief technologist at the General Accounting Office, said in written testimony on Wednesday before a House Government Reform subcommittee."china.scmp.com

Trojan.Offensive devastating but rare, so far...ActiveX bites back again!

Symantec says-"Trojan.Offensive is a Trojan horse that comes in the form of an .html file. (It could also be a Web page on the Internet). When opened, the page displays one button that contains the text "Start." This Trojan exploits ActiveX capabilities, which allows it to modify your browser's home page, as well as to severely restrict your access to the system. If the Trojan has been activated, you should either contact a computer professional for assistance or consider reinstalling Windows." (editors note: Symantec calls this a trojan but makes no mention of a back door, so its really more of a virus? -- read the Tokyo website story below. The creator of this doomsday program probably learned the corrupt active X technology from the hostile websites that mess with, and corrupt browsers! )www.symantec.com

Hacker's java script disables auction site's visitor's computers....

Kuriko Miyake, TOKYO, www.idgnet.co.nz, "Malicious JavaScript downloaded from a hacked auction website caused Japanese internet users serious problems over the weekend, the Japanese government's Information-technology Promotion Agency (IPA) reported Tuesday. The auction site Price Loto, run by Mediagate, was The site is now back in service. Users who visited the Price Loto site using Microsoft's Internet Explorer 4.x and 5.x, automatically downloaded malicious JavaScript that was programmed to alter the software configuration of their PCs. Users of affected PCs experienced difficulties opening up new applications, changing set-ups and closing down the operating system, the IPA report said." www.idgnet.co.nz

HTML 'Hack' Could Use Browsers To Open Net Security Hole

"The trick, Topf wrote last week in a paper called "The HTML Form Protocol Attack," relies on the same HTML-based technology builders of legitimate Web pages use to capture information visitors might enter into online forms.Topf said it also is not necessary for victims of such an exploit to see the forms on an attacker's Web page or to take any action to submit them. Instead, he said, the attacker could use well-known JavaScript commands to have hidden form data submitted as soon as an otherwise innocent-looking page is displayed."www.newsbytes.com

New IE6.0 vulnerability discovered

(08/15/2001) "Surfers using Internet Explorer 6 need to keep a tight leash on their URLs. The IE6 browser contains a vulnerability in the parsing of large URL requests that can be exploited by an attacker to cause the application to crash with an "abnormal program exit." ...Although this is not much of a danger -- since the attacker requires physical access to create a specific URL request in the address bar -- by using redirects, the same buffer overflow can be accomplished....Microsoft has been alerted of this issue, though a fix is still forthcoming." http://www.securitywatch.com

New Net-Bios worm found on line

(08/16/2001)"Reports have appeared over the past week of a new worm written in C++ that spreads only to computers with the NetBIOS protocol installed. The W32.HLLW.Hai worm finds computers that share the \Windows folder with access set to "Everyone." The worm copies itself to the share and modifies the Win.ini file so that it is executed when the computer is restarted." (windows file shares are disabled by default -- to check the status on your computer -- open network properties and click on the file shares button -- the boxes in that window should be UNCHECKED.)http://www.securitywatch.com

Microsoft Passport vulnerable to theft by cross scripting hackers

By Jackie McCarthy(08/14/2001) "The list of Hotmail troubles in the past week is growing longer....As for the vulnerability in Microsoft�s Passport authentication system, various security sites have published details of an exploit that could allow a malicious user to usurp the session cookie of another user, basically stealing his/her identity. Although Microsoft has attempted to filter out cross site scripting � the basis of this attack -- an attacker can subvert the filter by simply encoding the malicious script using hex equivalents. A programmer known as Obscure, who has written a white paper on the attack, told vnunet.com that Microsoft had been informed of the vulnerability but had not responded publicly."http://www.securitywatch.com/

Virii wiggle into MSN Messenger IM chats

By Jim Hu, Staff Writer, CNET News.com "Having long targeted e-mail with sometimes devastating effects, virus and worm creators are setting their sights on IM services. Infected files, for example, have been burrowing their way slowly through Microsoft's MSN Messenger network over the past few months. Discovered by virus hunters in late June, the so-called Choke worm marked the second attack aimed at MSN Messenger in as many months. In May, the service was struck by the W32/Hello worm." http://news.cnet.com/

Briton charged over W32-Leave computer worm

A Briton has been charged with creating and releasing a virus programme designed for hackers to access home computers, it has emerged. The FBI and Scotland Yard said a 24-year-old man had been arrested on 23 July in Washington and released to face trial later this year.http://news.bbc.co.uk/

Abuse common in the LIEN police database in Michigan

"Police throughout Michigan, entrusted with the personal and confidential information in a state law enforcement database, have used it to stalk women, threaten motorists and settle scores..."http://www.freep.com/

Computer virus SirCam hits Coast Guard

"Officials said the worm-type virus struck around 4:25 p.m. Friday, with 58 infected e-mails being transmitted outside. As a countermeasure, they said they are alerting recipients about Sircam. The virus was contained before it affected other offices within the coast guard.http://www.japantimes.co.jp/cgi-bin/getarticle.pl5?nn20010812b2.htm

BBC conducts survey on intrusion attempts of home/small biz computers

(editors note-- Symantec software was used-- it gives many false readings of trojan attempts-- ie: port mapping is called a trojan)"Symantec recruited 167 volunteers from around the UK and gave them personal firewalls set up to record any attempt made to compromise the security of their PC over a month-long period. The volunteers were home users and small businesses who used both dial-up and high speed net connections. Over the month-long survey period 1,703 hack attempts were made, and 159 of the 167 participants enjoyed the attentions of hackers. " http://news.bbc.co.uk/hi/english/sci/tech/newsid_1484000/1484704.stm

New worm can be written into Adobe PDF files

"(08/07/2001) Argentinian virus writer Zulu has formulated a new worm that can be embedded in Adobe PDF (portable document format) files, according to the Privacy Foundation�s Richard Smith. Zulu�s Outlook.PDFWorm takes advantage of the Outlook security feature that automatically deletes �dangerous� file attachments -- including all VBScript attachments -- but considers PDF files �safe.�"http://www.securitywatch.com/default.htm

zulu's virus description

http://www.coderz.net/zulu/outlook.pdfworm.txt

SANS' Code Red II Worm Analysis Update

Except for using the buffer overflow injection mechanism, this new worm is entirely different from the original Code Red CRv1 and CRv2 variants. In fact, Code Red II is more dangerous because it opens backdoors on infected servers that allow any follow-on remote attacker to execute arbitrary commands. Reports have already been received of attackers attempting to exploit these backdoors to wage distributed ping flooding attacks.http://www.incidents.org/react/code_redII.php

More security problems at hotmail ---

"One thing we discovered is that in addition to the Passport signout icon, there is also a Hotmail logout option on the page. So, what does this mean to a user? Presumably, the Hotmail logout button is used to remove the Hotmail credentials, while the Passport signout button is used to remove the Passport credentials to all services. While this may be clear to computer security experts, it is unlikely that the average non-expert computer user will understand the distinction. A user making the mistaken, but reasonable, presumption that the Hotmail Logout button will remove Passport credentials could easily walk away from a browser still able to authenticate on behalf of the user."-- Further, Netscape browsers do not sign out on passport sign out, even though the sign out is acknowledged.... http://avirubin.com/passport.html

In the Federal District Court --- Broadcasters Must Pay Webcast Royalties

Eastern Pennsylvania District Court Judge Berle M. Schiller today dismissed a lawsuit brought by the National Association of Broadcasters (NAB) over the issue of webcasting royalties. The court agreed with the U.S. Copyright Office decision that radio broadcasters must pay music royalties when they stream their over-the-air signals on the Internet. So the royalty exemtion only holds for radio broadcasting and not for webcasting. Tuff blow for real networks and windows media customers. If upheld on appeal we wont be able to listen for free soon!http://www.newsbytes.com/news/01/168650.html

WINDOWS 2000 update for "code red" vulnerabliity

This update resolves the "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise" security vulnerability in Windows 2000 http://www.microsoft.com/Windows2000/downloads/critical/q300972/download.asp

Code red patch for NT4.0--http://www.microsoft.com/ntserver/nts/downloads/critical/q300972/default.asp?

Huge identity theft uncovered

Files with Social Security and driver�s license numbers pasted in chat room; possible link to cell phone applications. An MSNBC.com investigation has revealed common threads among the victims � including the purchase of a cell phone online from VerizonWireless.com or an AT&T Wireless reseller. Key personal data belonging to hundreds of individuals have been shared in an Internet chat room, in what one expert says could become one of the largest identity theft cases ever. The data include Social Security numbers, driver�s license numbers, date of birth and credit card information http://www.dsinet.org/?id=1524

Security Gurus Study Hackers With 'honeypot' Computers

Honeynet Project is an attempt to uncover the latest and greatest hacking techniques, motivations and targets by setting up a network of systems dubbed "honeypots," solely to watch them being hacked. "The fastest one of our honeypots has ever been hacked is 15 minutes," Spitzner said. "This should scare the hell out of you. We do nothing to advertise. We just put the systems out there. This is my ISDN line in my home bedroom. It's not IBM or something like that." http://ap.tbo.com/ap/breaking/MGAEDE3QPPC.html

SIRCAM virus compromises FBI stand alone computer

WASHINGTON--A researcher in the Federal Bureau of Investigation's cyber-protection unit unleashed a fast-spreading Internet virus that e-mailed private FBI documents to outsiders--all on the eve of a Senate hearing into troubles at the unit. Although the Sircam virus didn't spread to other computers at the FBI's National Infrastructure Protection Center, it did send at least eight documents to a number of outsiders. Tuesday,7/24/2001, at least three people said they received some of the FBI documents, including a 23-year-old Internet-security expert in Belgium, Niels Heinen. He operates a Web site that reports on Internet break-ins and speculated that the analyst, Vince Rowe, visited the site on the infected computer. Rowe didn't respond to a request for comment. http://www.zdnet.com/zdnn/stories/news/0,4586,2798011,00.html?chkpt=zdhpnews01

Zip of death attack

Files are available on the Internet which are as little as 42KB in size but when fully decompressed have a total size of 16GB. The exploit works by sending an email containing such a maliciously formed compressed archive to an intended victim. http://www.theregister.co.uk/content/56/20322.html

Windows 2000's Task Manager refuses to kill certain processes.

(07/17/2001) Bugman pro Thomas Zehetbauer reports that Windows 2000's Task Manager refuses to kill certain processes. Instead, it shows a message box that says the process is a critical system process and cannot be ended by task manager. Thomas says that, although these processes were and are still protected by their ACL (Access Control List), Microsoft is now using case-insensitive string comparison to determine whether a process belongs to the operating system. He adds, "You can now call your favorite trojan winlogon.exe and task manager will not only refuse to terminate it -- but will also incorrectly state that it is a critical system process." The die-hard processes are: \winlogon.exe \csrss.exe \smss.exe \services.exehttp://www.securitywatch.com/newsforward/default.asp?AID=8630

Prove who was driving...or what happened to due process? -- BIG BROTHER IS WATCHING--(off topic)

Since San Diego launched its camera system three years ago, 84,000 tickets have been issued at $271 each. The police union denounced them after five on-duty officers received citations. The city dismissed hundreds of tickets and hired an auditor to evaluate the program after three cameras proved to be inaccurate. "We don't think anyone got a ticket who didn't deserve one," said deputy city attorney Steve Hansen. "But right now the whole program is on hold pending the outcome of the audit."

MSN Messenger Password Bug

(07/10/2001) Canadian bug hunter, Gregory Dechemin has sniffed out a very dangerous bug affecting the latest MSN client version....and advises the use of 9+ digit passwords. http://www.securitywatch.com/newsforward/default.asp?AID=7429

Understanding stealth scans....

If you stay connected to the Internet, you will be scanned. It's a fact of life. If you have a continuous connection, you'll be scanned regularly, quite often by someone with bad intentions. http://www.linuxworld.com/linuxworld/lw-2001-03/lw-03-vcontrol_3.html

REFERENCE CENTER

UPDATE SITES FOR MAJOR ANTI_VIRUS VENDORS

Very nice page on cert.org -- lists all of the major a-v vendorshttp://www.cert.org/other_sources/viruses.html#VI

Learn about computer security from cert.org

This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of "always on," or broadband access services (such as cable modems and DSL). However, much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem)http://www.cert.org/tech_tips/home_networks.html

Check this site out for basic information on configuring your windows system.. Some good info but don't open the hacking files! File named bitchslap contains a trojan

http://www.sub.f2s.com/win.html

LATEST TROJAN DATA ----

mosucker11 Size : 49.773 bytes Found listening on port16484TCP

ACTIVE-DAGGER_1.4.0 Found listening on port 2589

SubSeven DEFCON8 2.1 Backdoor Found listening on port 16959

TaxAct software contains Spy-Ware!

I recently purchased TaxAct Software. I found web-3000 in the software package--

THIS IS SPYWARE! THIS REFERS TO THE 2000 TAX YEAR PROGRAM ( note: the 2001 program did not contain any spyware ) The inclusion of spyware in a program containing sensitive information like your 1040 shows that this vendor has no scruples. My software removed the registry entries for this hack! If you bought this program and need help removing the spyware contact me!

Average computer placed on Internet will be hacked in about 8 hours!

Hackers say security still poor ....Lance Spitzner, founder of the Honeynet Project and a security engineer at Sun Microsystems says the average computer placed on the Internet will be hacked in about 8 hours, Another network-security specialist, for an academic supercomputer center, said university networks are even worse, with an unsecured computer lasting only about 45 minutes before some student or Internet intruder takes control of the system. http://news.cnet.com/news/0-1003-200-5383459.html?tag=bplst

Explorer Bug needs to be patched in older versions!!

Scott Culp, Microsoft's security program manager, said on Friday that the flaw exists only with a few out of several hundred MIMEs that are used to encode files as e-mail attachments.

Culp said the problem is a "typical software error," and said he was thankful it had been discovered and patched before it could be used to spread viruses. "That's the best situation we can hope for, short of perfect software," Culp said. Security experts believe it won't be long before the hole is widely exploited.

"Now that the information is out there, people will be trying this exploit to see what they can do with it," said Jerry Adams of TechServ, a corporate computer support and security firm. "People need to apply that patch now."

The patch will only work with IE5.01 service pack 1 and IE 5.5 service pack 1. IE5.01 service pack 2 is pre patched. If your explorer is an older version get a new one free at microsoft...http://www.microsoft.com/windows/ie/download/critical/q290108/default.asp

http://www.wired.com/news/technology/0,1282,42771,00.html

EXPOSED: Microsoft said it was investigating unsubstantiated claims that its Hotmail free eMail service is susceptible to worm propagation. .An advisory was placed on the BugTRAQ network security news list last week suggesting Hotmail and the Yahoo Instant Messenger Service contained cross site scripting holes that make it possible to replicate a Melissa type worm.

Microsoft said it was "investigating this matter thoroughly and aggressively to determine whether or not it is valid".

http://it.mycareer.com.au/opinion/networkpawn/2001/06/05/FFXM4WJ4JNC.html

another hoax.....Reportedly developed by disgruntled musicians at an American Independence Day concert, this virus claims to evade detection by AV software and to cause computers to crash self-destructing MP3 files around the world next Wednesday.

The claim by the group is a hoax however, as data files such as MP3s are unable to execute by themselves, which means they can't be infected by a virus

FEDERAL JUDGE SAYS WE ASKED TO BE HACKED!

DoubleClick Thursday won a victory in its ongoing legal entanglements, with one of its class-action suits being thrown out in a New York City courtroom.

The case alleged that the firm's use of "cookies" -- small text files that anonymously records which sites a user visits -- violates state and federal laws. The plaintiffs in the class action suit -- 13 consumers in the New York area -- alleged the company violated the Wiretap Act, the Computer Fraud and Abuse Act, and the Electronic Communications Privacy Act.

U.S. District Judge Naomi Reice Buchwald ruled that the plaintiffs had failed to demonstrate that DoubleClick gained unauthorized access to their computers. She also said that DoubleClick's Web publishers were not violating visitors' rights by passing on their information to the firm -- since the exchange of information was overtly authorized by the publishers themselves, and tacitly by users' decision to visit those sites.

Magistr Worm Emerges, Scarce But Deadly*** Update --NOW #2 THREAT !!! all current anti virus patterns will protect you -- have you updated recently?? :0)

Another worm is on the loose, and while only a handful of PCs have been struck since its discovery on Tuesday, its victims are in a world of hurt.

The worm then attacks the CMOS and Flash BIOS of machines running Windows 95, 98, and ME, which is less secure than Windows NT and 2000 machines, he says. The CMOS is necessary to boot the PC.

"Once [the CMOS] is gone, the computer is useless, and you need to send it back to the vendor for repair," he says.

Once the worm has done its dirty work, and assuming the PC is still functional, it posts another nasty message, then enacts a final measure of cruelty: runaway icons. When a user tries to click on the icons, they move away from the cursor. (try removing the battery for 30 min then reformat???)

Hosted by www.Geocities.ws