September 06, 2003
CD-Burner preview deferred by virus news, Windows & Office updates, new Mozilla, IrfanView & Thunderbird versions, free e-books
Last week I prepped readers about a free CD-Burner I was planning to preview. But you'll have to wait a little while longer for the review. As I've had to check out 4 separate versions that were released over a 30-day period. Each with features not included in an older build (good). Or lacking features available previously (bad). And with the current crop of security-related and freeware updates, I had crossed my (self-imposed) word limit for this blog. Next week, good buddies!
Worm Alert!!!
Some people are really sick but give them point for ingenuity and social engineering. Why pass up a wonderful opportunity to exploit 9/11 for the second year running? So watch out for the first (of several) commemorative Trojans. The W32/Neroma@MM (Worm/Icebut.A, Worm.Win32.Maro.5632) virus email wrapper is titled "It's Near 911!" with "Nice butt, baby!" in the message body and 911.jpg(.scr) as the attached file.
Unless you have enabled 'display file extensions', you won't see the complete file name. If you manage to infect your computer, the virus attempts to delete files on the 1st, 4th, 8th, 12th, 16th, 20th, 24th and 28th of every month. The virus self-propagates by mailing itself to every contact in your Windows Address Book using Outlook Express (OE).
The worm installs itself as NEROSYS.EXE into the Windows folder. For Windows 2000/NT systems, the worm adds itself as an auto-start Registry key as "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon = Explorer.exe nerosys.exe" and for Windows 9x system, in the SYSTEM.INI file as [boot] "shell" = Explorer.exe nerosys.exe".
Which such worms on the increase I recommend immediate upgrade to Outlook Express 6. That by default has improved security settings to blocks programs attempting to use the Windows Mail API (MAPI) to send mail without a user's specific permission. OE6 also blocks any potentially harmful message attachments. For more on how to modify the list, read Microsoft Knowledge Base Article - 291369: Information About the Unsafe File List in Internet Explorer 6.
Watch out for W32.Mimail.A@mm (W32/Mimail@MM, Mimail, Win32.Mimail.A, W32/Mimail-A, I-Worm.Mimail) which also arrives by mail. It's titled "your account %n%" where '%n%' indicates randomized text with the message as
Hello there,and MESSAGE.ZIP as the attachment. This worm affects all non-updated versions of Outlook Express 5.01, 5.5 and 6.0 where you have not applied Microsoft Security Updates MS03-014 and MS02-015. Sobig too continues to rage somewhat unchecked. I receive on average 123 infected emails (totaling about 10 MB) daily. Many of these messages have been routed to my spoofed-as-sender account from helpful mail servers informing me of an infected message and attaching the infected file. I much prefer those (somewhat more) intelligent mail servers that just send a notification without an attachment: they aren't helping the virus spread. Anti-Spam There's no real solution to blocking spam or virus infected email. Several have been tried including Bayesian techniques. But the latter needs lost of mail to flow through its filters before if can catch junk mail. Unfortunately, several web mail hosts have swung in the opposite directions. And block or worse, delete any mail with HTML scripting. Or in more extreme instance that seems to be junk mail. These false positives often include bank statements and opt-in newsletters. After experimenting with various anti-spam tools, I've fallen back to the human interface: Me! I check all my email accounts (POP3 and Web-only) at least once every two days. And manually delete anything that doesn't ring true. I also check my POBox's Discards list for any false positives that may have been misdirected. The service retains mail until the end of the month, then purges the mailbox contents and starts anew. Since the service was launched in early-2003, it has only mis-labeled under 10 messages of the nearly 3,000 I've received! Free To Secure There's lots of action on the free software front. With several popular utilities being upgraded. But first, a quick overview of Windows security issues. Please make sure your copy of Windows is up to date. There's a new vulnerability being discovered weekly. And many of these flaws are serious enough to warrant an instant patch. Internet Explorer 5.01, 5.5, 6.0 and 6.0 for Windows Server 2003 are affected by a remote code execution flaw. Security vendor eEye Digital Security found that IE allows executable code to run automatically when rendering malicious HTML. There's an on-line test available here to check if your IE version is affected. A patch is awaited. But do bookmark the Windows Security site. Other Microsoft software patches include 4 Office updates. The first, allows a buffer overflow in the Visual Basic for Applications SDK which affects 29 other products developed with this toolkit. The WordPerfect document converter could allow, under certain circumstances, access to files on your hard disk. Or allow an attacker to remotely execute programs with full administrative privileges. The last bug allows macros to run automatically. The Access Snapshot Viewer too may suffer buffer overflows. There's also a possible NetBIOS issue that allows an external attacker to view data on a target machine. All Windows NT/2000/XP/2003 versions are affected. But your data may not be at risk if you have blocked Internet access to Ports 135-136, or have disabled NetBIOS for IP-based transactions. Or have enabled ICF (Internet Connection Firewall) in Windows XP and Windows Server 2003 are shielded by the found in each operating system. Freeware Avenue The popular free graphics viewer IrfanView 3.85 is available. This build includes new and updated image filters. Including support for several Adobe filter sets. It no longer supports the WebShots format at the express request of that service. And add new features along with various code enhancements, and minor bug fixes. I use IrfanView as my default image editor. Not for complex creation work. But for the simple viewing, and manipulation of images for the Web. Mozilla 1.5 Beta too is available. A complete list of changes is available here. Thunderbird 0.2 too has been released. The new build is significantly improved over its predecessors. And has a smaller footprint. More details are available here. And don't forget to update your Spybot Search & Destroy detection list. Several updates have been released over the past week. Free E-Books And finally, don't forget there are free books available on-line. Microsoft Reader's free promotion continues this month. With 3 new e-books for free being released every week until November 2003. This week's reads include Practice What You Preach by David Maister, The Devil's Banker by Christopher Reich, and The Red and the Black by Burton Raffel Stendhal. For Star Wars fans, there's a complete novella Star Wars: The New Jedi Order: Ylesia in PDF available for download. Click Here to Email Me
I would like to inform you about important information regarding your
email address.
This email address will be expiring.
Please read attachment for details.
Best regards, Administrator
Post a Comment