E-Musings Mon Immorata

Is MyTob A Super Virus? Eveything you need to know about this new fast-spreading worm, quick takes on Firefox 1.1, Thunderbird 1.1 Alpha, Maxthon 1.3.1, Spybot S&D 1.4 plus tweaking Opera 8.01 to pass the Acid2 test suite. There's a new worm that spreading fast across the Internet. MyTob (W32.Mytob.L@mm, W32/Mytob-D, Win32.Mytob.K, Win32/Mytob.K@mm), seemingly a mutated version of the MyDoom worm, includes code that allows the worm to spin-off slightly modified sub-variants. According to Trend Micro, in the first week of June 2005, infections were found in Australia, China, Hong Kong, India, Japan, Korea, Philippines, Taiwan and the United States. A MyTob infection begins with the worm harvesting email addresses from the Windows Address Book (WAB). It then uses a combination of social engineering with its own SMTP mail server to begin self-replicating and sending copies of itself to the harvested addresses. In the second stage of its infection, MyTob opens a backdoor then connects to an IRC channel to await instructions. The worm also adds an auto run key to the Windows Registry so that the computer is re-infected on each startup. A common process with most worms, which makes them so hard to clean out. It also modifies the Windows Hosts file to block access to known antivirus web sites including those offering online scans. Finally MyTob begins shutting down running processes for security applications like firewalls and antivirus programs. One sub-variant also downloads ADW_MEDTICKS.A spyware that in turn downloads other spyware and adware programs to the infected computer. The sole defense against this Super Worm is to ensure you don't get infected. The precautions are really simple. Don't open any file attachment; including those received from trusted acquaintances. Of course this approach is near-unworkable so use this workaround. Begin by tweaking the Windows file display settings: open Windows Explorer, and from Tools > Folder Options > View, uncheck "Hide file extensions for known file types") so that both filename and its extension are visible. Then right-click on every mail attachment that you need to view and save it to a folder of choice. I use a volatile Ramdisk so that in the event I need to crash start my computer, the potentially dangerous contents of the drive are erased on startup. Once you have saved the attachment use Windows Explorer to view its complete file name. And immediately delete any files with extensions that end with .SCR, .PIF, .EXE, .COM, .BAT or .JS. Now that we've gotten the security concerns out of the way, let's look at some of the significant software releases this week. Heading the list is Mozilla Firefox for Windows/Linux/Mac OS X 1.1 Alpha (formerly Deer Park Alpha 1) which includes native SVG support as well as an Opera-style Fast forward and Rewind navigation buttons. This new build uses a modified Extension Manager and may be incompatible with existing Extensions. Backup your existing profiles using a freeware like MozBackup before installing this Beta release. There's also a new Mozilla Thunderbird 1.1 Alpha 1 version (Win/Linux/Mac OS). There's a new Phishing Detector that examines a message's contents before warning the user via a pop-up status if the client suspects the mail to be a phishing attack. Spell as you Type has been integrated into Compose Mail. And you can now choose to delete/remove email attachments. The built-in RSS news reader client has been improved to include support for pod casting as well as the long-awaited OPML import. You also no longer require a third-part extension to manage multiple SMTP server settings. Now if the Mozilla folks could just include a way to export Thunderbird mail it wouldn't make me feel so hemmed in without an alternative. It';s not that I need one as I'm very happy with Thunderbird. It's just that its great to have a choice. If Outlook/Outlook Express can offer the feature, why can't Thunderbird too? There's also an interim Opera 8.01 web browser update. That improves support for GMail as well as how the Acid2 browser standards compliance test suite is rendered. Opera-watcher Rijk's OperaQA has a before-and-after screen shot. Did you know that a simple user-defined JavaScript file can tweak your Opera to almost perfectly render the Acid2 test? For more on Opera-happenings, bookmark the Opera Watch: The Unofficial Opera Blog. In other updates, Spybot Search & Destroy 1.4 is out of Beta. And there's an incremental Maxthon 1.3.1 upgrade. This adds a new RSS feed discovery notification, and now when inputting new URLs won't change the active tab focus away from the address bar. There's also an 'open offline' feature and you can also choose not to auto-refresh the current tab. The browser also doesn't require confirmation if there's only a single active browsing session (tab). Also new Skype for Windows 1.3.0.48 Beta. I have a personal interest in Skype updates as I find it a pretty good platform for free VoIP calling. Many of my professional contacts also use Spype for free PC-to-PC calls. Although you can buy calling cards in various denomination for PC-to-phone/mobile calls. India is one of the supported destinations. Skype is also available in Linux and Mac OS-X flavors. It uses P2P (peer-to-peer) and can drive a firewall crazy as its requires multiple ports opened to support not just you voice, file and text chat exchanges but also allow other users to piggy-back on your bandwidth. And finally for readers with AMD Athlon hardware, the AMD Athlon 64 X2 Dual Core Processor Driver helps you tweak CPU speeds as well as voltage and power combos for better performance. The application supports AMD Athlon 64 X2 Dual Core processors on Windows 32-bit OS. There's also a separate AMD Athlon 64 X2 Dual Core Processor Driver for Windows XP/2003 x64 Editions. Click Here To Send Feedback