|
From the Tech Support Industry Veterans in Arizona::
VIRUSES OF 2004 HAVE REACHED EPIDEMIC PROPORTIONS
03/04/04
Millions of infected e-mail messages are flooding the internet with Mydoom/Novarg, and multiple variants of the Netsky and Bagle Worms spreading at an alarming rate around the globe. Netsky.d, which was first detected on Monday (March 1st '04), remains one of the most dangerous and fastest spreading of the nine worms to hit in the last week. Symantec has upgraded the Netsky.d threat level to a "4" in its 1 through 5 scale, tying the threat ranking for such infamous viruses as Sobig.f, and MSBlast. Symantec has never used the highest rating, "5," on a worm or virus.
But the biggest virus ever is Mydoom, also known as Novarg. Virus researchers have confirmed that Mydoom is the fastest spreading e-mail virus ever, based on comparisons to last August when Sobig.F took longer to hit its peak numbers, whereas this virus right from the early stages of discovery reached very large volumes of e-mail.
The Mydoom attack appears aimed, in part, at setting up computers for repeated attacks against the web server of the SCO Group Inc. The company has been the target of several attacks over the last 10 months, with the latest in December taking down the company's server for more than a day. While not proven, SCO may have been targeted because of its legal challenge of the open-source operating system Linux, which the company claims contains its copyrighted code. SCO's lawsuits have angered the Linux community and its supporters. Conversely, Linux enthusiasts say the virus may have been assembled for the purpose of defaming Linux developers. SCO has offered a $250,000 reward for the arrest and conviction of the Mydoom virus author, and is working with the U.S. Secret Service and Federal Bureau of Investigation in investigating the virus.
Mydoom arrives in a zip file carried in an e-mail with the subject lines "test," "mail delivery system," or "mail transaction failed." The body of the e-mail tries to trick the receiver into thinking that the actual message is in the attachment. The message contains such statements as "The message contain Unicode characters and has been sent as a binary attachment." Once opened, the worm installs a program in the infected PC and opens a "backdoor" that enables a hacker to take control of the computer. The virus, which affects computers running Windows 95, 98, ME, NT, 2000 and XP, scours the infected computer's hard drive for e-mail addresses to send copies of itself. Mydoom also copies itself to the download directory on PCs for the file-sharing service Kazaa.
NEED HELP with VIRUS REMOVAL and DISASTER RECOVERY for Home and Business?
3rd Party Consulting continues to provide assistance for anyone who needs world class service!
From the Tech Support Industry Veterans in Arizona::
Return of the Worm
We've heard of the worms
and in less than a year,
more than 33 patches...
and the next virus is near!
11/12/03
Microsoft has admitted that there are new problems with Windows.
Well, sort of...here's the explanation.
Not so long ago, Microsoft senior security strategist, Phil Reitinger, told lawmakers on the House Government Reform technology subcommittee about the company's efforts to help consumers defend themselves against viruses and other Internet attacks.
"Microsoft is committed to continuing to strengthen our software to make it less vulnerable to attack," said Reitinger, a former deputy chief in the Justice Department cybercrime division. Still, he acknowledged, "There is no such thing as completely secure software."
However, Windows has some serious flaws.
And once again, (on Sept, 10th) the warning went out to customers that they needed to apply 3 NEW security patches, to prevent Internet attacks remarkably similar to the Blaster virus that infected all of those hundreds of millions of computers back in August.
The 2nd batch of flaws were nearly identical to problems that were exploited by the so-called Blaster infection, which spread with such devastating damage.
And here's something that you need to know:
Computer users who applied the security patch in July to protect themselves from Blaster (in all it's versions) plus Welchia and SoBig, were STILL NOT SAFE.
In order to be protected, users needed to install a new patch from Microsoft AGAIN. Or critical security holes would have allowed attackers to gain control over your computer, delete data and install unwanted programs.
Let's repeat that again.
The new vulnerabilities that were announced were similar to the one that Microsoft warned about in July.
So similar in fact as to be nearly identical...
the software flaw targeted by the Blaster worm and the new security hole were related to the Distributed Component Object Model service that is hosted by a Remote Procedure Call feature in Windows. Those features allow software applications to work with each other across a computer network.
3 vulnerabilities were identified, the first two flaws were buffer overruns, which allowed hackers to take over a computer by swamping it with data.
The third was a denial-of-service flaw that affected a component known as the remote procedure call (RPC) process. Sound familiar?
The RPC process facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, hackers can cause the system to grant full access to its resources and could seize complete control over a victim's computer.
By using the flaws in tandem, a hacker could load unwanted programs onto computers through the buffer overrun flaws and then use the infected computers to launch a denial-of-service attack.
This attack method was to use Blaster, (also dubbed MSBlast and LovSan), to crash many of the computers it infected and try to launch an unsuccessful attack on a Microsoft software download Web site. This would have prevented customers from obtaining the patch that they needed.
The July announcement from Microsoft about the earlier software flaw in the same Windows technology was deemed so serious it prompted separate warnings from the FBI and Department of Homeland Security. Roughly three weeks later, unidentified hackers unleashed the earliest version of the Blaster infection...which experts called one of the worst to hit a software program in years because of the broad number of Windows systems affected.
The operating systems affected by the latest security vulnerabilities are Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. Older versions of Windows, including Windows Millennium, Windows 98, and Windows 95, are not affected, the company said.
From the Tech Support Industry Veterans in Arizona::
Insecurity Complex
It's been the summer from hell
between Blaster, worm and spam,
and remote procedure call
is what tells them: "here I am".
10/11/03
Blaster, Welchia and the Sobig virus, dude - it's been a horrible year for Windows users.
Of course, if you are a member of the digerati who uses a Mac or a Linux PC...you've had nothing but pleasant dreams during these outbreaks -- just like with most previous "malware" epidemics.
Coincidence? I think not.
My daily troubleshooting provides evidence that Windows is being targeted by virus writers, who deliberately exploit vulnerabilites that are inherent in the operating system that is used by *almost everybody.
But millions of people DO use Mac OS X and various flavors of Linux. That makes me curious as to why authors of viruses and worms rarely take aim at the alternative operating systems.
So to re-iterate on the 'security' theme:
- Don't open strange e-mail attachments.
This helps to keep Windows secure (not to mention it's plain common sense), but it isn't enough.
Why? Because the vulnerabilities in Windows are built in.
- Close doors that don't need to be open.
On a PC, these doors are called "ports" -- channels to the Internet reserved for specific tasks, such as using (FTP) to publish a Web page.
These ports are what internet worms like Blaster come in through, exploiting bugs (flaws) in an operating system to implant themselves. (Viruses can't move on their own and need other mechanisms -- called vectors -- such as e-mail or floppy disks, to spread.)
All unneeded ports should be closed.
Windows XP Home Edition, however, ships with five ports open, behind which run "services" that serve no purpose except on a computer network.
Messenger Service, as an example, was designed to allow the network's owner to send out alerts. On a home computer however, it just allows spammers to broadcast to your instant messenger.
Remote Procedure Call, which is the feature that is exploited by Blaster...according to a Microsoft advisory, is "not intended to be used in hostile environments such as the Internet."
Jeff Jones, Microsoft's senior director for "trustworthy computing," said the company was heeding user requests when XP was designed: "What customers were demanding was network compatibility, application compatibility."
But they weren't asking for easily cracked PCs either. Now, Jones said, Microsoft believes it's better to leave ports shut until users open the ones they need. But any change to this dangerous default configuration will only come in some future update.
From the Tech Support Industry Veterans in Arizona::
Information Liquidity
It's not a technical problem,
it's a problem with preview
software doesn't kill email,
it's the people that do.
07/08/03
Let's see if you can pass this test.
Question: If you use the internet, you are getting viruses.
True or False?
The answer is True.
Cause and Effect
You take your average small / big biz user sitting in front of a powerful machine with massive amounts of bandwidth... factor in a lack of experience about anything beyond using Word or Outlook let alone viruses, worms and whatever else.
What do you end up with? A nasty pandemic.
This is the era of the Internet worms -- which are viruses that spread through a network -- and we are seeing hundreds of thousands of PCs worldwide, at the minimum, infected. Many have crashed and networks have slowed to a crawl.
There is some confusion about the details though...various indicators that there is misinformation being reported by the media (like why this is happening, who is to blame, and how serious the threat is).
So far -- the worm known as Sobig is the most potent threat ever..
The SoBig virus spread when unsuspecting computer users opened file attachments in e-mails that contain such familiar headings as "Thank you," "Re: Details" or "Re: approved."
Once the file opens, SoBig, scours the computer for e-mail addresses, checking in Word documents, Internet logs and e-mail inboxes.
Designed like mass-mailing spam programs, it then sends scores of messages to the addresses it has collected. As of the last week of August, one in 17 e-mails sent around the world was infected with SoBig. This increased global e-mail traffic by as much as 60 percent, slowing the Internet to a crawl.
This (at the time) was unprecedented, even taking into account the list of internet worms that have broken previous records, including worms such as Klez and Nimda.
Sobig has a purpose. In fact, technical support technicians have been scrambling for a long time to fend off the most concentrated digital onslaught ever seen.
The most recent outbreak (Aug. 2003) began with the so-called "Blaster" or "LovSan" worm which, by some estimates, infected more than 500,000 computers running the latest version of Microsoft Windows, the world's dominant operating system.
A week later, the "Welchia" or "Nachi" worm surfaced. It masqueraded as a benign program that was supposedly intended to fortify computers against infection from Blaster. But it packed a punch. It clogged computer networks, slowing Internet connections and even knocking systems offline. Nachia's victims included the European engineering firm ABB, Air Canada and the U.S. Navy and Marine Corps.
NOTE: *The sixth version of SoBig, was programmed to expire on September 10, and is no longer a threat.
So WHO can be blamed for the problems?
Well, the fact is -- there's no shortage of blame here. And trust me, so-called "script kiddies" who dabble with the available tools and methods that are highly publicized on websites, can't be blamed for the extent of the problem either. Virus writers, as such, only take advantage of the situation, they are not creating the problem itself.
ITEM: Microsoft Windows operating systems and email programs are NOT SECURE.
I am as sick and tired of the windows-security-holes litany as I am of the security holes themselves. I have written articles about this (2 years ago), and Microsoft launched its "Trustworthy Computing" initiative in January 2002 in an effort to reduce the number of security problems that affected its software.
Weeks ago, Microsoft launched its "Protect Your PC" campaign to encourage people to install security software, such as anti-virus programs, and to regularly update the fixes and patches for their other software.
But there are complications to this process, including how difficult it is for home users with only narrowband connections to download all the patches Microsoft advises it is necessary to apply.
A fairly typical home user with Windows on their PC, may not have been able to apply all the critical Microsoft patches. Without a broadband connection, people could have a stumbling block due to the total volume of updates --which now comes to many megabytes-- incurring the risk of staying online for the several hours it would take to download all these at slow connection speeds. I suspect that this may have led to the vast number of unpatched, hence insecure, home PCs still on the net. So Microsoft is, yet again, partly to blame for this situation.
ITEM: Using Outlook and Outlook Express and email in general IS NOT SAFE.
Remember it's no longer about users clicking attachments - many worms have exploited the auto-preview feature in Outlook (Express) to spread. Yes, Microsoft has fixed this and yes, many people have still not applied this fix. But this is more about behaviour.
Now we've confirmed that Anti-Virus Scanners don't work any more --that was true about three to four years ago, it's only now becoming obvious-- AV vendors are producing tools that are incapable of responding to fast-spreading worms, the implications are that you need to rely on constant upgrades. However, it's just not a good practice to install software on your computer that's had less than a couple of days of testing from the programmer's hands to your system. Believe me, I know what happens when vendors release AV software that isn't sufficiently tested. My 3 years as a Microsoft Technical Support Professional, showed me how badly that can turn out, if everything goes wrong.
Anything less frequent than a weekly update for AV software won't work well enough.
Heuristics (another way of determining virus presence) can only detect code written by really poor virus authors. The more sophisticated ones merely use trial and error until they've evaded the heuristic.
We could also blame ISPs (for not filtering viruses - even though this has to be a ready market many users would be happy to subscribe to), but indeed, the crisis remains. As recently as August and September, experts were again urging computer users to shore up their machines with anti-virus software and to delete suspicious-looking e-mails, hoping that preventive medicine would stop this wave before the next round.
Give us the best AV technology you can think of. Give us email clients that will never ever start a program unless the user makes it. The next worm will still spread based upon the fact that users like to click their attachments.
So when we blame people for not updating their AV software, we should also blame them for clicking every [expletive deleted] attachment they receive. As long as the typical computer users can get on the internet, worms and spammers will have something to feed upon.
In fact, the concept of AV software that really does work and a windows version without security holes scares the hell out of me. If we consider that a few years without worms, without security alerts from MS, and without a post on BugTraq (about exploitable vulnerabilities), would make everyone too confident and complacent, then we are underestimating the risk that someday, somebody will be clever enough to figure out how to make that whole scenario blow up. Then what happens? At that point, people will rely even more heavily on their AV software and their blessed OS than they do now. They will no longer know that you are not supposed to click anything that looks even remotely clickable. And I guarantee this, THEY WILL CLICK.
Open Source alternatives.
As has been repeatedly noted Linux, Mac OS, OS/2 and Unix users are immune to the virus itself but are still getting carpet bombed by the message storm it generates.
I'm also sick of people complaining about this sort of thing...so the usual car analogy will suffice:
Bill: My car has 60,000 faults which render it susceptible to someone else taking control of it while I'm driving.
John: Really? Mine has less than 100 and I can go where I want to.
Bill: Give me the name of your dealer - I'm going to buy one of yours.
And for computers:
Bill: My operating environment has 60,000 faults which render it susceptible to someone else taking control of it.
And I spend all of my time applying security patches (30 so far this year).
John: Really? My operating system has less than 100, far fewer security patches and I spend my time doing what I want.
Bill: Yes, but no one uses your system.
Hello? Excuse me? Did I hear you correctly?
So it's "The Management"...not the helpless end user that's to blame.
I'd also like to add that any approach that is based on users doing the right thing seems bound to run into trouble sooner rather than later. In the long range point of view, the prevalence of these MS-centric viruses will become a stronger and more compelling reason for users to consider open source alternatives. Microsoft is well aware of this, which is why they have the Trusted Computing initiative. Redmond is taking steps to produce more secure code, in its own self interest, but this will take additional time to reach the market. In fairness to Microsoft, its security experts (at least in private) are happy to acknowledge this point.
VIRUS UPDATE:
There are now variations of the last few viruses that can open a door into networks, allowing hackers to download files, steal system information and spread malicious programs. Like Trojan Horses, they can use the backdoor to gain access in the network and gain control of work stations.
Are you interested in additional details?
Do you want an ACTION PLAN to implement the BEST PRACTICE PROCEDURES?
Send an email to get the technical stuff, in the form of a "How-to" tutorial from Ask Your Az-Tek How?
From the Tech Support Industry Veterans in Arizona::
TROUBLESHOOTING STRATEGY
Invalid page fault, general protection fault, fatal exception, illegal operation, access violation, hangs & crashes...
All these Windows errors more or less require the same troubleshooting strategy. This "strategy" encompasses the steps you should take, in a certain order, to find the cause of the problem and, hopefully, solve it. (Note that depending on the Windows OS release you have, some of the tools and utilities mentioned here may be missing on your system. This article is mainly intended for Windows 98 users however, who should have them all.)
There are two kinds of errors: random and reproducible.
Random (or Intermittent) errors occur without a clear pattern, when you perform different actions and/or use different applications. They are generally caused by the operating system, drivers, or hardware.
Reproducible errors are the errors that are, of course, easy to reproduce. You use a certain application or perform a specific action, and the error will almost always show up. These errors can be a little easier to solve, because the vast majority of them are caused by applications or outdated drivers. In this case, using Dr. Watson is a good idea.
Anyway, after performing a step which changes a file or setting, you should restart Windows and try to reproduce the error, even if it's random, to see if the troubleshooting did any good.
---The Strategy---
Read the error message.
Understanding error messages is not always easy. You should try and find out if the error message, including all the details that come with it, relates to a known issue. First, check the resources that are on your hard disk: the Help files, the Windows Troubleshooters and the Windows TXT files. Finding the error message and a solution at sites likes this one, the MS knowledge base or in a book can spare you a lot of time. If the error is caused by an application that has troubleshooting pages at its web site, don't forget to look there also. Gathering detailed information about the error can be done with Dr. Watson.
Use MSInfo to check for hardware problems.
If your system performance is poor due to a high amount of random errors, including blue screens, you could waste a lot of time looking for software faults. Therefore, you should first check for hardware errors. Apart, from special programs, such as WinCheckit, you can do this in a more limited way with the System Information (MSInfo) tool to see if there are any "problem devices" on their system. If there are, this doesn't necessarily mean that these particular devices cause the problem you're trying to solve--some systems can function with a problem without ever letting you notice. Also don't forget that from within MSInfo you can run most of the Windows troubleshooting utilities.
Run Windows in Safe Mode
Start up Windows in Safe Mode and try to reproduce the error. If this error is always caused by the same application, you should of course run the application. If the error, general or specific, does not occur in Safe Mode, it is likely that your problem is software-related (note: hardware drivers are software). If the error does occur, there could be something wrong with your hardware and you can skip all troubleshooting steps that include editing Autoexec.bat, Config.sys or disabling Startup items.You could use third party tools to determine exactly which piece of hardware is faulty or let your retailer do this, but you might try the following steps first.
Remove temporary files.
Run Disk Cleanup and remove all temporary (internet) files. Cluttered temp folders can get in the way of almost anything.
Update hardware drivers.
If you suspect that a hardware driver could cause the problem, you could try and update the driver. Display drivers are the most likely to cause all kinds of errors; sound drivers come second. Go to Control Panel, System, Device Manager. Make sure you are viewing devices by type. Expand (for instance) the Display item and check out the brand and version of the device. For updates of drivers, you could try going online and searching for them. To install the update, select the device in Driver Manager, click Properties, click the Driver tab and the Update Driver button. Don't forget that you can use MSInfo and ASD to look for problem devices.
Disable hardware in a Test configuration.
To try and determine which hardware device might be faulty, you could disable devices one-by-one and use your PC to see whether the problem is no longer happening (or changed). The easiest and safest way to do this is with a test configuration: go to Control Panel, System, and click the Hardware Profiles tab. Click Copy and type the name of the test hardware profile, for instance simply TEST. Your current hardware profile will be TEST now, and you don't have to reboot, but be prepared: after restarting, the computer will tell you that it can't determine which hardware profile is enabled and will prompt you to select one ("Original Configuration", "TEST" or "None of the above"). This will stop once the TEST configuration is deleted (same route as to installing it).
But first, use the TEST profile by going to Control Panel, System, Device Manager, and select the device you want to disable. Click the Properties button. At the bottom of the General tab, check "Disable in this hardware profile", if the option is there.
Tip: see if disabling Advanced Power Management Support brings any relief (you'll find it in the System Devices branch in Device Manager).
Of course you'll have to use a bit of common sense: disabling your motherboard resources probably won't bring any relief. But you can disable for instance anything under "Sound, video and game controllers", modems, some adaptors, etc. If you do make a mistake, you can always restart your computer and enable the Original Configuration.
Uninstall and reinstall.
If the same application keeps causing errors, try uninstalling it and reinstalling it. Caution: "uninstalling" is not the same as "removing". To know the best way to uninstall, read this.
Check the bootlog.txt
Start Windows up "logged" and look in Bootlog.txt for loading errors. To learn how to do this...contact me for more information.
|
|
About the Service::
Face the Facts...
the Tech Support Industry
is going overseas.
But, if YOU
prefer to speak to
someone from the United States,
then you might want to check out -
"ASK YOUR AZ-TEK HOW"
Technical Support Service
in association with 3rd Party Consulting
Now you can get the same
High Quality Technical Support
that you've had in the past...
from *real* Ex-Microsoft Techs.
Click Here to
Learn More About
"Ask Your Az-Tek How" :
A Tucson-based Technical Support Service
DO YOU NEED HELP?
Technical Support for --
Troubleshooting, Repairs, Upgrades, Installs/Re-installs, and updates for service packs, hot fixes and patches - formats, MSDOS commands etc.
Including:
Microsoft Windows XP, Windows 98, Windows 2003, Windows ME, Windows 95, Windows 2000, Windows NT, & MSDOS
Also WinXP (whistler), Win03 (.net), and Longhorn.
Dell, Gateway, Sony, HP or Compaq desktop PC's, Laptops, home built, OEM, manufactured, whatever you need help with.
In addition, we can make suggestions for your hardware issues and get you connected to the internet (Broadband cable or DSL).
Home Networks Too!
Experienced, High Quality, *U.S.*-based Technical Support Services from Ex-Microsoft Professionals
| Warnings and Advice:: |
[-] |
VULNERABILITIES;
VIRUSES &
SECURITY CONCERNS
Trojan programs infect
computers by exploiting
Internet Explorer vulnerabilities.
Virus Types and Actions
Everyone knows that computer viruses,
like their biological cousins, are
bad news, but beyond this and perhaps
a rough understanding very few can
distinguish one from another or describe
just how these pests operate.
To shed some light on the subject,
following are three main virus forms
and basic descriptions of what they do.
Macro Viruses
most often infect Microsoft Office
documents and other similar document forms;
they are especially fond of Word, Excel
and Outlook. They typically employ visual
basic scripts and are distributed by email.
Macro virus payloads, which are set in
motion when an infected application is run,
are generally not extremely vicious but
nonetheless are certainly unwelcome and
at the very least highly annoying to victims.
The most famous macro virus is Melissa
who gained infamy in the spring of '99
by spreading itself via victim Outlook
address books. Melissa did not cause
tremendous damage to individual users
but did substantial damage to large
corporate networks that were forced
to shutdown under the onslaught of
emails produced by its
multiplicative spreading.
File Infectors
do their dirty deeds by attaching
themselves to executable code in
files with extensions such as
.com or .exe or in more extreme
cases these viruses can get into
operating system execution files
with extensions including
.sys, .prg and .dll among others.
When an infected program or OS
is run the virus code of the file
infector gains access to the host
(victim) system by entering along
with the legitimate code it has
attached itself too. Trojan horses
can propagate as part of file
infector viruses.
Boot-sector Infectors
infect system code such as the
boot sector of floppies or the
Master Boot Record on hard drives.
Once an infected drive
(floppy or hard drive)
is booted, these viruses load
themselves into the system memory
of victim machines. A process that
makes users unaware of their presence...
well, at least not at first, but more
on that a bit later. Once in memory,
boot-sector infectors can infect any
file that is executed.
Worms fall into this category.
Worms do not alter files but deliver
their payload by means of propagation
and are very hard for victims to be
aware of and usually become evident
when their intense regeneration grinds
victim machines down to a halt by
increasingly eating up system resources.
The good news is, turning off an
infected machine purges these
viruses from system memory.
Any major anti-virus solution offers
protection against all three virus types
described here, however,
a neglected anti-virus program
will provide far less protection
than a properly updated one.
Hackers, Thieves,
Terrorism, War,
Computer Viruses
A recent survey conducted by
the Opinion Research Corporation
posed the following question to
a sample of 1,000 people
(active consumers) -
"Which of the following
has had the most impact
on your awareness of security issues?"
The attack on the World Trade Center
in New York was chosen as the
number one cause for concern
by 46% of the respondents,
followed by 22% identifying
identity theft,
a crime often committed via
the Internet by hackers,
though it also involves
less technical digressions
including intercepting sensitive
postal mail containing sensitive
items and data such as issued
credit cards etc. War ranked
third at 19% and computer viruses
polled 4th as the most feared threat
6% of the time.
Of those surveyed, despite their concerns,
40% admitting to taking no steps
toward improving their personal security
within the past 6 months. Of the respondents
who did take action, 39% reported installing
anti-virus software, while 21% moved personal
data to a more secure location and 19%
reviewed their online service
provider's security policies.
The data suggests that while people
feel anxiety from terrorism and war,
they see these threats as mostly
beyond their control, while other threats,
most notably online threats such as
viruses and hackers, are areas where
they can actively improve their protection.
AZ-TEK TOP 5 LIST
WORST ALL-TIME VIRUS TYPES:
1. BUGBEAR
2. BLASTER
3. SOBIG
4. KLEZ
5. NIMDA
And now for something
a *little different...
WORM_HOBBIT.G
is a Win32 worm
that propagates via
Microsoft Outlook
and the KaZaa network.
In Microsoft Outlook,
it sends itself as an
email message with
the following details:
Subject: Fwd: Scan your
computer for this
new virus threat...
Message Body:
This is a fix and
removal for the new
internet worm known
as BugBear.
1 in ever 4
computers in infected
with this virus.
When run, it will
scan your computer
and notify you if
you're infected or not,
then clean if infected.
Attachment: Anti-Bug.exe
To make itself easily
accessible over the
Kazaa network,
this worm copies
itself to the
following folders:
C:\KaZaa\My Shared Folders
C:\Program Files\KaZaaMy Shared Folders
Upon execution, it displays
a message box with the title
kn0x 0wnz
and the message
System Not Infected
with Bugbear.
This worm creates copies
of itself in the
Windows directory
as shizzle.exe
and Anti-Bug.exe,
and it adds
a registry entry
that allows it
to execute at
every Windows startup.
It drops a number of
files by certain names,
which could have the
extensions .EXE, .PIF,
.BAT, or .SCR.
It also may choose
filenames from
a lengthy list
of specific possibilities.
This worm also attempts
to perform a DoS
(Denial of Service)
attack on a
certain Web site
by continuously sends
PING requests to
this site, each
containing 10,000 Bytes.
NOTE: Az-Tek wants to know...
Are YOU interested in
what all of this means?
Send an email to get the details!
Ask Your Az-Tek What?
Other Free Services and Tools::
Although most security services
and software do cost money...
there ARE some free services and free tools.
DISCLAIMER:
We have done extensive testing
and trial-runs and can assure
that these are all malware-free...
however, use of any of the following is
at your own risk.
WE ASSUME NO RESPONSIBILITY FOR YOUR OWN RESULTS.
After using one of the provided links,
just press your "back" button;
and return to the page you previously visited
(i.e. "free services and free tools").
Panda online antivirus test.
Detects and cleans at the spot, using a daily updated database.
NOTE:
ONLY for systems with NO antivirus installed.
ActiveX needs to be enabled.
Just click above to start the service.
GFI on line trojan scanner
The only specific on line trojan scanner.
added 07/03/2003
Audit My PC
Audit your firewall for weaknesses!
Various tests for dangerous scripts (Java Applets, ActiveX, Scrap files, attachments)
Determine if your webserver is susceptible or has been exploited by the Nimda worm
Test to find out if your system is vulnerable to the very serious cookie vulnerability
(javascript enabled to perform the test).
Extensive tests to check if your email software is secure.
A malicious website may make IExplorer automaticly download and run a program when visiting a website or reading an HML mail message. Test if your IExplorer is vulnerable!
Test your Internet Explorer for this dangerous vulnerability!
Test your system for infection.
|