|
From the Tech Support Industry Veterans in Arizona::
VIRUSES OF 2004 HAVE REACHED EPIDEMIC PROPORTIONS
03/04/04
Millions of infected e-mail messages are flooding the internet with Mydoom/Novarg, and multiple variants of the Netsky and Bagle Worms spreading at an alarming rate around the globe. Netsky.d, which was first detected on Monday (March 1st '04), remains one of the most dangerous and fastest spreading of the nine worms to hit in the last week. Symantec has upgraded the Netsky.d threat level to a "4" in its 1 through 5 scale, tying the threat ranking for such infamous viruses as Sobig.f, and MSBlast. Symantec has never used the highest rating, "5," on a worm or virus.
But the biggest virus ever is Mydoom, also known as Novarg. Virus researchers have confirmed that Mydoom is the fastest spreading e-mail virus ever, based on comparisons to last August when Sobig.F took longer to hit its peak numbers, whereas this virus right from the early stages of discovery reached very large volumes of e-mail.
The Mydoom attack appears aimed, in part, at setting up computers for repeated attacks against the web server of the SCO Group Inc. The company has been the target of several attacks over the last 10 months, with the latest in December taking down the company's server for more than a day. While not proven, SCO may have been targeted because of its legal challenge of the open-source operating system Linux, which the company claims contains its copyrighted code. SCO's lawsuits have angered the Linux community and its supporters. Conversely, Linux enthusiasts say the virus may have been assembled for the purpose of defaming Linux developers. SCO has offered a $250,000 reward for the arrest and conviction of the Mydoom virus author, and is working with the U.S. Secret Service and Federal Bureau of Investigation in investigating the virus.
Mydoom arrives in a zip file carried in an e-mail with the subject lines "test," "mail delivery system," or "mail transaction failed." The body of the e-mail tries to trick the receiver into thinking that the actual message is in the attachment. The message contains such statements as "The message contain Unicode characters and has been sent as a binary attachment." Once opened, the worm installs a program in the infected PC and opens a "backdoor" that enables a hacker to take control of the computer. The virus, which affects computers running Windows 95, 98, ME, NT, 2000 and XP, scours the infected computer's hard drive for e-mail addresses to send copies of itself. Mydoom also copies itself to the download directory on PCs for the file-sharing service Kazaa.
NEED HELP with VIRUS REMOVAL and DISASTER RECOVERY for Home and Business?
3rd Party Consulting continues to provide assistance for anyone who needs world class service!
From the Tech Support Industry Veterans in Arizona::
Return of the Worm
We've heard of the worms
and in less than a year,
more than 33 patches...
and the next virus is near!
11/12/03
Microsoft has admitted that there are new problems with Windows.
Well, sort of...here's the explanation.
Not so long ago, Microsoft senior security strategist, Phil Reitinger, told lawmakers on the House Government Reform technology subcommittee about the company's efforts to help consumers defend themselves against viruses and other Internet attacks.
"Microsoft is committed to continuing to strengthen our software to make it less vulnerable to attack," said Reitinger, a former deputy chief in the Justice Department cybercrime division. Still, he acknowledged, "There is no such thing as completely secure software."
However, Windows has some serious flaws.
And once again, (on Sept, 10th) the warning went out to customers that they needed to apply 3 NEW security patches, to prevent Internet attacks remarkably similar to the Blaster virus that infected all of those hundreds of millions of computers back in August.
The 2nd batch of flaws were nearly identical to problems that were exploited by the so-called Blaster infection, which spread with such devastating damage.
And here's something that you need to know:
Computer users who applied the security patch in July to protect themselves from Blaster (in all it's versions) plus Welchia and SoBig, were STILL NOT SAFE.
In order to be protected, users needed to install a new patch from Microsoft AGAIN. Or critical security holes would have allowed attackers to gain control over your computer, delete data and install unwanted programs.
Let's repeat that again.
The new vulnerabilities that were announced were similar to the one that Microsoft warned about in July.
So similar in fact as to be nearly identical...
the software flaw targeted by the Blaster worm and the new security hole were related to the Distributed Component Object Model service that is hosted by a Remote Procedure Call feature in Windows. Those features allow software applications to work with each other across a computer network.
3 vulnerabilities were identified, the first two flaws were buffer overruns, which allowed hackers to take over a computer by swamping it with data.
The third was a denial-of-service flaw that affected a component known as the remote procedure call (RPC) process. Sound familiar?
The RPC process facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, hackers can cause the system to grant full access to its resources and could seize complete control over a victim's computer.
By using the flaws in tandem, a hacker could load unwanted programs onto computers through the buffer overrun flaws and then use the infected computers to launch a denial-of-service attack.
This attack method was to use Blaster, (also dubbed MSBlast and LovSan), to crash many of the computers it infected and try to launch an unsuccessful attack on a Microsoft software download Web site. This would have prevented customers from obtaining the patch that they needed.
The July announcement from Microsoft about the earlier software flaw in the same Windows technology was deemed so serious it prompted separate warnings from the FBI and Department of Homeland Security. Roughly three weeks later, unidentified hackers unleashed the earliest version of the Blaster infection...which experts called one of the worst to hit a software program in years because of the broad number of Windows systems affected.
The operating systems affected by the latest security vulnerabilities are Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. Older versions of Windows, including Windows Millennium, Windows 98, and Windows 95, are not affected, the company said.
From the Tech Support Industry Veterans in Arizona::
Insecurity Complex
It's been the summer from hell
between Blaster, worm and spam,
and remote procedure call
is what tells them: "here I am".
10/11/03
Blaster, Welchia and the Sobig virus, dude - it's been a horrible year for Windows users.
Of course, if you are a member of the digerati who uses a Mac or a Linux PC...you've had nothing but pleasant dreams during these outbreaks -- just like with most previous "malware" epidemics.
Coincidence? I think not.
My daily troubleshooting provides evidence that Windows is being targeted by virus writers, who deliberately exploit vulnerabilites that are inherent in the operating system that is used by *almost everybody.
But millions of people DO use Mac OS X and various flavors of Linux. That makes me curious as to why authors of viruses and worms rarely take aim at the alternative operating systems.
So to re-iterate on the 'security' theme:
- Don't open strange e-mail attachments.
This helps to keep Windows secure (not to mention it's plain common sense), but it isn't enough.
Why? Because the vulnerabilities in Windows are built in.
- Close doors that don't need to be open.
On a PC, these doors are called "ports" -- channels to the Internet reserved for specific tasks, such as using (FTP) to publish a Web page.
These ports are what internet worms like Blaster come in through, exploiting bugs (flaws) in an operating system to implant themselves. (Viruses can't move on their own and need other mechanisms -- called vectors -- such as e-mail or floppy disks, to spread.)
All unneeded ports should be closed.
Windows XP Home Edition, however, ships with five ports open, behind which run "services" that serve no purpose except on a computer network.
Messenger Service, as an example, was designed to allow the network's owner to send out alerts. On a home computer however, it just allows spammers to broadcast to your instant messenger.
Remote Procedure Call, which is the feature that is exploited by Blaster...according to a Microsoft advisory, is "not intended to be used in hostile environments such as the Internet."
Jeff Jones, Microsoft's senior director for "trustworthy computing," said the company was heeding user requests when XP was designed: "What customers were demanding was network compatibility, application compatibility."
But they weren't asking for easily cracked PCs either. Now, Jones said, Microsoft believes it's better to leave ports shut until users open the ones they need. But any change to this dangerous default configuration will only come in some future update.
|
|
About the Service::
Face the Facts...
the Tech Support Industry
is going overseas.
But, if YOU
prefer to speak to
someone from the United States,
then you might want to check out -
"ASK YOUR AZ-TEK HOW"
Technical Support Service
in association with 3rd Party Consulting
Now you can get the same
High Quality Technical Support
that you've had in the past...
from *real* Ex-Microsoft Techs.
Click Here to
Learn More About
"Ask Your Az-Tek How" :
A Tucson-based Technical Support Service
DO YOU NEED HELP?
Technical Support for --
Troubleshooting, Repairs, Upgrades, Installs/Re-installs, and updates for service packs, hot fixes and patches - formats, MSDOS commands etc.
Including:
Microsoft Windows XP, Windows 98, Windows 2003, Windows ME, Windows 95, Windows 2000, Windows NT, & MSDOS
Also WinXP (whistler), Win03 (.net), and Longhorn.
Dell, Gateway, Sony, HP or Compaq desktop PC's, Laptops, home built, OEM, manufactured, whatever you need help with.
In addition, we can make suggestions for your hardware issues and get you connected to the internet (Broadband cable or DSL).
Home Networks Too!
Experienced, High Quality, *U.S.*-based Technical Support Services from Ex-Microsoft Professionals
| Warnings and Advice:: |
[-] |
VULNERABILITIES;
VIRUSES &
SECURITY CONCERNS
Trojan programs infect
computers by exploiting
Internet Explorer vulnerabilities.
Virus Types and Actions
Everyone knows that computer viruses,
like their biological cousins, are
bad news, but beyond this and perhaps
a rough understanding very few can
distinguish one from another or describe
just how these pests operate.
To shed some light on the subject,
following are three main virus forms
and basic descriptions of what they do.
Macro Viruses
most often infect Microsoft Office
documents and other similar document forms;
they are especially fond of Word, Excel
and Outlook. They typically employ visual
basic scripts and are distributed by email.
Macro virus payloads, which are set in
motion when an infected application is run,
are generally not extremely vicious but
nonetheless are certainly unwelcome and
at the very least highly annoying to victims.
The most famous macro virus is Melissa
who gained infamy in the spring of '99
by spreading itself via victim Outlook
address books. Melissa did not cause
tremendous damage to individual users
but did substantial damage to large
corporate networks that were forced
to shutdown under the onslaught of
emails produced by its
multiplicative spreading.
File Infectors
do their dirty deeds by attaching
themselves to executable code in
files with extensions such as
.com or .exe or in more extreme
cases these viruses can get into
operating system execution files
with extensions including
.sys, .prg and .dll among others.
When an infected program or OS
is run the virus code of the file
infector gains access to the host
(victim) system by entering along
with the legitimate code it has
attached itself too. Trojan horses
can propagate as part of file
infector viruses.
Boot-sector Infectors
infect system code such as the
boot sector of floppies or the
Master Boot Record on hard drives.
Once an infected drive
(floppy or hard drive)
is booted, these viruses load
themselves into the system memory
of victim machines. A process that
makes users unaware of their presence...
well, at least not at first, but more
on that a bit later. Once in memory,
boot-sector infectors can infect any
file that is executed.
Worms fall into this category.
Worms do not alter files but deliver
their payload by means of propagation
and are very hard for victims to be
aware of and usually become evident
when their intense regeneration grinds
victim machines down to a halt by
increasingly eating up system resources.
The good news is, turning off an
infected machine purges these
viruses from system memory.
Any major anti-virus solution offers
protection against all three virus types
described here, however,
a neglected anti-virus program
will provide far less protection
than a properly updated one.
Hackers, Thieves,
Terrorism, War,
Computer Viruses
A recent survey conducted by
the Opinion Research Corporation
posed the following question to
a sample of 1,000 people
(active consumers) -
"Which of the following
has had the most impact
on your awareness of security issues?"
The attack on the World Trade Center
in New York was chosen as the
number one cause for concern
by 46% of the respondents,
followed by 22% identifying
identity theft,
a crime often committed via
the Internet by hackers,
though it also involves
less technical digressions
including intercepting sensitive
postal mail containing sensitive
items and data such as issued
credit cards etc. War ranked
third at 19% and computer viruses
polled 4th as the most feared threat
6% of the time.
Of those surveyed, despite their concerns,
40% admitting to taking no steps
toward improving their personal security
within the past 6 months. Of the respondents
who did take action, 39% reported installing
anti-virus software, while 21% moved personal
data to a more secure location and 19%
reviewed their online service
provider's security policies.
The data suggests that while people
feel anxiety from terrorism and war,
they see these threats as mostly
beyond their control, while other threats,
most notably online threats such as
viruses and hackers, are areas where
they can actively improve their protection.
AZ-TEK TOP 5 LIST
WORST ALL-TIME VIRUS TYPES:
1. BUGBEAR
2. BLASTER
3. SOBIG
4. KLEZ
5. NIMDA
And now for something
a *little different...
WORM_HOBBIT.G
is a Win32 worm
that propagates via
Microsoft Outlook
and the KaZaa network.
In Microsoft Outlook,
it sends itself as an
email message with
the following details:
Subject: Fwd: Scan your
computer for this
new virus threat...
Message Body:
This is a fix and
removal for the new
internet worm known
as BugBear.
1 in ever 4
computers in infected
with this virus.
When run, it will
scan your computer
and notify you if
you're infected or not,
then clean if infected.
Attachment: Anti-Bug.exe
To make itself easily
accessible over the
Kazaa network,
this worm copies
itself to the
following folders:
C:\KaZaa\My Shared Folders
C:\Program Files\KaZaaMy Shared Folders
Upon execution, it displays
a message box with the title
kn0x 0wnz
and the message
System Not Infected
with Bugbear.
This worm creates copies
of itself in the
Windows directory
as shizzle.exe
and Anti-Bug.exe,
and it adds
a registry entry
that allows it
to execute at
every Windows startup.
It drops a number of
files by certain names,
which could have the
extensions .EXE, .PIF,
.BAT, or .SCR.
It also may choose
filenames from
a lengthy list
of specific possibilities.
This worm also attempts
to perform a DoS
(Denial of Service)
attack on a
certain Web site
by continuously sends
PING requests to
this site, each
containing 10,000 Bytes.
NOTE: Az-Tek wants to know...
Are YOU interested in
what all of this means?
Send an email to get the details!
Ask Your Az-Tek What?
Other Free Services and Tools::
Although most security services
and software do cost money...
there ARE some free services and free tools.
DISCLAIMER:
We have done extensive testing
and trial-runs and can assure
that these are all malware-free...
however, use of any of the following is
at your own risk.
WE ASSUME NO RESPONSIBILITY FOR YOUR OWN RESULTS.
After using one of the provided links,
just press your "back" button;
and return to the page you previously visited
(i.e. "free services and free tools").
Panda online antivirus test.
Detects and cleans at the spot, using a daily updated database.
NOTE:
ONLY for systems with NO antivirus installed.
ActiveX needs to be enabled.
Just click above to start the service.
GFI on line trojan scanner
The only specific on line trojan scanner.
added 07/03/2003
Audit My PC
Audit your firewall for weaknesses!
Various tests for dangerous scripts (Java Applets, ActiveX, Scrap files, attachments)
Determine if your webserver is susceptible or has been exploited by the Nimda worm
Test to find out if your system is vulnerable to the very serious cookie vulnerability
(javascript enabled to perform the test).
Extensive tests to check if your email software is secure.
A malicious website may make IExplorer automaticly download and run a program when visiting a website or reading an HML mail message. Test if your IExplorer is vulnerable!
Test your Internet Explorer for this dangerous vulnerability!
Test your system for infection.
|