Stay safe online! October is national cyber security awareness month. Get more info at Stay Safe Online website. October, 2006 "bloodhound" and "beagle" are current problems. Lot's of microsoft fixes lately. Be sure your microsoft windows is up to date. Get "Windows defender" while you are there. If you "Power Point" be sure to get the latest fix for the targeted attacks for the WebViewFolderIcon ActiveX vulnerability exploited through Internet Explorer “drive by installs” and “drive by downloads". August 2006 saw messages like this: " Due to the recent Security bulletin released by Microsoft and press release issued by Department of Homeland Security all Windows servers we will undergo emergency maintenance on Wednesday morning beginning at 12:00am EST. Customers may experience minor periods of website unavailability during this security upgrade process. While the DHS rarely issues patch advisories, the department seems keen to prevent massive damage from another worm like MSBlast, which made the rounds several years ago and brought down computers around the world. The concern appears to be justified; both CERT and Microsoft claim that they have already seen code which exploits this particular vulnerability. Information regarding the latest patch and the need to secure each system can be viewed at: Dept. of Homeland Security June 2006 threats include Trojan.Looksky, SymbOS.Romride.B, Bloodhound.Tibs & Backdoor. Currently, cybercrime is becoming a greater threat due to the growth of online fraud (phishing & pharming). Be sure to check the Microsoft, Symantec or McAffee sites for the latest information. A laptop belonging to an Ernst & Young employee was stolen in a car theft earlier this year. Ernst & Young is the auditor for Hotels.com, an Expedia company, and the laptop contained personal data on Hotels.com customers. Specifically, the information on the laptop may have included your name, address and some credit or debit card information you provided if you made a hotel reservation thru hotels.com in 2004. Microsoft has launched Windows Live OneCare! February 2, 2006 Kama Sutra attack scheduled for Feb. 3 will wipe word, excel, pdf files from your harddrive. Make sure all systems have the latest updates and all virus definitions are up to date!!! If your clock is wrong, your system may already have been compromised. January 10, 2006: New WMF Problem The newly disclosed issues could be a conduit for denial-of-service attacks, according to a description sent to the Bugtraq mailing list on Monday. A core function of the Windows operating system, explorer.exe, will crash a vulnerable Windows PC if a user views a specially crafted WMF image, according to the description. Explorer runs the Windows user interface, including the Start menu, taskbar, desktop and file manager. "Right now, the situation is bad, but it could be much worse. The potential for problems is bigger than we have ever seen...We estimate 99 percent of computers worldwide are vulnerable to this attack." (Mikko Hypponen, chief research officer at F-Secure). Microsoft did issue a fix last week (for last weeks threat). Did you get it??? January 5, 2006: We are at ThreatCon Level 3 High : Known threat; This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. There is a new danger floating around the Internet right now, a zero-day exploit taking advantage of the Windows Media Format (WMF) vulnerability. Its not limited to WMF files, it is taking the shape of images as well. Windows OSes and Lotus Notes are vulnerable. This exploit is currently billed as the worst infection in history. It can hide rootkits, it can even hide itself. Trojan.Satiloler.B is a Trojan horse that attempts to steal user names, passwords, and other information from the compromised computer. It also attempts to open a proxy server on a random TCP port. October 2005: Latest Security Threats A buffer overflow vulnerability exists in the Microsoft Windows DirectX component. This issue is related to processing of .AVI (Audio Visual Interleave) media files. The specific vulnerability exists in DirectShow and could be exposed through applications that employ DirectShow to process .AVI files. Successful exploitation will permit execution of arbitrary code in the context of the user who opens a malicious .AVI file. W32.Mytob.KR@mm is the latest mass mailing worm. Also a few "bloodhounds" out there along with a spybot or two. April 2005: Security Threats McAfee's Anti-virus and Vulnerability Emergency Response Team (AVERT) reports that more than 1,000 new attacks aimed at software vulnerabilities emerged in the first three months of this year. The total amounts to a roughly 6 percent increase, compared with the same period last year. McAfee also said that while software makers have improved their ability to respond to vulnerabilities as the flaws are discovered, it found that at least 50 percent of computers connected to the Internet remain improperly protected by product updates or patches. "People are finding a way to gain access to control a machine, or group of machines, through a variety of ways, and to then use those computers to spam or steal." Phishing attacks, a form of online threat aimed at stealing personal data for criminal use or identity theft, continued to increase rapidly during the first quarter, the frequency of phishing attacks is growing by 25 percent per month. Latest/Greatest Fix: Microsoft (Beta) Anti-Spyware...runs in the background...keeps your 'puter klean. Download Site Holidays 2004: Latest Threats Four Email Bugs, Three Trojan Horses, 2 Sobig Worms and a Partridge in a Pear Tree! Inzae.A@MM mass mailing worm Yanz.B@MM email worm Sept. 1, 2004: Microsoft Update: Get XP Service Pack 2 (Be Careful, causes conficts with some software & machines) June 1, 2004: Take a look at the new FREE Windows XP security pac coming soon. Video interview on ZD net May 15, 2004: AS.MW2004.Trojan & Gaobot...Newest Pests. One targets MAC machines. The other modifies files, degrades performance and releases confidential info (yours) in mass emailings. Hoaxes are running around the internet. Before trying to fix something always be sure it is not a hoax! Norton has a hoax list so you can avoid deleting a critical file on your computer. May 1, 2004: Microsoft warns of the Sasser Worm and its variants...which exploits the local security authority subsystem service (LSASS). See microsoft update MS04-011. Be sure you have a firewall activated and install the update. If you have not been keeping your computer up to date because of a slow internet connection, you can get all the fixes from microsoft on a cd. Go to Microsoft right now and order this CD for Win 98 thru Win XP. It is FREE! March, 2004 Latest Bugs are: Netsky, Beagle, Tuoba & HLLW. Some of these allow others to access your computer thru an IRC channel, some do mass mailing from your computer, some copy themselves to folders on your computer, some set up your computer as a web server. Have you downloaded the latest virus definitions this week? Have you checked recently for microsoft critical updates? Have you cleaned your cache & trash and defraged your computer lately?

Latest Pests named Backdoor.OptixPro.13.c & W32.Blaster.K... Hackers build pests in worm generator software. Backdoor is a trojan horse and can give a hacker access to your computer... Then there is "Mimail". It will collect your sensitive info and mail it to every email address anywhere on your computer. So, if you catch that bug after reading this page, I may get to see your vacation photos in the park. Take a moment right now to be sure your windows operating system has ALL the latest critical updates and you do have the very latest (every week) virus definition files. Even then you could catch a bug between the time it is created by hackers and the anti-virus people code a fix. Symantec Virus removal tools McAfee virus removal tools McAfee free scan Ontrack (V-Com) Virus Tutorial

W32.Sobig.F@mm This one is now upgraded to category 3. Subject: Re: Details Re: Approved Re: Re: My details Re: Thank you! Re: That movie Re: Wicked screensaver Re: Your application Thank you! Your details Body: See the attached file for details Please see the attached file for details.

Attachment: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif If you open one of these attachments... Sobig.F can download arbitrary files to your infected computer and execute them. The author of the worm has used this functionality to steal confidential system information and to set up spam relay servers on infected computers. The Sobig.F virus spreads by harvesting e-mails from Web pages and from the address book of an infected computer. It sends a copy of itself to the addresses in an e-mail message with subject lines such as "Your Details," "Re: Approved," and "Thank you!" The virus also spreads by copying itself to shared network hard drives that are accessible to the infected computer. Then you become the spammer, sending out thousands of unwanted emails. If your ISP finds out, they may terminate your service!

Summer 2003 Bugbear made a comeback this month in the form of W32.Bugbear.b@mm. This one has some significant differences from the original version. The greatest concern is the key logging and data export. Users wouldn't be infected if their computers were patched & up to date. These are some of the most common Viruses, Trojans, Worms reported to Symantec Security Response lately. Latest Virus Threats W32.HLLW.Redist.C@mm W32.Moubot W32.HllW.Warpigs W32.HllW.Warpigs B W32.Janic@mm W32.Sadon.dr Top Threats W32.Bugbear.b@mm W32.Klez.H@mm W32.Sobig.E@mm W32.HLLW.Fizzer@mm SQLExp.Worm Symantec Security Alert Web Site McAfee Security Web Site Ontrack (V-Com) Security Web Site

W32.Klez.H@mm Discovered on: April 17, 2002 Last Updated on: January 22, 2003 06:44:11 PM The W32.Klez.H@mm worm is a modified variant of the W32.Klez.E@mm. This variant can spread by email and network. Payload: This worm infects executables, by creating a hidden copy of the original host file, and then by overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension. Large scale e-mailing: This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. Releases confidential info: Worm randomly chooses a file from the machine to send with the worm to recipients. As a result, the email message would have two attachments, the first being the worm and the second being the randomly selected file. "Random" strings in the subject can be: Worm Klez.E immunity, Undeliverable mail--"[Random word]", Returned mail--"[Random word]", a [Random word] [Random word] game, a [Random word] [Random word] tool, a [Random word] [Random word] website, a [Random word] [Random word] patch, [Random word] removal tools, how are you, let's be friends, darling, so cool a flash,enjoy it, your password, honey, some questions, please try again, welcome to my hometown, the Garden of Eden, introduction on ADSL, meeting notice, questionnaire, congratulations, sos!, japanese girl VS playboy, look,my beautiful girl friend, eager to see you, spice girls' vocal concert, japanese lass' sexy pictures,

Please, update your anti-virus software at least once/week and pay attention to all microsoft oprerating system patches. You need to do both things to avoid infection. Remember to back up all data & work product each week too. You don't have much warning of a hard drive failure (having nothing to do with bugs) and redoing three months of quickbooks will make you wish you were in Brown County State Park!!!

(c) log cabin web design 1998-2006 all rights reserved