|
Security Issues
This page covers a broad range of issues related to
security and use of the Windows XP operating system. I
considered spreading this material out over a number of
different sections, but in the end I decided it would be
easier to keep it all grouped together.
Last year Microsoft announced
they were instituting a monthly schedule for releasing
security updates, choosing the second Tuesday of each month
as the release date. I can understand why they'd like to
standardize the date, and in theory it would be convenient
for users to set a second Tuesday schedule to check for
updates, but come on; this is security we're talking about.
Security is a daily affair, not something that can be
relegated to a schedule, especially if it's a critical
issue. Thankfully, common sense seemed to prevail and part
of the new policy includes releasing updates off schedule
(immediately) if they address a threat of imminent danger.
Check the
Microsoft Security homepage for the most up to date
information.
It’s
difficult to keep up with all the service
packs, hotfixes, rollups and whatever other names the updates
for XP are going by these days. Even users that religiously
visit Windows Update to keep their systems current may have a
hard time determining if everything has been updated
properly. Just because the update was installed it doesn't
necessarily mean the installation was completed
successfully. A utility offered as a free download from
Microsoft called Qfecheck can help in verifying the proper
installation of Windows XP hotfixes.
Article
Windows Security Updates |
Miscellaneous XP Issues
| Worm and Trojan
Information | Internet Scams
Windows Security
Updates
July 2005 Second Tuesday "Critical"
Windows Patch
It's Tuesday, July 12, 2005 and that means
it's time for another round of security patches. According
to Microsoft, two security bulletins and fixes will be
released today and one of them carries a "Critical" rating.
There will also be a new version of the Malicious Software
Removal Tool released today. If you don't have Windows
Update set to automatically take care of the update process,
remember to visit Windows Update and see if you want to
install the scheduled patches.
June 2005 Second Tuesday "Critical"
Windows Patch
It's Tuesday, June 14, 2005 and that means
it's time for another round of security patches. According
to Microsoft, seven security bulletins and fixes will be
released today and one of them carries a "Critical" rating.
There will also be a new version of the Malicious Software
Removal Tool released today. If you don't have Windows
Update set to automatically take care of the update process,
remember to visit Windows Update and see if you want to
install the scheduled patches.
Tuesday 3/08/2005 - Today is the second
Tuesday of March, the day when Microsoft releases the new
security updates for the month. Where are they? Grab onto
something sturdy in case you're still reeling from the
twelve (12) updates released in February. Microsoft states
on the TecNet site, "Microsoft has no new security bulletins
to release as part of the monthly release cycle for the
month of March." I've read in a number of different places
on the web that Microsoft said March updates were being
skipped because it's conducting additional tests on pending
security fixes. I have no way of knowing if that's true or
not, but the fact remains there are no new Second Tuesday
Updates.
For those of you that try and stay on top of
upcoming security patch releases, visit the
Microsoft Security Bulletin Advance Notification
Announcement page where you can sign up for the
Microsoft Security Notification Service: Comprehensive
Version e-mail notification service. It provides e-mail
notification of upcoming security bulletins and timely
notification of any minor changes to previously released
Microsoft Security Bulletins.
Tuesday 2/08/2005 - The new updates for
February 2005 have been released. They are available on the
Windows Update page. The list of updates is below and
you can obtain detailed information for each by clicking on
the update number. There are a total of twelve (12) updates.
Microsoft uses a rating system to rank the
importance of updates and emphasize how essential they feel
it is for users to install them to secure their systems.
Critical updates are displayed in red, Important updates in
green, and Moderate updates in purple. Your individual
system may or may not require all of the updates depending
on configuration and installed applications.
Additional information is available at
Windows Security Updates Summary for February 2005 which
includes links to relevant Knowledge Base articles.
-
MS05-015:
Vulnerability in Hyperlink Object Library Could Allow Remote
Code Execution (888113)
-
MS05-014:
Cumulative Security Update for Internet Explorer (867282)
-
MS05-013:
Vulnerability in the DHTML Editing Component ActiveX Control
Could Allow Remote Code Execution (891781)
-
MS05-012:
Vulnerability in OLE and COM Could Allow Remote Code
Execution (873333)
-
MS05-011:
Vulnerability in Server Message Block Could Allow Remote
Code Execution (885250)
-
MS05-010:
Vulnerability in the License Logging Service Could Allow
Code Execution (885834)
-
MS05-009:
Vulnerability in PNG Processing Could Allow Remote Code
Execution (890261)
-
MS05-008:
Vulnerability in Windows Shell Could Allow Remote Code
Execution (890047)
-
MS05-007:
Vulnerability in Windows Could Allow Information Disclosure
(888302)
-
MS05-006:
Vulnerability in Windows SharePoint Services and SharePoint
Team Services Could Allow Cross-Site
- Scripting and Spoofing Attacks (887981)
-
MS05-005:
Vulnerability in Microsoft Office XP could allow Remote Code
Execution (873352)
-
MS05-004:
ASP.NET
Path Validation Vulnerability (887219)
For those of you that try and stay on top of
upcoming security patch releases, visit the
Microsoft Security Bulletin Advance Notification
Announcement page where you can sign up for the
Microsoft Security Notification Service: Comprehensive
Version e-mail notification service. It provides e-mail
notification of upcoming security bulletins and timely
notification of any minor changes to previously released
Microsoft Security Bulletins.
Tuesday 1/11/2005 - The new XP updates
for January have been released and are now available on the
Windows Update page. The first update is
Microsoft Security Bulletin MS05-001 - Vulnerability in HTML
Help Could Allow Code Execution (890175). Microsoft
states in the Executive Summary of the linked MS05-001
Bulletin
This update resolves a
newly-discovered, publicly reported vulnerability. A
vulnerability exists in the HTML Help ActiveX control in
Windows that could allow information disclosure or remote
code execution on an affected system. This vulnerability is
documented in the Vulnerability Details section of this
bulletin.
If a user is logged on with
administrative privileges, an attacker who successfully
exploited this vulnerability could take complete control of
an affected system. An attacker could then install programs;
view, change, or delete data; or create new accounts with
full privileges. Users whose accounts are configured to have
fewer privileges on the system could be less impacted than
users who operate with administrative privileges.
We recommend that customers install the
update immediately.
Also see:
Microsoft Security Bulletin Summary for January, 2005
( For Home Users )
The second update is
Microsoft Security Bulletin MS05-002 - Vulnerability in
Cursor and Icon Format Handling Could Allow Remote Code
Execution (891711). Microsoft states in the
Executive Summary of the linked MS05-002
Bulletin
This update resolves several
newly-discovered, privately reported and public
vulnerabilities. Each vulnerability is documented in this
bulletin in its own Vulnerability Details section.
An attacker who successfully exploited
the most severe of these vulnerabilities could take complete
control of an affected system, install programs; view,
change, or delete data; or create new accounts that have
full privileges.
We recommend that customers apply the
update immediately.
The third update is
Microsoft Security Bulletin MS05-003 - Vulnerability in the
Indexing Service Could Allow Remote Code Execution (871250).
Microsoft states in the Executive Summary of
the linked MS05-003 Bulletin
This update resolves a
newly-discovered, privately reported vulnerability. The
vulnerability is documented in the Vulnerability Details
section of this bulletin.
An attacker who successfully
exploited this vulnerability could take complete control
of an affected system. An attacker could then install
programs; view, change, or delete data; or create new
accounts with full privileges. While remote code
execution is possible, an attack would most likely
result in a denial of service condition.
We recommend that customers
consider applying the security update.
Microsoft uses a rating
system to rank the importance of updates and emphasize how
essential they feel it is for users to install them to
secure their systems. MS05-001 and MS05-002 are rated
"Critical" and MS05-003 is rated "Important" to system
security.
Tuesday 1/11/2005 - Today,
Microsoft released the Malicious Software Removal Tool -
January 2005 (KB890830). Microsoft states:
"The Microsoft Windows
Malicious Software Removal Tool checks computers running
Windows XP, Windows 2000, and Windows Server 2003 for
infections by specific, prevalent malicious
software—including Blaster, Sasser, and
Mydoom—and helps remove any infection found. When the
detection and removal process is complete, the tool displays
a report describing the outcome, including which, if any,
malicious software was detected and removed."
A description of the tool and
how to obtain and run it, including screen captures, is on
the Malicious
Software Removal Tool page.
Tuesday 1/11/2005 - Microsoft
also released today the Malicious Software Removal Tool -
January 2005 (KB890830). Microsoft states:
This tool checks your
computer for infection by specific, prevalent malicious
software (including Blaster, Sasser, and Mydoom) and
helps remove any variants found. You should also use an
antivirus product to remove other malicious software
that may be present.
The Malicious Software
Removal Tool may be obtained via Windows Update or if you
prefer to download it separately and run it in a separate
User Interface (UI), go to
Microsoft® Windows® Malicious Software Removal Tool
(KB890830) and click the Download link.
Also see:
The Microsoft Windows Malicious Software Removal Tool
helps remove specific, prevalent malicious software from
computers that are running Windows Server 2003, Windows
XP, or Windows 2000.
Call it Super Tuesday, Update Tuesday,
Tuesday from Hell, The Tuesday that Breaks XP, or whatever
other name you like, this coming Tuesday ( January 11, 2005
) Microsoft will be releasing the next group of patches for
Windows operating systems. Given all the attention that
Internet Explorer vulnerabilities have been receiving
recently, it's expected that some of the patches to be
released will address widely reported issues that could
compromise user systems. According to a
Microsoft Security Bulletin Advance Notification issued
January 6, 2005, the Microsoft Security Response Center is
planning to release " 3 Microsoft Security Bulletins
affecting Microsoft Windows. The greatest maximum severity
rating for these security updates is Critical. These
security updates may require a restart."
For those of you that try and stay on top of
upcoming security patch releases, visit the
Microsoft Security Bulletin Advance Notification
Announcement page where you can sign up for the
Microsoft Security Notification Service: Comprehensive
Version e-mail notification service. It provides e-mail
notification of upcoming security bulletins and timely
notification of any minor changes to previously released
Microsoft Security Bulletins. Second Tuesday or Super Tuesday?
Tuesday, July 13, 2004 - I was feeling a
little down in the dumps recently. The Mega Millions lottery
jackpot hit $290 million and I'd reconciled myself to the
fact I'd have to endure a press conference to collect the
winnings. No sooner than the six numbers were drawn my
ticket value plummeted from $1 to less than a single sheet
of toilet paper. Imagine my disappointment. However, I knew
the Second Tuesday of July was approaching, so there was
hope. Not to be disappointed, XP users have hit the jackpot
this month. The
Windows Security Updates for July 2004 is just chock
full of updates for Windows XP - and they're free. You don't
even have to spend a dollar to participate. Just visit
Windows Update and claim your fair share of the
vulnerability jackpot.
And, as if that wasn't enough, there is a
bonus. There have been numerous reports today of additional
vulnerabilities that will require security updates so the
second Tuesday in August is also looking good, especially
since other reports have pushed the release of Service Pack
2 (SP2) back to sometime in August rather than the
anticipated July release date. Here are some additional
links to whet the security appetite.
Secunia - Microsoft Internet Explorer Multiple
Vulnerabilities
Secunia - Microsoft Internet Explorer 6
eWeek - IE May Share Shell Hole Found in Mozilla
eWeek - Two Critical Fixes Top MS List for IE, Outlook
Express Bugs
Microsoft Watch - Microsoft Delays By a Year Delivery of Two
New Patching Systems
| Important Reminder - The
other day I ran across a user installing program
updates. When the update finished, a dialog box
appeared stating that to complete the update
process the system had to be restarted. It
offered to either restart now or click Cancel to
restart later. The user selected Cancel,
finished up a few other tasks, then hit the
sleep button on the keyboard. Unfortunately, all
that did was put the system into standby mode.
It looks like a restart, but it isn't. Whenever
you install updates that require a restart, use
the Start Button > Turn Off Computer > Restart
method rather than using Standby or Hibernation.
There are a lot of little operating system
housekeeping chores that get missed if you don't
complete a full system restart. |
Windows Security Updates for June 2004
06/08/2004 - It's the second Tuesday of
June and we all know what that means; security updates. I'm
not real sure what's going on this month. It could be that
very few things are still broken with XP or associated
programs, or things that are still broken aren't being
reported and addressed, or maybe the updates have been
rescheduled so they synchronize with the transit of Venus
across the sun. If the latter is the case then I'll see you
again in 2012 with the next security update. While the month
passes and we await the outcome you might as well go ahead
and visit
Windows Security Update for June 2004 and see if your
system is at risk. There is only one update; issues in
DirectPlay, a networking application programming interface.
05/16/2004 - It's a rather sad commentary
on the state of the internet and Windows XP, but there are
probably more news articles these days about security
updates, viruses, worms, trojans, and other security issues
than any other topic. For the last few months I've tried to
post notices about the most recent XP security issues and
viral outbreaks on the TEG homepage. The most recent item
will remain here in the New and Recent Additions sections
while previous items will be archived on the
Security Information
page. A link is provided under the Security and Updates
section header.
Windows Security Updates for May 2004
05/11/2004 - Another second Tuesday of the
month, another update release from Microsoft. I wonder if
there will ever be another second Tuesday when there isn't a
security update? All I know is this cycle is becoming mighty
damn boring. Update, try and use system for a few days, wait
for the update to fix the update, try and use system again,
wait for disclaimers from everyone saying it's not their
fault systems are broken and by that time it's the second
Tuesday again. Whatever. So, here are the links you might
want to look at if you even care about security details
anymore, or just head on over to Windows Update and let it
take your system for a ride.
Windows Security Update for May 2004
Microsoft Security Bulletin MS04-015
The security update that is documented in Microsoft Security
Bulletin MS04-015 does not install correctly if the Help and
Support service is disabled
Windows Security Updates for April 2004 04/13/2004 -
This month the bulletins involved are
MS04 - 011,
MS04 - 012,
MS04 - 013, and
MS04 - 014. The MS04 - 013 update involves Outlook
Express which you may or may not be using, but visiting
Windows Update will allow the scanning process to
determine what updates are needed for your individual
situation.
Windows Security Updates for February 2004
08/20/2003 - Two new Critical Updates were issued today, August 20,
2003, available at
Windows Update.
- August 2003, Cumulative
Patch for Internet Explorer 6 Service Pack 1
(822925)
Download size: 2.1 MB
Security issues identified in Microsoft Internet Explorer
(IE) could allow an attacker to compromise systems with IE
installed (even if IE is not used as the Web browser). For
example, an attacker could run programs on a computer used
to view the attacker's Web site. Download this update from
Microsoft to help protect your computer. After installation,
you may have to restart your computer.
- Security Update for
Microsoft Data Access Components (823718)
Download size: 1.6 MB
An identified security issue in Microsoft Data Access
Components could allow an attacker to compromise a Microsoft
Windows-based system and then take a variety of actions. For
example, an attacker could execute code on the system. By
installing this update, you can help protect your computer.
After you install this item, you may have to restart your
computer. Once you have installed this item, it cannot be
removed.
02/03/2003 - Microsoft released an updated version of the Windows XP
Service Pack 1 that doesn't include the company's own
version of Java. The revised service pack, version 1a,
removes Microsoft's Java Virtual Machine (JVM) that has been
the center of substantial controversy. Additional
information regarding Service Pack 1a is available from the
following links. For those still interested in Service Pack
1, I ran across a notice on the Microsoft site the other day
stating SP1 was no longer available for download; only SP1a
is presently available for download.
Windows XP Service Pack 1a - Complete Information
Express Installation |
Network Installation
Windows XP Service Pack 1 and 1a Frequently Asked Questions
(FAQ)
Knowledge Base Article 813926: Differences Between Windows
XP SP1 and Windows XP SP1a
KB Article 322389: How to Obtain the Latest Windows XP
Service Pack
Windows XP Post-SP1 Hotfixes
KBArticle 324722: Release Notes for Windows XP Service Pack
1 and Service Pack 1a
Miscellaneous XP
Issues
I've talked about Windows
Update in numerous articles on this site. It's a valuable
resource for keeping your system protected. Another equally
valuable resource is the
HotFix & Security Bulletin Service provided by
Microsoft. Unlike Windows Update which is specific to the
operating system installed on the system accessing the site
(this can be overcome by using the
Windows Update Catalog), HotFix and Security Bulletin
Service is all Microsoft encompassing. By specifying the
Microsoft product being run and the service packs installed,
the list returned is filtered to include only the applicable
HotFixes and Security Bulletins. There is also a link that
allows you to sign up for the Microsoft Security
Notification Service; an e-mail advisory when new HotFixes
and Security Bulletins are released. The downside of the
notification service is it requires a Microsoft Passport to
register for the advisories.
In a perfect world there
wouldn't be any need for updates and patches, nor would the
ones we install cause other aspects of the operating system
to break. Since we don't live in a perfect world, it would
be a good idea to bookmark the
Issues After You Install Updates to Internet Explorer or
Windows page that lists many of the user reported
problems that have occurred after installing patches and
updates. The page is regularly updated and provides a good
jumping off point when an unexpected behavior occurs post
update installation.
Is it just me or is everyone out there
getting really tired of the constant stream of security
flaws? This week it's Internet Explorer 6's turn. Seven new
flaws have been reported by some Chinese researcher, the
information posted to public mailing lists as reported by
this CNN news story. Another
story on CNET about the same flaws advises switching off
active scripting in Internet Explorer until a patch becomes
available, or to use a non-IE browser until the flaws have
been addressed. If you decide to go the disabling route
there is a link in the CNET story to CERT (Computer
Emergency Response Team) with information on how to disable
Active X scripting. As I was reading the articles I felt a
little -rant- coming on but decided it was better suited for
the Commentary page.
With all the attention security issues have
been receiving lately a lot of users wisely (finally)
decided to invest some money in anti-virus and firewall
programs. There were also a lot of users that decided it was
cheaper to save the monetary investment and use pirated
versions of the programs. This no doubt played a role in the
decision of Symantec to include product activation
technology in their latest offerings. Unfortunately the
protection scheme took a turn for the worse for many users
that purchased a legitimate product, malfunctioning and
causing users to be asked for the activation code on each
reboot. Granted, it was a small percentage of users that
were inconvenienced, but if you fell into the group it got
worse. Symantec was unable to quickly isolate the problem or
provide a fix. To say there were a lot of unhappy Symantec
customers would be an understatement. According to Symantec
the problem has now been identified and the article
Norton Internet Security, Norton AntiSpam, or Norton
Personal Firewall prompts to activate whenever the computer
restarts contains the fix that can be downloaded. There
is also
Norton AntiVirus 2004 prompts to activate whenever the
computer restarts that is directed at the stand alone
version of Norton AntiVirus 2004. It looks like the fix is
basically the same in both articles so hopefully one or the
other, depending on the product you purchased, should solve
the problem.
10/03/2003 -
What You Should Know About Microsoft Security Bulletin MS03-040
(828750)
Released today, 10/03/2003,
Microsoft states as to why they are releasing this patch, "A
number of security issues have been identified in Microsoft®
Internet Explorer that could allow an attacker to compromise a
Microsoft Windows®-based system and then take a variety of
actions. For example, an attacker could run programs on your
computer when you are viewing a Web page. This vulnerability
affects all computers that have Internet Explorer installed.
(You do not have to be using Internet Explorer as your Web
browser to be affected by this issue.) You should help protect
your computer by installing this update from Microsoft."
|
10062003 - Read
Before Installing the 828750 Update
I received an
e-mail today from TEG reader Ed P. regarding
this patch. A friend of Ed's contacted him for
some computer help shortly after Ed had
installed some Microsoft updates. Ed brought up
the Help and Support Center (accessible from
Start Menu) to do some research and was
surprised to find that when he clicked on the
Index icon that the index listing was missing. A
blank page was displayed where the full index
would normally display. Ed used System Restore and was able to restore
the Help and Support Center index function on two
XP Home boxes, one with SP1 installed and the
other with SP1a installed. Part of my response
to Ed is below.
Thank you for
sending along this information. I personally
hadn't encountered this issue so I went
looking for some information and ran some
checks on my machines. The primary XP Pro
box I run didn't seem to suffer any ill
effects from the update. As luck would have
it I was in the process of doing a clean
install of XP Pro on a different machine. I
ran the full Windows Update cycle after the
install completed and sure enough, when I
clicked the Index icon the index was totally
missing, so I did some investigating.
As with the
previous Internet Explorer cumulative
patches released with bulletins
MS03-004,
MS03-015,
MS03-020, and
MS03-032, this cumulative patch will
cause window.showHelp( ) to cease to
function if you have not applied the HTML
Help update. If you have installed the
updated HTML Help control from Knowledge
Base article
811630, you will still be able to use
HTML Help functionality after applying this
patch.
I then checked
a XP Home box and found that while the index
itself wasn't missing, some of the links in
the right hand pane were corrupted. I
honestly can't say when this happened or if
it was related to the 828750 download
because I seldom use that machine or the help
function. I tried the same download
mentioned above and it didn't solve the
problem, but I did check Add/Remove programs
and found an entry to remove the 828750
patch. Removing it had no effect so I'm
going to have to do some additional research
on this using a clean XP Home install on a
different box.
So, as a
precautionary measure you might want to
ensure you have System Restore enabled and
check the Help and Support Center after
installing the update to ensure it's
operating properly. If anyone has
had a similar experience or any additional
information to share regarding this issue
please send it along or post it in the forum
with a reference to this item.
|
Even if you decide not to install
this latest Critical Update, click the link above and look at
the updated Security & Privacy section Microsoft has created.
It's substantially more user friendly than previous versions and
includes a link to a section called
Protect Your PC that gives step by step directions on using
a firewall, updates, and anti-virus protection.
10032003 - Incomplete Internet
Explorer Patch ?
It appears there is growing concern
about a patch that was released by Microsoft in mid-August
addressing vulnerabilities in Internet Explorer. According to
the eWeek
article, the patch does not completely solve the problems it
was intended to address. Take a look at the article and pay
particular attention to the HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content
Type\application/hta registry key that is mentioned. It's
suggested that renaming or deleting this key can help in
preventing system exploitation. I'm neither endorsing or denying
the effectiveness of this action and strongly suggest you use
the rename rather than delete method if you choose to follow the
authors advice. Whatever decision you make, ensure you have a
backup of the registry key
before making any changes.
Microsoft Reworks Win XP Patch - Microsoft is revising a
security patch for Windows XP systems with Service Pack 1
installed after customers complained that installing the
patch slowed their systems to a crawl.
Spammers are
at it again, using the Messenger Service (not Microsoft
Messenger) to send pop up spam to networked computers using
open port scanning software. Instructions on eliminating
this nuisance are
here.
Virus,
Worm, and Trojan
Information
Sasser Worm
Strange Error Messages and
Continual System Rebooting? - Check for new 'Sasser' Worm
05/03/2004 - It's Monday morning and time for
the latest 'worm' alert. Remember the Blaster worm from a
few months ago? This latest worm has been dubbed Sasser and
is already spreading very quickly after first appearing this
past weekend. One of the most popular misconceptions, that a
user has to click on an attachment or take some other direct
action for a machine to become infected, is debunked by
Sasser. Allowing an unpatched and unprotected machine to be
connected to the internet is all that's necessary for
infection to possibly occur. The potential for harm from
this worm is so great that the Microsoft homepage (www.microsoft.com)
leads off with a link to a page that discusses Sasser and
the steps you need to take to secure your system. The page
is titled
What You Should Know About the Sasser Worm and Its Variants
and contains pertinent information related to Sasser, a tool
to check your system for infection, and links to various
anti-virus software vendor sites. Additional information is
available at
Windows Security Updates for April 2004.
The 'jdbgmgr.exe' Virus
05/03/2004 - With all the worms, viruses and
other nasty little creatures that appear on an almost daily
basis it was almost pleasant to see an e-mail arrive in my
inbox prompting me to follow instructions to clean my system
of the 'jdbgmgr.exe' virus. You may remember this one from
back in early 2002 when it made the rounds. Before you get
nervous and go checking to see if your system has been
infected, this was a hoax from day one. If you get an e-mail
referencing the 'jdbgmgr.exe' virus just enjoy the laugh
while deleting the message. However, if you're one of the
paranoid (and yes, they are coming to get you)
then take a look at
this Symantec page for a flashback to this file hoax of
the past.
A number of questions have
arrived in reference to the instructions on the Microsoft
page
What You Should Know About the Mydoom Worm, specifically
the section dealing with how to tell if a computer is
infected with Mydoom.B worm. The article provides
instructions for searching the computer for the ctfmon.dll
file. If found, the system is infected with Mydoom.B, but it
seems a number of people are just searching for ctfmon,
leaving off the .dll extension. On many systems this will
return a search result for ctfmon.exe, a totally different
file from ctfmon.dll and not one associated with the
Mydoom.B worm. The article
OFFXP: What Is CTFMON and What Does It Do? explains what
ctfmon.exe is and why it may exist on your system. It's easy
to mistake one file for the other, especially if the system
is configured so file name extensions are not displayed. Use
caution.
Beagle-A Worm
Keep an eye on your e-mail inbox for the arrival of the
newest worm, Beagle-A, typically carrying the subject line
"Hi" with an attachment. The name of the sender is often
times spoofed, as I can verify, because I've already
received e-mails asking why I'm sending this worm out. Rest
assured I'm not spreading any worms. Chalk it up to spoofing
and just delete the message. Also known as Bagel-A the worm started appearing on Sunday,
January 18, 2004 and is working its way throughout the
internet. A lot of comparisons are being drawn between
Bagel-A and the Sobig virus of 2003, including a built in
expiration date that normally signals new, updated versions
will be released on a timetable. If you haven't already done
so, now would be a good time to ensure your Anti Virus,
Firewall, and Windows Updates are all current and pay
particular attention to keeping them current over the coming
days. The latest information
regarding this threat and others is available from the
Latest Virus Threats page on the Symantec site as well
as on many other vendor sites. As always, do not open an
attachment unless you were expecting it and it's sent by a
trusted source.
Swen Virus Tries to Pass as Microsoft
Patch
09/19/2003 - Here we go again with the next
virus to make the rounds on the internet. This time it's called
Swen [w32.swen@mm, also known as Gibe] and in
one distribution method comes to you bearing the Microsoft name
in the subject line of the e-mail message. Today alone I've
already received versions using subjects of Internet Security
Patch, New Net Critical Pack, no subject at all, and just plain
Microsoft. The 'from' lines have included Microsoft, Microsoft
Security Division, Microsoft Security Assistance, and Microsoft
Security Bulletin - all of which are bogus. All of the messages
include an attachment to try and trick users into
'updating' when in reality it's just another virus.
In light of the
recent Blaster and Sobig worm escapades I'd like to think more
users will have updated their systems via Windows Update and
ensured both virus and firewall programs have the latest updates
installed. This
article on ZDNet discusses the Swen virus and contains a
link to the legitimate Microsoft patch that the virus tries to
exploit, or you can go directly to
Microsoft Security Bulletin [MS01-020] for more information
on how to protect your system with a direct link to the patch.
Note: A number of
users have written to ask how they can identify a legitimate
patch that is sent from Microsoft. The answer is simple; there
is no legitimate patch that is sent out from Microsoft by
e-mail. They do not distribute security patches by
e-mail, period.
Internet Scams
'Phishing' Scam
Have you ever heard the term 'phishing' used in relation to
computer scams? Years ago, I think it was the second day I
had an account with AOL, a message popped up on the screen
stating there was a problem with my account and AOL needed
to verify my credit card information. All I needed to do was
enter the card information in the convenient little message
box and all would be well with the account. Even back then
the process of trying to gather personal information by
unauthorized means was known as phishing.
Being a suspicious person by nature I didn't bite in
spite of the dire warnings my account would be suspended or
cancelled, but I wonder how many did take the bait and send
off the requested information. Phishing has
been going on for years. Only the level of sophistication
and methods employed have changed. Because e-mail has become
so popular it only stands to reason it would become a
popular vehicle for phishers to deliver their scams. If
you're online and have an e-mail address you can be targeted
by phishers. The scam e-mails are spammed to millions of
users in the hope that users with an account at the targeted
organizations will respond. The question is, how do
you recognize when you're the target of a phishing
expedition and what steps do you take to avoid being taken
in by the scams. The article is
here.
|
