From: Mark Neely <[EMAIL PROTECTED]> - - - - - - - - - - - - - - - - - - - - Net-Alert 9 October 1999 If you have any questions, comments or other feedback concerning Net-Alert articles, contact the Editor at <mailto:[EMAIL PROTECTED]> Previous editions of Net-Alert are available at http://www.onelist.com/archive/net-alert Subscription and unsubscription details are available at the end of this newsletter. ____________________ Contents: ## Y2K virus fears ## Keeping passwords safe ## SiteJacking ## New Microsoft security update for IE ## Nasty virus doing the rounds ## "FreeLinks" script virus ## Virtual security consultant ## Snoopware goes mainstream ## Keeping track of computer bugs ## Hacker fightback! ____________________ Y2K virus fears First there were reports that contractors working on updating Y2K-prone computer software might deliberately introduce "back doors" so that they can access the system after the contract had expired. Now we have the latest Y2K risk: viruses cashing in on the confusion likely to reign over the New Year period. A new Trojan Horse program, being circulated by email, is doing the rounds. It purports to be a year 2000 countdown clock. Once it is run, it copies the user's Internet account details (passwords etc.). Another Trojan Horse alleges to be a "fix" from Microsoft Corp. Still another, W32/Fix2001, is circulated in an email messages purporting to be sent by the "system administrator" with advice that the software fixes a Y2K Internet problem. If launched, the virus attaches itself to all outgoing email messages (ala the Melissa macro virus). As usual, users are warned not to accept any executable code on its face value and to check its true origin. Keep in mind that few companies issue software updates by email (Microsoft certainly does not). ____________________ Keeping passwords safe Security systems are only as strong as their weakest link. In most cases, the weakest link is the human operator. Passwords are a classic example. Good practice mandates that passwords be difficult to guess and changed regularly. No user should use the same password for two or more systems. Passwords should not be written down. How many of us actually follow these rules to the letter? One of the main reasons why we don't is that passwords can be notoriously difficult to remember (especially if they are, as recommended, alphanumeric and comprised of words not found in dictionaries). Info-Keep offers a solution. It is a password management utility, which you can use to store your various usernames and passwords, login details etc. The data stored by Info-Keep is encrypted, so all you need to remember is the Info-Keep password. The others can be safely forgotten until you need to use them. URL: Info-Keep http://www.password-creator.com/ ____________________ SiteJacking SiteJacking has made the news lately (in response to several Australian scammers being raided by authorities). SiteJacking is a fairly straightforward scam, so we will no doubt see a lot more of it. Basically, a scammer visits a legitimate Web site, copies data and graphics from the site, and then creates a replica of the Web site (either on their own host or, more likely, using a free Web page hosting service). The scammer then submits the URL of their fake Web site to a number of Search Engines, which proceed to index them. When an unsuspecting user searches for the legitimate site, the results may include links to the fake site. Most users don't check the URLs of matched sites displayed in Search Engine results - they just click on the hyperlink provided. If they click on the hyperlink to the matching fake site, their Web browser is hijacked. The fake Web sites contain Java scripts which automatically divert the Web browser to a Web site specified by the scammer (generally porn sites). Furthermore, the Java code disables the Back button and also prevents the browser window from being closed. As I mentioned, this is a fairly trivial thing to achieve from a programming point of view. It will be interesting to see how Web browser publishers respond to the issue. URL: US Federal Trade Commission press release http://www.ftc.gov/opa/1999/9909/atariz.htm ____________________ New Microsoft security update for IE Microsoft Corp. has released a new patch for Internet Explorer that fixes various security holes reported in recent months. URLs: Microsoft Security Bulletins http://www.microsoft.com/security/default.asp Download site http://www.microsoft.com/msdownload/iebuild/dlbhav/en/dlbhav.htm ____________________ Nasty virus doing the rounds A new Word macro virus is doing the rounds. It spreads in much the same manner as the Melissa macro virus. However, this one has a particularly nasty "payload". After infecting a PC, it waits for around 163 hours (roughly 1 week) before Attacking the user's files. It does this by setting their file size to zero bytes, which renders the data that the files previously contained inaccessible. It attacks all files with the extensions .doc, .xls, .txt, .rtf, .dbf, .zip, .arj, and .rar on local hard disks. Unlike Melissa, the virus doesn't automatically send copies of itself via email. Instead it only attaches itself to messages that the user sends. URL: Network Associates Alert http://vil.nai.com/vil/vm10361.asp ____________________ "FreeLinks" script virus If you've been reading Net-Alert for a while, I'm sure you would agree that the Melissa macro virus has a lot to answer for, given the rash of new macro and script-based viruses that have spawned since its well publicised outbreak. The latest in what I imagine will be a very long line of copy-cat viruses is the LINKS.VBS virus. This virus arrives by email containing an attachment called LINKS.VBS (which is a visual basic script). If a user runs the attachment, a message box is displayed with the following text: This will add a shortcut to free XXX links on your desktop. Do you want to continue? Regardless of whether the user clicks "yes" or "no", the program creates a shortcut on the desktop named "FREE XXX LINKS", which points to a porn site. If the user has the Outlook mail program installed, it will send copies of itself to every user listed in the address book. The message has "Check this" as its subject, and contains the following text in the body of the message: Have fun with these links. Bye. URL: Network Associates Alert http://vil.nai.com/vil/vbs10225.asp ____________________ Virtual security consultant AskBub is an interesting implementation of "artificial intelligence" (AI) agentware. The site allows you to submit security related questions. The AI engine will then try to determine what your question relates to and supply an answer. It is a bit rough (most AI engines are), and it seems to have a limited knowledge base to work with, but it is fun and worth checking out. A good sign of things to come. AskBub http://www.askbub.com/ ____________________ Snoopware goes mainstream Put it down to the cynic in me, but you can almost always guarantee that when there is a puff piece in the news about the dangers of employees accessing porn sites in the office or emailing sensitive documents to the competition, it was inspired by a press release issued by a company selling snoopware - software that allows employers to monitor the computer activities of their employees. A good example is WinWhatWhere, which proffers the following pitch on its Web site about its Investigator software: Investigator watches and records everything about every window that gains the focus. It records every keystroke, program name, window title, URL, User and Workstation. Investigator's unique ability to invisibly monitor and record keystrokes in the context of computer activity make it ideally suited for the investigative needs of law enforcement, government, business, and private individuals. Companies may have legitimate needs to monitor certain activities by employees. But there is always a danger when management (often secretly) implements complete PC usage monitoring. It shows a lack of trust, a predisposition to tar all employees for the sins of a few and a general misunderstanding of appropriate computer resource policing. Poor morale is one thing, but false allegations are another. One of the primary problems with snoopware is that is often shows a distorted picture of what the user was actually up to. Innocent email messages might trigger false alarms. Web site URLs might not be adequately descriptive of their content, and lead to false assumptions. In a society where people tend to act first, think later, snoopware may lead to considerable angst and unrest in the workplace. ____________________ Keeping track of computer bugs With all the press given to Web site glitches and Web browser security holes, you'd be forgiven for turning your PC off forever and hiding it in a dark cupboard. BigFix is a new, free service that helps users keep ahead of the bug problem. Once you download and install BigFix's software, it will scan your PC and create a list of what software is installed. It will then scan its database of known bugs and fixes, and alert you to any issues that you need to address. It will also monitor your PC on a daily basis, and keep you apprised of any bugs should they arise. URL: BigFix http://www.bigfix.com/ ____________________ First there was the Hacker Crackdown...now it is the fightback Bruce Sterling took us for a wild ride in 1992 in his book _Hacker Crackdown_, which documented the computer counter-culture through the eyes of hackers, law enforement types and civil libertarians. If Sterling were to update his book today, he might call it _Hacker Fightback_, for it seems that the victims of computer crimes are starting to take the law into their own hands and strike back against the aggressors. Software tools that allow users to lob "digital grenades" back at those thought to be attacking their systems have long been available. But these were amateurish at best and largely useless against all but the novice computer criminal. It seems that the corporate world has raised the stakes, hiring their own computer security experts to trace and chase suspected hackers. That's not unusual in itself, until you take into account the fact that the end objective isn't to turn over the data to the appropriate authorities, but rather to take matters up with the criminals directly. MSNBC published an interesting article recently on this disturbing, if not growing trend. URLs: Hacker Crackdown (text) http://www.lysator.liu.se/etexts/hacker/ MSNBC article - http://www.msnbc.com/news/311611.asp?cp1=1 ____________________ Send a copy of Net-Alert to a friend. Forwarding this newsletter to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including the copyright notice. ____________________ If you received this copy of Net-Alert from a friend, you can subscribe by visiting the following URL: http://www.onelist.com/subscribe/net-alert or by sending a blank email to [EMAIL PROTECTED] To UNSUBSCRIBE, send a blank email to [EMAIL PROTECTED] ____________________ Net-Alert is copyright (c) Mark Neely 1999. Forwarding this message to friends and colleagues is encouraged, providing the message is forwarded in its entirety, including this copyright notice. - - - - - - - - - - - - - - - - - - - - --------------------------- ONElist Sponsor ---------------------------- Thinking about putting your business on the Web? MindSpring Biz has helped over 100,000 businesses get their .com. Join MindSpring Biz and save $50! <a href=" http://clickme.onelist.com/ad/mindspring3 ">Click Here</a> ------------------------------------------------------------------------