[Groop] OT: Long Virus stuff

Scott scott at knyght.net
Mon Jan 19 14:30:49 PST 2004 

Its hard to tell how the virus got on your system, there is no one answer. You
or someone else on your computer might have activated it, or it might have been
triggered on its own. (There is no answer at the bottom of this long email
either, just more explaining on what might have happened and some tips)

While the virus writers are getting smarter at spreading their pollution,
Microsoft is making it easier for them to do this because users want computers
to be easier. Outlook is now doing more "for" you to make email easier or more
enjoyable. It will auto open attachments, display html with all those pretty
fonts and pictures, run scripts, all with out you needing to do anything. The
virus just has to show up as something Outlook recognizes and it will run the
script for you. Since Microsoft is 90% or more of the computers out there, most
viruses are written to attack MS products (Windows, Office, Outlook). One thing
to make yourself less vulnerable is to get non Microsoft stuff, a virus can load
on your computer and spit out emails with out you knowing it, not showing up in
your outbox. The virus could also enter your computer thru other means, that
joke someone sent out had a backdoor virus, an exploit in windows (if you have
not ran the windows update in the last month), am infected word document or
powerpoint came in and spread to your system. Eudora is not as vulnerable to a
virus attack, but it still has its holes. TheBat has not had a virus effect them
yet.

Attachments: More and more of them are becoming "live code" to easy. A script,
bat file, exe, com, these all will do something. Word/Excel/Powerpoint/Outlook
now have build in macro functions so when they open, they can infect your
computer. So what is safe? Jpg and Gif files?? Not really (anymore). There was a
new "proof of concept" done showing that an HTML virus with a java script
intentionally mislabeled as picture.jpg, when opened with Internet Explorer,
will infect a computer. IE expects a JPG file and reads it, sees the HTML header
and starts to process it as an HTML file, then runs the scripts with in and POW
you are ZAPPED. (do not know if a virus is out that does that yet) That fix is
do not use Internet Explorer to view GIF and JPG pictures, use something that
does not understand HTML to view your pictures (and that is getting more rare to
find).
A virus can find its way on to your computer then send out an email with your
email address that includes an infected attachment, then we see its from you and
trust you do not send out bad stuff and we open it. Another email can get into
YOUR computer, spoof the address by picking an address (John Doe) out of your
email address book, send from your computer a virus attachment to Jane Smith
from John Doe, then John Doe gets all the flack for sending out a virus email
when your computer is really the one doing it. Its now to the point where you
almost have to ignore any attachment.

Your computer should be protected with:
     - a software firewall (yes, even if you have a NAT router)
         zone alarm - www.zonelabs.com (free and pro versions)
         kerio - http://www.kerio.com/kpf_home.html (free and pro versions)
         Norton Internet Security - http://www.symantec.com/sabu/nis/nis_pe/index.html
         Mcafee - http://us.mcafee.com/root/catalog.asp
         
     - antivirus programs (weekly updates)
         Norton - http://www.symantec.com/nav/nav_9xnt/
         Mcafee - http://us.mcafee.com/root/catalog.asp
         AVG -  http://www.grisoft.com/us/us_index.php (free)
         House call - http://housecall.antivirus.com/ (free)
         
     - anti spam program
         Popfile - http://popfile.sourceforge.net/ (free)
         Spam Pal - http://www.spampal.org/
         Norton Internet Security - http://www.symantec.com/sabu/nis/nis_pe/index.html

     - anti spyware program (if you have not ran one of these, I bet you have
     over 100 spying programs/cookies on your system if not more)
         Adware - http://www.lavasoftusa.com/
         Pest Patrol - http://www.pestpatrol.com/

There are now tons of email programs out there and more on the way.  Outlook
Express is free with IE, Outlook comes with Office.  You can also get Eudora,
Agent(http://www.forteinc.com), TheBat (http://www.ritlabs.com/en/), or tons of
others.
         
IF you have broadband (cable or dsl) then I strongly recommend you get a NAT
Router. Linksys (http://www.linksys.com/edu/) and Netgear
(http://www.netgear.com) make some nice ones for under $50 that will allow you
to plug in 4 or more computers into a hub, or under $70 to get wireless as well.
These routers will help protect your computer on the internet. I have not seen
an ISP yet that does not support these (I hear they are out there, just have not
seen one) and whats nice is with this router, you do not have to use any of the
ISP software or special plugins. Network Address Translation (NAT) Technology -
Prevents hackers from seeing (and attacking) your network address while you're
surfing the web.

SO, this is whats safe?  Nope, even these will come under attack with time.
(http://kbserver.netgear.com/kb_web_files/n101208.asp)

86 lines of email later, there is no answer.  Once I give you the answer, it
will not apply to the next virus.  Run your Windows, Antivirus, Antispam,
Antispy, Router updates regularly.

The internet is still in its "wild west" phase where anything goes, changes are
on the horizon to change that, but also watch some of your freedoms go with it
also, you and your dog won't get to wander the lands for free anymore.

More information about the Groop mailing list