Windows-Help.NET Newsletter 08 Dec. 2001, Vol 4 No. 49

In this issue:

w   Clueless users hit by another worm
w   Microsoft's Outlook Express 6 "E-mail attachment
     security" Flawed

w   Featured Software: DU Meter
w   Web Site Updates
w   Administrivia


  Clueless users hit by another worm

by Arie Slob

Hello Windows users,

Here we go again.....

After the recent spate of Badtrans.B infections, a new worm made its presence felt this week. Known by the name "Gone" or "Goner", it is a simple Visual Basic program. And it uses what still seems to be the best way to get people to spread the virus and infect themselves: Social engeneering.

The only way the virus can be activated is if the attachment from an infected e-mail is run. The e-mail will typically be from a person you know, but both the subject as the body of the message are dead giveaways. The subject simply reads Hi, and the body reads: How are you? When I saw this screensaver, I immediately thought about you. I am in a harry[sic], I promise you will love it. Attached is a file called Gone.scr which is a copy of the virus. The *.scr (normally a screen saver extension) extension tricks the curious into running the file.

When run, the worm attempts to shut down several known Anti Virus software systems and Firewall software such as AtGuard's Personal Firewall, ConSeal's PC Firewall, Kaspersky Lab's AVP, Network Associates' McAfee VirusScan, Symantec's Norton Antivirus, Zone Labs' ZoneAlarm and others by deleting the executable file and all files contained within the same directory and subdirectories where the given file resides. If the files are in use and cannot be deleted, the file %SYSTEM%\Wininit.ini is created, and is used to delete the files when the computer restarts.

It will spread by mailing itself to the contacts listed in the infected user's Outlook Address Book. The worm also attempts to send itself through ICQ if it is installed on an infected computer. The worm sends file transfer request to a contact of an infected user who appears to be on-line (in any mode) and if that person approves file transfer, the worm sends its file to that person. This way all ICQ contacts of an infected user will get the worm.

If IRC is installed, this worm can also insert mIRC scripts that will enable the computer to be used in Denial of Service (DOS) attacks. The IRC channel used for controlling the worm is currently blocked by IRC Operators preventing this functionality.

The rate and speed of the infection shows that users are still opening any file sent to them without a second thought. Do I think this is ever going to change? No, I do not.... My "diatribe" last week was mainly due to the fact the automatic running of this virus could have been prevented if the correct system update had been installed. This latest worm just shows that I shouldn't have bothered about it.....

And yes, I do agree, Microsoft is largely to blame for their lack of security in Outlook & Outlook Express. They are slowly changing this, but it is going to take years before the majority of users will run the latest (and more secure) software. And as you can see in the article below, Microsoft still doesn't get it right.....

  Microsoft's Outlook Express 6 "E-mail attachment
  security" Flawed

Microsoft added a security setting to Outlook Express 6: Do not allow attachments to be saved or opened that could potentially be a virus. This setting is not enabled as default, but Microsoft is suggesting it in this document entitled Using Virus Protection Features in Outlook Express 6.

I had even suggested myself that this should have been set as default, to reduce the number of worms spreading, due to the fact that most people just seem to open any and all attachments they receive, without giving it a second thought.

But this week I was contacted by David McSpadden, a Network Administrator from the Indiana Members Credit Union, who asked me for some advice on a problem he seemed to be having: When he tried to forward an e-mail with a "blocked" attachment, the attachment becomes available to be run or saved!

I did a little test myself, and must admit that he is right. That renders this "security" option useless.

When contacted, a person from Microsoft's Security Response Center wrote in an e-mail: "The capability to forward an email with an attachment is a feature in Outlook Express that is by-design. As you mention, Outlook Express does allow the blocking of unsafe attachments.

It looks like Outlook Express successfully blocked the attachment in the Inbox for David McSpadden.

It is important for users to recognize that greyed-out attachments are not safe to be opened and, users should be deleting, not forwarding an email with a greyed-out attachment."

Do I need to say more??? (It's a "feature" not a bug!)

Rose City Software

DU Meter

"I just had to tell you about DU Meter, this great little utility that monitors my new DSL connection 24/7. A quick glance always tells me if a download is finished, stuck, or still in progress, and if my connection is working right. My desktop just wouldn't be the same without it!"

Web Site Updates

These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.
Added: Users to Lose Personal Information Management Features
Added: Faster Systems = Increasingly Power-Hungry Super Processors
Added: Gator's Pop-Up Advertising Under Fire

Added: Office XP for $150?
Added: Microsoft's Outlook Express 6 "E-mail attachment security" Flawed

Windows XP
Added: Save Windows Update Downloads
Added: Disable Search Assistant
Updated: Frequently Asked Questions (FAQ)

  Highlights Users to Lose Personal Information Management Features

Palm users should retrieve any personal data stored online before it is deleted January 10th.

Read Full Article

Faster Systems = Increasingly Power-Hungry Super Processors

Does upgrading always mean hotter systems and the need for stronger power supplies?

Read Full Article

Gator's Pop-Up Advertising Under Fire

It's just Gator's advertising practices that have caused the ire, other pop-ups and pop-unders okay.

Read Full Article

Systems Administrators

Systems Administrators

Enter E-mail address
HTML E-mail?
Yes No
Zip Code:

Subscribers to these free lists will receive occasional e-mail announcements of special offers relating to each topic of interest indicated above!

Office XP for $150?

"Educational version" of Office XP Standard shows up in retail stores.

Read Full Article

How to Display Detailed Error Messages in Windows Me

Windows Me error messages do not display component and register information by default. Follow the instructions in this article for more detailed error messages.

Read Full Article

Windows 98 Tip: Restore Windows 95 like cascading menus to the Start Menu

Windows 98 changed the behavior of the menu's under the Start Menu. In Windows 98, when a menu is to tall to fit on your screen, you will see a scroll arrow at the bottom, allowing you to scroll further down. To restore Windows 95-like behaviour in Windows 98, check out this tip.

Read Full Article

Tell a friend about this Newsletter!

Need Help with Windows? Ask questions here!

FREE E-mail address!

FREE Software!

  Web Site

Support BBS
Windows 95
Windows 98
Windows Me
Windows 2000
Windows XP
IRC Info
'Net Humor
Search Engines
Shareware Links
Software Store
TechFiles Index
Web Design

Rose City Software
RCS Summaries
Be a Beta tester
List With Us

  Subscribe Free

IT Professionals
FREE Stuff
Windows XP
Windows 2000
Windows Networking
Small business owners
Internet Security
Network Management
Systems Administrators
Training & Certification

Lots More Great Mailing Lists!

Enter E-mail address HTML E-mail?
Yes No
Zip Code:

Subscribers to these free lists will receive occasional e-mail announcements of special offers relating to each topic of interest indicated above!

Back Issues, unsubscribing etc.