Windows-Help.NET Newsletter 31 Jan. 2004, Vol 7 No. 4

In this issue:

w   More Internet Explorer Problems
w   New "Mydoom/Novarg" Worm Breaks Record
w   Microsoft Security Guides
w   Recent Support BBS Postings
w   Web Site Updates
w   Administrivia

To eliminate unwanted email from ALL sources use SpamArrest!

More Internet Explorer Problems

by Arie Slob

Hello Windows users,

Microsoft's aging browser Internet Explorer (version 6 was first released in October 2001), is continuing to show that it needs a complete overhaul.

Last year in November, a Chinese researcher discovered multiple vulnerabilities in Internet Explorer (versions 5.01, 5.5 and 6) that were reported on the Secunia security Web site.

Microsoft has been reportedly working on issuing a comprehensive fix for these issues, but testing is taking a long time. This week Microsoft published a Knowledge Base Article under the title: Microsoft plans to release a software update that modifies the default behavior of Internet Explorer for handling user information in HTTP and HTTPS URLs.

This is going to create a number of problems, notably for Web site management software, which frequently uses the http(s)://username:password@server/resource.ext syntax Microsoft is planning to remove support for.

The move is a response to the increasing use of this technique to open a deceptive (spoofed) Web site by malicious users. Many of these involve fake AOL, PayPal or banking Web sites, where unsuspecting users are conned to part with their credit card & personal details.

According to a recent FTC report, 43 percent of all consumer fraud complaints are related to Identity theft.

Just a day after Microsoft published their announcement that a fix would be forthcoming, security Web site Secunia published another advisory, outlining a vulnerability in Internet Explorer that allows malicious Web sites to "spoof" the file extension of downloadable files. Internet Explorer can be tricked into opening a file with a different application than indicated by the file extension by embedding a CLSID (a long numerical string that relates to a particular COM object) in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.

This latest exploit seems to be far from new, however. Georgi Guninski reported a similar trick almost three years ago, which involved an embedded CLSID to trick you into believing you were opening a text file, when in fact you had opened a .hta (HTML Application - executable) file. Guninski informed Microsoft in April 2001, and the fact that this was never fixed may be an indication it is nearly impossible to fix (without breaking functionality that has been used for years).

New "Mydoom/Novarg" Worm Breaks Record

Well, unless you have been living under a rock this week, I'm sure you have heard about the latest email worm going around the Internet.

The worm is mostly known by the name "Mydoom", but some Anti Virus firms have called it "Novarg". It started spreading on January 26th. It is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip (the worm also spreads over the Kazaa P2P network).

When a user clicks on the attachment, the worm will start Notepad, filled with random characters and it will immediately start to spread further. On infected computers, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can allow an attacker to connect to gain access to infected computers afterwards.

The worm will perform a Denial of Service (DoS) attack starting on February 1, 2004, from every infected computer against the website, which belongs to SCO, a well known Unix vendor.

Within two days of discovery, Mydoom has already spread more than Sobig.F, which spread massively in August 2003 and until now has held the title of the fastest spreading email worm in history.

One thing that "helped" Mydoom to spread so fast is the fact that unlike most other recent email worm outbreaks, Mydoom was found in the middle of business hours in USA and several large corporate networks got infected immediately.

Current estimates show that between 20% - 30% of all email traffic worldwide is generated by this worm. On our server so far this week 35.7% of all email messages where virus infected (11,750 from 32,930), and Mydoom accounted for 98% of all infected emails.

For more information contact your Anti Virus software vendor. I'll include two links here:

Symantec - F-Secure

Microsoft Security Guides

Microsoft published a number of security guides this week:

Windows XP Security Guide - Securing Windows XP Clients According to Microsoft, this guide includes settings for Windows XP clients deployed in a Microsoft Windows 2000 or Windows Server 2003 Active Directory domain, but it also discusses procedures for implementing Windows XP security settings in stand-alone clients.

Download Guide [2.37 MB]

Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP

This guide contains detailed information about relevant security settings that can be configured on Microsoft Windows Server 2003 and Windows XP. It also details the different threats, potential countermeasures, and the potential impact of configuring these settings.

Download Guide [1.39 MB]

Windows Server 2003 Security Guide

This guide focuses on providing a set of easy to understand guidance, tools, and templates to help secure Windows Server 2003 in many environments.

Download Guide [2.47 MB]

These guides all require Adobe Acrobat Reader, which can be downloaded for free from the Adobe Web site.

Recent Support BBS Postings

How do I backup the registry? - Windows XP
Build your own PC - Hardware
Internet Explorer won't expand to full screen - Internet Explorer
Workgroup member can't be seen - Networking
How to Remove Dual Boot? - Windows XP

Web Site Updates

These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.


New "Mydoom/Novarg" Worm Breaks Record
More Problems for Internet Explorer

Windows XP

Microsoft Publishes Windows XP Security Guides


Word 2003 Update: January 27, 2004

Under certain circumstances Word 2003 can become unresponsive when the user saves a file or when Word automatically saves an AutoRecover file. This update corrects that potential error.

Download [English - 1670 KB]
More Info & Other Languages

Recommend This Newsletter!

Do you enjoy reading this Newsletter? Then why not tell your friend(s) about it? We have a handy Web form where you can just enter your name & email address together with your friends name & email address, and we'll send him your recommendation!

Recommend this Newsletter!

Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks

Microsoft posted some information while they continue to work on a fix for an issue reported last November.

Microsoft Knowledge Base

Seven WindowsBBS members Awarded Microsoft MVP Status!

When Microsoft awarded their Microsoft Most Valuable Professional (MVP) awards this week, seven members from our own WindowsBBS support BBS where given this prestigious award!

They are proudly listed at the Web site

AMD Releases Processor Driver for Windows XP

AMD Athlon™ 64 Processor Driver for Windows XP allows the system to automatically adjust the CPU speed, Voltage and Power combination that match the instantaneous user performance need. The Athlon 64 Processor Driver for Windows XP may be used on both Athlon 64 Processor Mobile and Athlon 64 Cool 'n' Quiet enabled platforms.

More Info & Download

FREE Software: Comet VideoPhone

Enjoy real time video conferencing facilities without much difficulty, even on a regular dial up connection. The best part about Comet VideoPhone is that it is free of cost and enables you to enjoy the capabilities of Internet-based video conferencing without the necessity for expensive DSL, Cable or other high-speed connections.

Download [4.9 MB]
Web site

Tell a friend about this Newsletter!

Need Help with Windows? Ask your questions here!

FREE Software!

  Our Web Sites

Rose City Software

Back Issues, unsubscribing etc.

Windows-Help.NET Newsletter Current Issue