Saturday, May 22, 2004

PC Security Secrets Mini-Course - Day 1


The 7 PC Security Secrets Hackers DON'T Want
You To Know But I'm Going To Tell You Anyway.

A 7 Day Mini Course

Greg Reynolds

You or someone else has subscribed to my 7 day mini
course. If this is an error or you would like to
un-subscribe just go to the bottom of this message
for instructions.


Day 1

Secure Your Operating System

It amazes me the response I get from my clients
when I ask them the question, "So you have all your most
important information on your PC, when did you last apply
Microsoft's security patches on your computer?" Usually
I get a blank stare and sometimes I get the response, "I
didn't know there were any security patches."

Understanding not just security patches but the entire
set of online defenses is crucial to any serious computer
user. Most people realize that they should be doing some
type of security measures, but they don't know where to
begin and that can cost you BIG TIME!

Before you ever risk all the data on your computer
again, you need to know exactly where to begin locking
everything down or you are risking some serious

Hackers and virus writers are getting increasingly
sophisticated every day. At the same time, people are
storing more and more confidential information on their

Ever buy anything online? That credit card number is
still on your computer, stored in an unerasable file
easily accessed by anyone that knows how to search for a
16-digit string of numbers.

Do your taxes on your PC? Your social security number
and your entire identity are exposed.

Think you're safe from every virus, trojan, keystroke
logger, and remote probe that's out there? Today's virus
writers create programs that infect one computer and use
it top probe the IP address of 100,000 other computers
per hour.

Think this stuff is science fiction? A good hacker
can enter an unguarded PC through your browser, download
scripts automatically that find desirable data, and send
it to websites setup for anonymous data capture.

Think nobody really knows how to do this? The scripts
are so readily available that they're even sold on eBay
for next to nothing.

Don't believe me? Search eBay for "hacking tools".
$20 gets you a fresh CD loaded with hacking tools for
"script kiddies" - too young to drive, but capable of
stealing your information and selling it.

So what should you do? Take my advice and secure
all the potential entry points on your PC today.

Windows Security Patches

The Microsoft Windows Update site provides critical
updates, security fixes, software downloads, and other
relevant security info.

Simply click the Scan for Updates button. Browse the
results list and check off the ones you want to install.

Critical updates will always be in a small group at the
top of the results page. Always install those first.

When the download finishes, each update automatically
installs itself.

Online Security Tip: - Windows Update will automatically
track your security updates. When new patches are online,
you'll be directed to the Windows Update page for a new
security scan.

Note: If you use Microsoft Office products such as Word
and Excel, click the top button labeled "Office Update"
to install those security updates as well.

That's all for today. See you tomorrow with more good stuff.

Greg Reynolds

Tomorrow's Topic:

Locking Down Internet Explorer

Friday, May 21, 2004

More on the Bobax worm and A, B, and C variants

- Weekly report on viruses and intrusions -
Virus Alerts, by Panda Software (

Madrid, May 21, 2004 - This week's report on viruses and intrusions will
deal with the worms Bobax.A, Bobax.B, Bobax.C, Kibuv.A and Lovgate.AF, as
well as with the Trojan Ldpinch.W.

The three variants of the worm Bobax (A, B and C) are very similar, the only
difference between them being the size of its infections code. The main
feature of this new family is that -like Sasser- they exploit the Windows
LSASS vulnerability in order to spread. By doing so, they search the web for
computers that contain the already mentioned vulnerability.

Bobax sends instructions to the affected computer to download and run a copy
of the worm. When these worms exploit the LSASS vulnerability, they launch a
buffer overrun that restarts the computer.

Although the LSASS vulnerability only affects Windows XP/2000 operating
systems, Bobax and all its variants can also affect other Windows platforms.
In this second case, Bobax worms cannot spread to these computers
automatically: they need users to execute a file containing a copy of
themselves in order to carry out their infections.

Once they have been executed, the Bobax worms open several TCP ports, thus
allowing hackers to use the affected computers as SMTP mail servers. By
doing so, computers can be turned into 'zombies' for sending spam.

Kibuv.A is another imitator of Sasser, and their effects are very similar.
It also exploits the LSASS vulnerability in order to spread, thus restarting
the computer. Like the Bobax worms, Kibuv.A affects all the Windows
operating systems, but it only spreads automatically to Windows XP/2000

Lovgate.AF is a worm with backdoor characteristics that uses several
techniques to spread, such as e-mail messages, the peer-to-peer (P2P) file
sharing program KaZaA, shared network resources, etc.

Once it has reached a computer, Lovgate.AF opens a port and sends an e-mail
message to a remote user, in order to notify that the computer has been
affected and it is accessible through the port opened.

Finally, the Trojan Ldpinch.W. has been sent massively by hackers in an
e-mail message with the subject 'Important news about our soldiers in
IRAQ!!!'. The message contains a text on the conflict in Iraq, and includes
a link to a web page with information on that issue. This e-mail message
contains the compressed attached file IMPORTANT INFORMATION.ZIP which, at
the same time, contains the file IMPORTANT INFORMATION.SCR. When the user
runs this file, Ldpinch.W will be installed on the computer.

Ldpinch.W steals confidential information on the affected computer and then
sends it out to a specific e-mail address. By doing so, the virus author can
use this data with malicious intent.

For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:

Additional information

- Vulnerabilities: Flaws or security holes in a program or IT system, and
often used by viruses as a means of infection.

- Backdoor Trojan: this is a program that enters the computer and creates a
backdoor through which it is possible to control the affected system without
the user realizing.

More definitions at:

Thursday, May 20, 2004

Bobax.a Bobax.b and Bobax.c Virus Warning

- Panda Software warns of two new variants of the Bobax worm -
Virus Alerts, by Panda Software (

Madrid, May 19 2004 - PandaLabs has detected variants B and C of the Bobax
worm, two new malicious codes which join Bobax.A, discovered some days ago.
As a result, the probability of computers being infected by one of the Bobax
worms has increased considerably.

Like the Sasser family of worms, the three Bobax variants exploit the
Windows LSASS vulnerability to spread. These worms try to access a large
number of IP addresses to see if the computers they belong to have the LSASS

If that is the case, Bobax sends instructions to the affected computer to
download a copy of the worm. Also, when any of the Bobax worms exploits the
LSASS vulnerability, a buffer overrun is produced that causes the affected
system to restart.

Even though the LSASS vulnerability affects only Windows XP and 2000
systems, Bobax and its variants can also spread to the other Windows
platforms. However, in the latter case, the worms do not automatically
spread to computers, but the user must run a file that contains a Bobax
specimen for the system to be infected.

Once installed on a computer, the Bobax worms open several random
communication ports, which could allow a remote user to use the affected
system as an SMTP server for sending mail. In this way, targeted computers
could become 'zombies' for sending spam.

PandaLabs has also detected e-mails carrying the new Trojan Ldpinch.W. Even
though this is not an extremely dangerous malicious code, it takes advantage
of headline news -the Iraq conflict-, to trick users and infect their
The message that carries Ldpinch.W has the following characteristics:

Important news about our soldiers in IRAQ!!!

Seven officers was lost today,
follow the link to get the full story.
[Internet address]

Attached file:
IMPORTANT INFORMATION.ZIP, which in turn contains the file IMPORTANT

The Internet address shown in the message includes information on the Iraq
war. However, if the user runs the attached file, Ldpinch.W will be
installed on the computer.

This Trojan is designed to steal confidential information from the system
and send it to a predetermined e-mail address. In this way, the virus
creator could use the stolen data in a fraudulent manner.

In order to prevent your computer from falling victim to any of the Bobax
worms or Ldpinch.W, Panda Software advises users to tighten security
measures and keep their antiviruses updated. Panda Software has made the
updates necessary to its products available to clients to detect and
disinfect these new malicious codes.

In order to avoid attacks from Bobax or its variants it is necessary to
install the Microsoft patch that fixes the LSASS vulnerability. You can
download this patch from

More information about these and other IT threats is available in Panda
Software's Virus Encyclopedia at

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page

Wednesday, May 19, 2004

W32/Lovgate.ab@MM - Mass Mailer Worm

Like its predecessors, W32/Lovgate.ab@MM is a Medium Risk mass-mailing worm inside an email attachment that when run:

Drops a dangerous backdoor on an infected machine that can allow a remote hacker to steal information.

Infects executable programs.

Tries to disable anti-virus and security software.

Emails itself to a) stolen contacts or b) as replies to unread MS Outlook or Outlook

Express messages on the infected machine, spoofing the "from: field".

Note: McAfee VirusScan proactively detects and blocks W32/Lovgate.ab@MM's backdoor component (BackDoor-AQJ).

Up-to-date McAfee VirusScan users with DAT 4361 are protected from this threat.


FROM: Varies (forged addresses taken from infected system).

SUBJECT: Re: (original subject)

BODY: Varies.

ATTACHMENT: The worm may be attached with one of the following file extensions:
When replying to unread Outlook or Outlook Express messages, the worm may be attached with a variety of filenames. Examples:
the hardcore game-.pif
Sex in Office.rm.scr
Deutsch BloodPatch!.exe

Monday, May 17, 2004

Windows Security Patches

The Microsoft Windows Update site provides critical updates, security fixes, software downloads, and other relevant security info.

Simply click the Scan for Updates button. Browse the results list and check off the ones you want to install.

Critical updates will always be in a small group at the top of the results page. Always install those first.

When the download finishes, each update will automatically install itself.

Online Security Tip: - Windows Update will automatically track your security updates. When new patches are online, you'll be directed to the Windows Update page for a new scan.

Note: If you use Microsoft Office products such as Word and Excel, click the top button labeled "Office Update" to install those security updates as well.

Lock down Internet Explorer
Microsoft Internet Explorer needs to be updated regularly to maintain computer security.

All existing versions of Internet Explorer have critical vulnerabilities if they aren't patched.

The vulnerabilities can be categorized into these classes:

Web page or Windows interface spoofing
ActiveX control vulnerabilities
Active scripting vulnerabilities
MIME-type and Content-type misinterpretation
Buffer overflows

These vulnerabilities could lead to disclosure of local files or data, execution of local programs, download and execution of arbitrary code, or complete takeover of your system.

How to secure Internet Explorer

To configure the Security settings for Internet Explorer:

Select Internet Options under the Tools menu.
Select the Security tab
Click Custom Level for the Internet zone.

Most of the flaws in IE are exploited through Active Scripting or ActiveX Controls.

Under Scripting, select Prompt for Allow paste operations via script

This increases computer security by preventing content from being exposed from your clipboard.

Note: Active Scripting should not be disabled since it is used by many websites.

ActiveX Controls are not as popular but are potentially more dangerous as they allow greater access to the system.

Select Prompt for Download signed ActiveX Controls.
Select Disable for Download unsigned ActiveX Controls.
Select Disable for Initialize and script ActiveX Controls not marked as safe.

Java applets typically have more capabilities than scripts.

Under Microsoft VM, select High safety for Java permissions

This puts access barriers around the Java applet and prevents privileged access to your system.

Under Miscellaneous select Disable for Access to data sources across domains

This protects you from cross-site scripting attacks.

Also, make sure you have no un-trusted sites in the Trusted or Local Intranet zones. These zones have weaker security settings than the other zones.

Online Security Tip: These security settings for Internet Explorer will be automatically applied to your other Microsoft applications such as Outlook and Outlook Express.

Create a multi-layered defense
Computer security is all about having multiple lines of defense. After applying the security patches to Windows and fortifying Internet Explorer, you now have a good foundation in place.

Now you need to further increase your online security. Build upon that foundation and create some strong castle walls around your PC.

Here's what you need:

Spam Filters
Antivirus Software
Spyware Removal Software
Personal Firewall Software
Online History Clean
PC Utility Software

Each of these helps to close a security gap; together they provide an interwoven shield of online security.

Later gator...

Sunday, May 16, 2004

What is a firewall?

A computer firewall is simply a hardware device or software program that allows into your computer only the programs and data you decide are acceptable. Firewalls are the best defense a computer can have. Simply put, a firewall detects, rejects, and protects.

How a firewall works
A firewall isolates your computer from the Internet by inspecting each piece of data - inbound or outbound - as it reaches the firewall. It uses certain basic rules to decide what goes through and what doesn't.

Each little package of data must correctly identify itself by specifying a destination address and a port number on that computer. It must also contain its originating address and the port number from which it was sent. Think of it as the address information on a regular envelope - both return address and recipient.

Since every data package contains this address information, a firewall can selectively accept or reject the various packages of data it receives. Certain rules specify which ports are valid destinations on your computer. Other rules specify which ports are valid senders from your computer.

Each data packages also contains a little snippet which states whether it is initiating a conversation or acknowledging one that is already taking place. Rules stipulate how data conversations can be initiated and how they must be acknowledged.

Your firewall knows which packages match its rules and are therefore acceptable. All other packages are refused delivery and go no further than the firewall.

Hardware firewall
A hardware firewall is an external device that resides outside your computer. A software firewall is a program that resides inside your computer.

Both types of firewalls analyze all incoming and outgoing traffic according to preset rules. You can also add additional instructions to your firewall that will allow certain types of additional communication.

Using a hardware firewall on a home computer is rare as they are designed to isolate and protect computer networks. In some cases though, you might use a hardware firewall at home.

Many people network their home computers together and connect to the Internet through a single, high-speed connection, usually cable or DSL. Several manufacturers include firewalls within the cable/DSL routers sold in most home electronics stores.

These hardware firewalls disguise everything behind them with their own unique addresses, called subnets. Communication like this uses Network Address Translation (NAT). NAT essentially hides you from prying eyes outside, just as if you were behind tall castle walls.

Software firewall
A software firewall performs the same functions as a hardware firewall. It places a wall of code in front of all data transmissions instead of a physical device that essentially contains its own wall of code.

Either type of firewall will provide the necessary castle walls you need for your computer. In addition, you'll need to strengthen your castle walls with antivirus protection, spam prevention, spyware removal software.

Free personal firewall
A free computer firewall provides security software that blocks trojans and worms on a cost-effective basis. Your software firewall is easy to install from a firewall download. You'll quickly have much needed firewall protection in place in less than five minutes.

Firewall software is a must to keep hackers out of your PC. Your firewall also provides a multi-layered defense against virus attacks. Get your protection in place BEFORE it's too late.

Where you can get a free firewall
Every computer needs firewall protection. Several companies make free personal firewalls available. The best one is Zone Alarm from Zone Labs.

Zone Alarm is a scaled down version of the top-selling Zone Alarm Pro. Millions of people use this award-winning security for Internet-connected PCs.

You can get their excellent free firewall, Zone Alarm, or a 30-day free trial of Zone Alarm Pro. Both keep hackers at bay with protection against worms, Trojans, spyware.

The Pro version also protects against 47 types of malicious email attachments. ZoneAlarm Pro includes Cookie Control and Ad Blocking for a faster, safer Internet experience.

Click here for Zone Alarm's Free firewall software

You know there's absolutely no sense in not keeping your computer and private data as safe as possible. Add firewall protection to your computer today.