Computer Knowledge Newsletter – April 2000 Issue

In This Issue:


Electronic Books. The newest E-books released are:

The Wonderful Wizard of Oz by L. Frank Baum

If interested, the E-books can be found via links from:

[Sorry. E-books removed.]


General Security

Credit Card Theft. Teens in Britain were arrested and charged with stealing over 25,000 credit card numbers via hacked internet sites. The suspects live in a small village of around 700 people, proving that the internet truly has a global scope and you don’t have to have a large support group around you to commit crime over the internet. The FBI, who cooperated in the investigation, indicated losses could be up to $3 million. Fortunately, for everyone, these 18-year-old hackers left a digital trail that could be easily followed. They entered via a known bug in Microsoft’s e-commerce software for which a patch had been issued in mid-1998. If nothing does, this case indicates the clear need to KEEP YOUR PRODUCTS UP TO DATE WITH ALL ISSUED SECURITY PATCHES.

Visa Guide. C|Net reports that Visa will (or maybe has already released by now) release a “best-practices” guide to help e-commerce companies spot fraud and maintain their databases against hacker attacks. This is important for merchants since in card-not-present transactions the merchant typically gets hit for the cost of fraud; unlike transactions where the card is presented and a signature obtained where the bank assumes the risk. We can only hope that the guide is not too late and that vendors pay attention since eventually we all pay for these break-ins.

Microsoft Secret Password. Middle of this month reports circulated that Microsoft FrontPage extensions on web sites had a secret back door in the file dvwssr.dll. The phrase “Netscape engineers are weenies!” was reported to be part of the enabling code. While Microsoft confirmed the back door in a C|Net report they later indicated it was not a problem.

Another Security Hole. Right after the Microsoft back door “problem” came up Microsoft announced a security hole in their FrontPage extensions. This vulnerability exposes sites to denial-of-service attacks and could be widespread since these extensions are given away free to any service using NT for their server. Guess where the hole was found; that’s right, in dvwssr.dll.

For all of these items and more please take a look at: Link

General Interest

Internet Server. A server on the internet may take on a new meaning: process server. A Massachusetts judge has allowed subpoenas to be delivered via E-mail (with a follow-up via registered mail). Critics point out that delivery of E-mail can’t be verified and that mail can easily be forged so there is some question if soon you might have to worry about logging on and hearing: “You’ve got a subpoena!”

Virus News

There are a number of new viruses described this month; one rose to the level needed to place it on the alerts page:

[Link taken down]

For reference, the way the alerts page will work will be changing with the next time I feel the need to put new info on that page. I’ll be taking off the archived info and just putting on the new information. While I’ll try to place just one iteration of the information on the page if new information comes up about the virus or threat I will add it. So, if you subscribe to the NetMind service that monitors that page you may see multiple alerts for any given new threat. Don’t be alarmed, it just means I’ve received new information.

Don’t forget our virus tutorial site.

Featured Virus: Politically Correct Virus. Never calls itself a “virus,” but instead refers to itself as an “electronic microorganism.”

New Viruses. A large number of new viruses (most being variations on an existing theme) were identified this past month. Instead of describing each one here I’m just listing the names and a link where you can find descriptions of those you want information about. These should all be found by any up-to-date anti-virus program (hint, hint). Here’s the list:

Word Macro Viruses

  • WM97/Astia-AI
  • WM97/Bridge-A
  • WM97/Ethan-BV, WM97/Ethan-CK
  • WM97/Hope-S
  • WM97/IIS-E
  • WM97/Locale-D
  • WM97/Marker-AX, WM97/Marker-BX, WM97/Marker-C, WM97/Marker-CI, WM97/Marker-CX, WM97/Marker-DB, WM97/Marker-DD
  • WM97/Melissa-AU
  • WM97/Murke-A
  • WM97/Myna-D, WM97/Myna-J
  • WM97/Nsi-B
  • WM97/Service-A
  • WM97/Thursday-Q, WM97/Thursday-U
  • WM97/Walker-I
  • WM97/Wrench-E

Excel Macro Viruses

  • XM97/Divi-C, XM97/Divi-D


  • Irok-10000 (This is an IRC worm that spreads by E-mailing itself)
  • Irok-7877 (Irok-10000 variant)


  • Troj/Narnar (Installs in the Windows System folder as tskmngr.exe and allows other users to use your computer.)

For further info about any of these see: Link

911. This is the batch file worm that the FBI issued an alert about. Basically, the worm consists of a number of batch files (*.BAT) along with VBScript (*.VBS). The worm attempts to find other computers on a network with open shares (disks or files where sharing is set on with no password set). Once found, the worm is free to access the disk on those computers and install itself. It creates hidden subdirectories called a variety of semi-obscene names. On some computers the AUTOEXEC.BAT file is also modified and, when run, will attempt to format drives from E: through H: (usually network drives). Then an offensive message is shown and a format of drive C: is attempted. In rarer instances the worm will attempt to dial 911 using the computer’s modem.

Win95.CIH Chernobyl. Just a reminder that on 26 April this old virus will activate. Any up-to-date anti-virus program will detect and remove it; but if it happens to activate it can to serious damage to the information on your hard disk (most can be recovered with much work; but why take a chance).

In closing: Happy Easter to all who celebrate Easter.