Computer Knowledge Newsletter – February 1997 Issue

In This Issue:

Virus News

If you are in a corporate environment and run Microsoft Mail you should be interested in a new Word macro virus: ShareFun. The virus checks for MS Mail and, if found, sends a copy of itself to three random people in your personal mailing list. The message has the subject “You have GOT to read this!” and contains no text; just a Word document. The document is the one you are currently working on and is infected so when the receiver opens it in Word they then become infected and the process begins again.

There are two problems with this virus: it appears to have been sent from a “trusted” source, and it sends whatever you are currently working on to the other party (consider what might happen if you are a supervisor working on a termination letter and that draft gets sent to the intended early).

The simple solution is to delete any messages with the indicated subject and only an attachment. (Note: This is different from the so-called “E-mail” viruses where you should delete messages with a particular subject lest you become infected. You cannot get a virus by reading E-mail text. You can get a virus by running an infected attachment, which is the case here. The message is not the problem; the attachment is.)

Add NaughtyRobot to the list of hoax virus alerts. Early in 1997 users started to receive E-mail messages from themselves saying they were “sent to you by NaughtyRobot, an Internet spider that crawls into your server through a tiny hole in the World Wide Web.” The message goes on to tell you your credit card numbers and other information have been captured and that users should alert their ISP, contact the police and a number of other very inconvenient things.

What most people don’t realize is that it’s relatively easy to spoof an E-mail address. So the seed messages started an avalanche and another hoax is born.

The problem here is that something like NaughtyRobot could happen. There are two application add-ons to web browsers that are currently trying for maximum market share: Java and ActiveX. One, Java, was designed from the ground up and has a fair amount of security built in. The second, ActiveX, is based on Microsoft OLE and has little or no real security built in. Microsoft says they are trying to “fix” it but in the meantime an ActiveX application has the power to do any number of nasty things to your computer without your knowledge or permission (a German group has described a method of forcing fund transfers via Quicken using an ActiveX add-on). The only way to be certain at this point in time is to turn ActiveX OFF if your browser supports it. This unfortunately throws the baby out with the bath water, but until the security is properly addressed we’d rather be safe than sorry and suggest you do the same.

In other news, our free virus tutorial has gained significant distribution. It has appeared on the cover CD-ROM for several magazines in the European area for a total distribution of around 400,000. It has also been accepted as part of the standard corporate computer education program at a major computer corporation.

A fairly common theme in the requests for the virus tutorial security DLL has been a search for information on a specific virus because the user is currently infected by that virus. While the security DLL can often reveal more detailed information it is information specifically designed to educate about the virus, not how to remove it. Computer Knowledge does not believe users should attempt to remove viruses without help from an anti-virus program. There are far too many things viruses can do that require highly specialized recovery techniques (e.g., decryption of encrypted data). Recovering by hand requires highly specialized knowledge which anti-virus makers have built into their programs. And, should you have a problem, their technical support people are trained to handle such questions and will often help you even if you are working from just the evaluation version of their software.

If you have a virus, use anti-virus software to rid yourself of it.

General Security

Have a laptop computer and fly? If so, keep reading (actually, keep reading anyhow as the scam described here applies equally well to cameras, luggage, or anything else that looks valuable).

This scam takes place at the magnetic weapon screening port in the terminal. It involves two perps and a mark (that’s you). Perp one goes through the scanner and just hangs around on the other side. The mark approaches the scanner and puts valuable item(s) on the belt to go through the X-ray machine; then heads for the scanner. At this point perp two rushes up and gets ahead of the mark at the scanner. As you might guess, perp two has keys, coins, etc. that set off the alarm and require perp two to back up and clear out pockets. Perp two may have several pockets of things and attempt to go through several times. In the meantime, the mark is held up and the valuables go through the X-ray and are sitting on the other side. At this point perp one ambles up, grabs the valuable item(s) and simply walks off. By the time the mark is through the scanner and realizes something is wrong perp one is gone with the item(s) and perp two is also lost in the crowd.

A few tips to help: Don’t make anything valuable obvious (e.g., stuff your laptop computer into your luggage; don’t carry it in a case that obviously identifies it). At the airport keep everything in sight and don’t let yourself get distracted; if you see someone heading for your items, yell and point (understand when you do this you may get further delayed; security people at airports get suspicious of people who yell, but at least your valuables may be saved). If possible, use the buddy system. One person can carry all the luggage and another can go through first to claim it while the second person transits the detector.

In closing: We wish everyone well. Do stay away from the nasty cold virus that just made its way through our household (hopefully this one won’t travel through E-mail ).