Antivirus & PC/LAN Security Notes

-- "A study last year by the National Cyber Security Alliance found that 91 percent of broadband users have spyware or adware on their home computers, and that in most cases it surreptitiously found its way there via music or file-sharing programs..." - SOURCE: Reuters -- 28Jan04: The National Cyber Alert System US-CERT eMail Alerts for subscribers to provide credible and timely information on cyber security issues for both technical and non-technical users. (DHS, CIRC, NCSD) -- Visit EmailPrivacy.info Quote: "EmailPrivacy.info investigates the risks of compromising your mail security and privacy and offers you the ways of reducing these risks to a minimum." and see Big Brother'n You "1984 is." -- 27Jan04: Government Planning Cyber Alert System, The DHS, National Cyber Security Division, may mimic color-code terrorist scheme &/or directly alert subscribers (Robert Lemos, ZDNet CNet News 27Jan04) -- A White House paper outlining "A National Cyberspace Security Response System (.pdf) -- The General Services Administration Federal Technology Service's Office of Information Security this month [Jan04] released a draft request for proposals for the Enhanced Intrusion Detection Capability (EIDC) [The Federal Computer Incident Response Center (FEdCIRC) under the DHS at Threats and Protection]. (src: FCW, 18Jan04) -- Congressional Hearings on Spyware Dangers re the proposed "Safeguard Against Privacy Invasions Act" (SPI) H.R. 2929 -- Spam Laws US EU Other Countries & 1Jan04: Spam Laws: California, US -- 20Dec03: The California Anti-Spam Law (© 2003 Ivan Hoffman, B.A., J.D.) -- 17Dec03: CAN-SPAM Act -- Bush Signs Law Placing Curbs on Bulk Commercial E-Mail (Jennifer 8. Lee, NYT, 17Dec03) -- December 16, 2003: President Bush signed into law the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) -- The Federal "Can Spam" Law (© 2003 Ivan Hoffman, B.A., J.D.) -- December 8, 2003: Federal Antispam Law Nears Congress approves bill, sends CAN-SPAM Act to president for approval. (Grant Gross, IDG News Service, Monday, 8Dec03) -- November 6, 2003: [Microsoft] Bounty targets virus creators, senders (By Tim Lemke, The Washington Times, 6Nov03) -- November 4, 2003: Microsoft to offer bounty on hackers (By Robert Lemos, CNET News.com, 4Nov03) Qoutes: "Microsoft will work with law enforcement to track down writers of worms, viruses and other malicious code, and is ponying up $5 million to fund the search... The [Anti-Virus Reward Program] rewards will be open to residents of any country, subject to that country's laws, Microsoft said. People with information can report it to law enforcement online to Interpol, to the Internet Fraud Complaint Center or to FBI, Secret Service or Interpol field offices." -- HackerWatch.org's Graph of the LovSan worm activity plus animated view of attacks worldwide and you can Check if your network generates traffic indicating an infection -- Reminder: MSBlast.exe (also known as the LovSan Web Worm) 1st spread across the Internet week of 10-16Aug03. CNet News 12Aug03 and MS Security Update and Symantec's W32.Blaster.Worm removal tools for W32.Blaster.Worm, W32.Blaster.B.Worm, and http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp , take immediate action to install the security patch. If you run a firewall (such as ZoneAlarm) consider blocking access to TCP port 69, 135, 4444 at the firewall level. Also, see the McAfee W32.Lovsan and 'anti-virus' tools section below for more links to removal tools and security information. The worm re-propagates on future dates, also. -- 6Aug03: The FBI, along with several IT security companies, has advised Windows users to update their systems - as a matter of priority - from the Microsoft update site at http://windowsupdate.microsoft.com. In a press conference on Monday (4Aug03), the FBI [NIPC] recommended that both business and home users visit the site to update, after a critical Windows vulnerability was discovered that left most Windows machines open to attack. -- CERT MS OS Alert, related to 16Jul warning (Paul Robert, CNet, 1AUg03) -- 23Jul03: ..a new California law (S.B. 1386)..says that no matter the intention, if someone gets unauthorized access to a database containing personally identifying information at a government agency, company, or non-profit, California residents must be notified immediately or the company may be liable. Personal data includes names, Social Security numbers, driver's license and credit card numbers, and passwords. (by Mathew Schwartz, 23Jul03, esj.com) -- 16Jul03: Windows users should expect to have another update from Microsoft waiting for them on their computers. The software giant issued a patch Wednesday (16JUl) morning to plug a critical security hole that could allow an attacker to take control of computers running any version of Windows except for Windows ME. (Robert Lemos, Staff Writer, CNET News.com, 16Jul03 ) -- New Data Security Laws Carry Greater Consequences Go directly to jail, do not pass Go, and don’t even think about collecting your paycheck. (by Jim Robins and Dr. Joel Rakow, 9Jul03, esj.com) -- FTC Alert: Bogus July 1 Email Exposed: The Real Deal on Your Credit File Privacy -- Microsoft help for blocking spam Messenger -- WinXPNews^™ 17Jun03 eZine: 91% broadband users infected w/spyware & only 8% of parents control childrens' access; 86% have sensitive data on the PC ; Spam Law, Good or Bad?; PGP Freeware; -- Microsoft files 15 spam lawsuits..alleges defendants sent 2 billion unsolicited e-mails (Bob Sullivan, MSNBC, 17Jun03) -- Online Auctions: Fads, Scams, and Temptations (MSNBC) -- More Scams in Spam News from MSNBC: Password-stealing e-mails spread - Nigerian scam continues to thrive - 'Free' credit reports costly - New virus poses as Microsoft e-mail - The lure of online auctions -- AOL, MS & Yahoo Join Rallying to Combat Spam Q&A w/a Press Release (28Apr03) -- California considering tough sanctions against spammers just as Virginia's law maybe strongest against spam in U.S. -- "Washington Bids to Can Spam" [..no longer a question of "if"] (Caron Carlson, eWeek, 5May03) -- [in-depth] " The Not-So-Peaceful Anti-Spam Crusade" (Cynthia L. Webb, washingtonpost.com Staff Writer, Monday, May 5, 2003) -- Virginia Passes Anti-Spam Law (1999) -- Virginia's Spam Law by Ray Everett-Church (A Commentary re ISPs Vulnerability) -- Senator Deborah Bowen's (D-Redondo Beach, Ca. Senate District 28) Anti-Spam Proposed Legislation (23Apr03 eMail) and Participate in the Survey on eMail Spam & TCPA Actions Against Fax Spam are part of California's move against unsolicited eMail, faxes, phone solicitations. A Bill would ban spam in California (Nancy Vogel, "Los Angeles Times", Monday 10Mar03: "The Beaufort Gazette Online") The new bills are a continuation of the many states, e.g. California criminalized unsolicited fax advertisements and cell phone text messaging beginning January 1, 2003 and the FTC 'Do Not Call' Registry 18Apr03 the FTC Web Page Notes: Consumers soon will be able to put their phone numbers on a national “do not call” registry. It will be illegal for most telemarketers to call a number listed on the registry. Beginning in July, consumers will be able to put their telephone numbers on the national registry, which telemarketers subsequently will be required to access. When registration opens in July, consumers can register for free in two ways: online or by telephone. The FTC will announce the Web site URL for online registration and the toll-free number in June. To better manage the anticipated volume of registrations, initial sign-up by phone for the registry will be phased in, region-by-region, over an eight-week period. Online registration will be available throughout the United States in July. As of October it will be illegal for most telemarketers to call a number listed on the registry. In addition to establishing the national “do not call” registry, the rules, include limiting abandoned calls, restricting unauthorized billing and requiring telemarketers to transmit Caller ID information. (FTC 18Apr03) -- 25Mar03: Data mining sparks debate among lawmakers, administration (Drew Clark, National Journal's Technology Daily, GovExec.com) -- 20Mar03: Ridge: Cybersecurity at 'heart' of department's work (William New, National Journal's Technology Daily) -- 13Mar03: Beware any e-mail, however professional in tone, that asks for personal account information ..(Bob Sullivan, MSNBC, 13Mar03) -- California Senate District 28, Sen. Debra Bowen, D-Redondo Beach: Survey on Spam; (source: TechTV "The Screen Savers" 24Feb03 -- Hotmail files anti-spam lawsuit + related spam stories/links (John Leydon, The Register/UK, 19Feb03) -- 28Jan03: Win32/SQLSlammer.Worm, also known as SQL Sapphire Worm (Computer Associates Virus Information Center), W32/SQLSlammer description (McAfee) -- Slammer Stinger download from McAfee Stinger is a stand-alone utility used to detect and remove specific viruses. It includes detection for all known variants of W32/SQLSlammer, W32/Lirva, W32/Yaha, W32/Bugbear, W32/Elkern, and W32/Klez. -- VisNetic Antivirus Workstation Beta Release available for download -- 15Nov02: Hackers Face Life Under US Security Bill [Cyber Security Enhancement Act (CSEA)] (John Geralds, Silicon Valley) [src: ISTS/IRIA] -- 3Oct02: 'Californians Seek Spam Shelter - How to Report California Spammers (Attorney General, Ca Law: CA Codes (bpc:17530-17539.6)) [Some Spammers Illegally Use open relays to Conceal Their Identity src: whatis?com] (Julia Sheeres, Wired) -- 15Oct02: 'Spam Masquerades as Admin Alerts [Using MS Windows Messenger Service] (Brian McWilliams, Wired, 15Oct02) -- 17Oct02: 'New "Messenger spam" invades desktops [aka NetBIOS spam]' (Brian Osborne, Geek News, 17Oct02) -- How to Setup Your System Not to Receive NetBios "Messenger Spam" -- 29Jul02: The "Department of Homeland Security Bill" in Congress may include cyber-crime sanctions to increase maximum penalty for knowingly attempting to cause serious injury through cyber attack to 20 years. (src: eWeek -- 17Jul02 - U.S. government sets security standard for Win2K, free download of "Single Benchmark Security Scoring Tool from Center for Internet Security (CIS) (src: Thor Olavsrud, InternetNews.com) -- 21Jun02 src:, Usability and privacy: a study of Kazaa P2P file-sharing A large percentage of Kazaa users have either accidentally or unknowingly shared their private files with everyone who has access to the Kazaa network. Conducted by Nathaniel S. Good of HP Labs and Aaron Krekelberg of the University of Minnesota, this study discloses shortcomings in the Kazaa software, which in turn, poses a serious threat to computer privacy. A majority of the users in the HP study were unable to tell what files they were sharing, and in certain cases, were not even aware they were sharing files at all. Available in Adobe Acrobat (.pdf), this nine page report, on the whole, is primarily for those affiliated with P2P file sharing systems. [Internet Scout Report] -- Federal Trade Commission (FTC) case name 'Cupcake Party' Release date: May 24, 2002: Court Shuts down Cyberscam Permanently - Order Bars Operator From Hijacking, Mousetrapping Surfers -- Getting Unsolicted Commercial spam email? Forward them to UCE@FTC.GOV -- FTC Proposes "Do Not Call Registry" -- 4Mar02 Spam Takes New Form "Messenger Spam" & How to disable its access into your Win2K/NT/XP machine. (Kevin Rose, TechTV)