[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[ATM] Re: ATM: New Virus

To: atm@atmlist.net
Subject: [ATM] Re: ATM: New Virus
From: mdholm@telerama.com
Date: Wed, 24 Mar 2004 19:50:05 -0500 (EST)
In-Reply-To: <LYRIS0-1080174976--126723-lyris-admin@list.primushost.com>
List-Archive: <http://home.simoivanov.com/pipermail/atm>
List-Help: <mailto:atm-request@atmlist.net?subject=help>
List-Id: The Amateur Telescope Makers List <atm.atmlist.net>
List-Post: <mailto:atm@atmlist.net>
List-Subscribe: <http://www.atmlist.net/mailman/listinfo.cgi/atm>,<mailto:atm-request@atmlist.net?subject=subscribe>
List-Unsubscribe: <http://www.atmlist.net/mailman/listinfo.cgi/atm>,<mailto:atm-request@atmlist.net?subject=unsubscribe>
References: <LYRIS0-1080174976--126723-lyris-admin@list.primushost.com>
Sender: atm-bounces@atmlist.net
User-Agent: IMP/PHP IMAP webmail program 2.2.6

David is right on some points.  There is a new variant out there (I read about
it recently.), but he is not quite correct on some other aspects of this bug. 
It is in fact a new incarnation of a known exploit using a known weakness in
MSIE or perhaps MS Outlook, I don't remember exactly which.

Anyhow, the most important aspect is that you can prevent this one quite
easily,
by updating your Windows installation with all of MS's security patches.

For most home pc users, this is quite simple.  Fire up MSIE (this is the only
chore I use it for anymore) and click Tools, Windows Update.  From there, it is
mostly a matter of following the instructions.  You want to install anything
labeled a "Critical Security Update" or "Cumulative Security
Update".  There
will be other updates, in a separate section, lower down the screen that are
not
"Critical Security Updates".  You don't need to install any of those
unless you
see something that sounds like it might do something useful for you.

If you haven't done this for a while, you may have a lot to download and
install, but it really isn't hard.  The downloading and installations are
pretty
much automatic.  You may have to accept a few liscense agreements, and perhaps
reboot after some of the installations.  A good way to do it, if you expect
quite a few patches, is to start it early some day when you can be around the
computer frequently, and then just let it run, checking on it every 10 minutes
or so to see if it needs you to do something.

Probably the most troublesome parts are: 1. A few of the patches have to be
downloaded and installed all by themselves.  This means that, after that patch
is installed, you will have to possibly reboot, restart MSIE, go back to
Windows
Update and continue on with the rest of the patches.  2. If you are on a slow
Internet connection, the patches can take a long time to download.  There may
well be a service where MS packs all of the updates on a CD-ROM and will sell
it
to you.

We can perhaps fault MS for leaving so many vulnerabilities in their code, but
it has to be said that their Internet Windows update system works pretty well
and is free!

You may have heard all sorts of horror stories about Windows updates.  I have
done it many times on three systems running W98, W2000 and WXP and never ran
into a problem.  The troubles most commonly happen to network administrators
running very complex setups on complex networks with lots of specialized
software installed.  This doesn't mean it can't happen to you, just that the
ordinary home user is less likely to have trouble caused by the updates.

Once the security updates are installed, the scheme this virus is using to
launch itself from an email message is shut off, and many of the other known
schemes for remotely causing mayhem on your Windows box.

Most of the newer Windows versions have a feature that will automatically go
out
on the net and notify you of new Windows security updates.  It is a good idea
to
learn how to turn this feature on.

Mark Holm
mdholm@telerama.com
_______________________________________________
ATM mailing list http://www.atmlist.net/

Prev by Author: [ATM] Elliptical mirror
Next by Author: Re: [ATM] Cloud detector
Prev by thread: [ATM] Re: ATM Digest, Vol 3, Issue 5
Next by thread: [ATM] RE: Dob vs Eq mount
Index(es):
- Author
- Thread