Virus Alert

jambutty · 14-04-2004, 19:07

Until recently computer viruses were spread via emails, downloads and rogue software but now the ‘kiddies’ have developed a way of spreading viruses via web sites and you or rather your computer can get infected just by visiting the site. So we can look forward to, if that’s the right expression, to more and more web sites being infected. Now that it has been shown to happen more and more ‘kiddies’ will be doing it.

The latest pest is a Trojan with many variations but they all ‘read’ and report your key strokes. Not too much of a problem unless you happen to do a bit of Internet banking or subscribe to the many on-line cash processors like PayPal or E-Gold or go surfing for cash.

The best way to protect your machine is to make sure that you have all the latest Security Patches from Microsoft. Then get yourself a decent Firewall like Zone Alarm. The basic version, which is the same as the Pro version without some whistles and bells and is free to download from http://www.zonelabs.com/store/content/home.jsp

Antivirus software from http://www.grisoft.com/us/us_index.php is also free and you get regular, sometimes daily updates also for free. Just a reminder that any anti-virus software is only as good as the last update.

It would be helpful if you could read your emails before you download them to your machine and thus get rid of anything suspicious before it even gets to your computer. Get MailWasher from http://www.mailwasher.net/ for free and you can.

To help in your fight against unwanted stuff being sneaked onto your computer you can get AdAware from http://www.lavasoftusa.com/ and this will get rid of any Spyware that you have. And believe me you will have.

Trojan Remover costs $25 but it will help to protect your machine although it isn’t vital http://www.networkingfiles.com/AntiVirus/Trojanremover.htm

KIPAX · 15-04-2004, 17:47

You can't get a virus from a website....

Quote:

your computer can get infected just by visiting the site.

Missinformation if not scaremongering. Its total rubbish

AccyStanFan · 15-04-2004, 18:51

think he could be referring to the boxs that come up on certain websites which some people just click yes too.

KIPAX · 15-04-2004, 18:57

Thats people accepting a malicious script/program and not getting a virus just by visiting a site... It requires interaction... You can give anyone anything if there daft enough to interact and effectivly give permission to have it... But thats a far cry from getting it just by visiting a website... which cant be done.

Roy · 16-04-2004, 07:23

This week some major security holes where found in most of Microsofts operating systems.. I must stress what was mentioned in the first post - make sure you install the windows updates! Normally your computer will download automatically but that may be switched off, so you need to go to the start menu and find the Windows Update program. Even though some people are happy not to update there systems if they have a stable enviroment, if you connect to the internet you really SHOULD install the upgrades.

One of the main vulnerability's discovered this week was in the META system used to attach various pieces of usefull information to a digital photograph/image - this flaw enables someone to take control of your machine. Which is a pretty damn serious flaw!!

I'm a member of a pretty good security site and here is some news posted there the other day, in case your interested:

Quote:

14.04.2004 10:42:33

Microsoft released on Tuesday fixes that cover at least 20 Windows flaws, several of which could make versions of the operating system vulnerable to new worms or viruses.

At least six of the flaws could make the OS susceptible to programs similar to the MSBlast worm and its variants, which have infected more than 8 million computers since last August. Another flaw affects a common file used by Internet Explorer, Outlook and Outlook Express and opens the way for the type of virus that executes when PC users click a specially crafted Web link.

The software giant released four patches to cover the 20 security issues, as part of its monthly update schedule. Microsoft wouldn't comment on the level of risk the flaws present, instead maintaining that companies that apply the fixes won't be in danger.

"If you are running a personal firewall, you are at reduced risk from a lot of these vulnerabilities," said Stephen Toulouse, security program manager for the Microsoft Security Response Center. "But we are absolutely taking this seriously."

The largest patch, MS04-011, fixes at least 14 security flaws. A security hole in the Help and Support Center affects both Windows 2003 and Windows XP. Another flaw in the Windows Meta File image format could allow an attacker to create a digital picture file that could take control of a Windows NT, 2000 or XP computer. At least six of the 14 flaws could result in a remote user taking control of a Windows computer.

Toulouse said that instead of taking a piecemeal approach, Microsoft waited to release some patches so it could present a more comprehensive set of fixes. "Rather than shipping the same files over three months, we are trying to provide customers one update that has all the fixes," he said.

However, some security researchers took the software giant to task for waiting to release a particular patch that covers many of the flaws. Microsoft's strategy, they said, was keyed more toward public relations than customer convenience.

"These releases confirm a trend that has been happening with Microsoft security lately--that they are willing to leave customers vulnerable for long periods of time, all in order to try to bundle security fixes, which leads to the (impression) of having less vulnerabilities," said Marc Maiffret, chief hacking officer for eEye Digital Security . "This is completely unacceptable."

eEye Digital Security found six of the flaws Microsoft reported on Tuesday. The company urged Windows users to update their systems as soon as possible. Maiffret has previously criticized Microsoft for taking as long as 200 days to fix flaws . He said Microsoft took as many as 216 days to fix the latest set of flaws.

Other security researchers were less critical of the software giant.

"You can't generalize that Microsoft takes too long to fix flaws," said Gerhard Eschelbeck, chief technology officer for vulnerability assessment company Qualys . "It depends on where the flaw is in the code."

Qualys found two of the flaws Microsoft announced on Tuesday. A flaw in a networking code library common to many versions of Windows only took the giant two months to fix, said Eschelbeck. Microsoft had practice, since another flaw had been found in that same library by eEye Digital Security in February.

"A lot of the flaws in this release are derivative of ones that we have seen before," said Qualys' Eschelbeck. "Typically, someone finds a flaw in a particular area and a lot of researchers start looking in that code."

That also happened with the flaw that lead to the MSBlast worm . A second, similar flaw was found in October, but it took Microsoft until now to fix it.

Overall, Eschelbeck believes that the software giant is doing the right thing by releasing a single patch for all the flaws that affect the same software components, rather than quickly releasing the fixes one at a time. Qualys had previously found that it takes at least 30 days for half of the vulnerable companies on the Internet to fix the most critical flaws. Easing the pain of patching is important, he said.

"It's a single patch on a scheduled day," he said. "Everyone knows today is Microsoft patch day. I think this is the right thing to do."

Eschelbeck recommended that companies apply at least the first patch from Microsoft by the end of the week.

entwisi · 16-04-2004, 07:49

Solution to all this, install Linux !

)

KIPAX · 16-04-2004, 08:59

The original post also said that you can get a virus just by visiting a website, I stand by my original response. At this point you may want to look up the exact meaning of a computer virus

AccyStanFan · 16-04-2004, 10:21

so picky and careful with his words

mez · 16-04-2004, 14:52

i logged on this morning & was told i had s parasite in my system, attacked it with my norton, now no longer

AccyStanFan · 16-04-2004, 15:42

and once again the computer is safe from the evil virus queen.

AnthonyS · 25-04-2004, 09:52

I keep getting an error message popping up on this website. Every page I go on a message pops up saying;

A runtime error has occured.
Do you wish to debug?
Line 2 - This line changes on different pages
Error: Expected ')'
Yes No

It doesnt matter whether I put yes or no, nothing happens and it pops up again next time I go on another page.

Does anyone know whether it is a virus or is it a simple problem that I can fix?

Roy · 25-04-2004, 10:24

its a problem right now with some code on the site. I'll disable it for now as it appears to have got worse...

Roy · 25-04-2004, 10:26

try it now, it should be ok