Internet Security Risks
The Internet has always been a very interesting structure
with literally millions of different things to do on it. Unfortunately,
with this ability comes those who wish to do bad things with
their online time. Some of these people will directly affect
you by what they put out on the Internet... viruses, spam
mail, back-door software, etc. This page will be an attempt
to keep you informed on some of the more prevalant issues
and where to find information about them.
Links to other helpful websites are listed at the
bottom of this page.
VBS.NewLove.A -
From Symantec...
Last updated 5/19/00 6:00am PDT
SARC, in conjunction with other anti-virus vendors, has renamed
this worm from VBS.LoveLetter.FW.A to VBS.NewLove.A.
The VBS.NewLove.A is a worm, and spreads by sending itself
to all addresses in the Outlook address book when it is activated.
The attachment name is randomly chosen, but will always have
a .Vbs extension. The subject header will begin with "FW:
" and will include the name of the randomly chosen attachment
(excluding the .VBS extension) Upon each infection, the worm
introduces up to 10 new lines of randomly generated comments
in order to prevent detection. more...
LoveLetter VBScript Worm -
Characteristics:
Subject:
ILOVEYOU
The body of the message contains:
kindly check the attached LOVELETTER coming from me
A file attachment is included, named:
LOVE-LETTER-FOR-YOU.TXT.vbs
If you receive an email message with these characteristics,
DELETE IT!! Do NOT
open it!
For more information refer to:
cNET's
coverage the issue
Symantec's
VBS.LoveLetter.A Page
911 Worm -
This worm (called W95/Firkin.worm, 911 Share Virus, Bat/911,
Bat/Chode.worm) scans the Internet for PCs with unprotected
"shares". (See "Port scans or probes"
below for more information on scanning.) These are shared
drives that users intended to share with their local network,
but inadvertently shared over the entire Internet. If it finds
one, it loads itself onto the target hard drive. (Note that
the victim doesn't even know this is happening, and does NOT
have to download something, open an email or do anything at
all - except have an unprotected PC!) The next time the PC
starts, the Worm does its thing: It first tries to replicate
itself by looking for other PCs to infect. Then, if it finds
a modem, it places a call to "911" emergency services.
It doesn't say anything - it just places the call - but a
call with no voice response usually prompts the 911 operators
to respond by sending the police to the calling address to
investigate. After the bogus 911 call is made, the worm then
tries to erase any hard drives labeled C: through H:.
Protecting your computer from this worm means closing unprotected
shares and/or ports. More information on what this means and
how to do this can be found at Gibson
Research Coporation's ShiledsUP! 911 worm page.
Port scans or probes -
A computer communicates with the world outside itself though
ports. For example, a printer port is one in which information
is passed from the computer to a printer. Connecting a computer
to the Internet makes available numerous software "ports"
for different applications, like the hardware ports on your
computer. There are thousands of these ports that can be used;
normally only a few are in use for most communication with
the Internet. For example, e-mail transfers are provided through
one port, and web browsing is provided through another. Any
of these software ports can provide a conduit for someone
to obtain access to your machine when it is connected to the
Internet and the port is "open". Ports are "open"
if they are "listening" for information from the
Internet.
Port scans or probes are the actions of a person or program
looking at a computer or series of computers, trying to see
if there are any open ports.
A number of links to network security information, many of
which contain information on port scans or probes, can be
found on our Reporting Abuse page.
Happy99.exe -
The Happy99.exe is a worm (not a virus) that infects the
host computer when launched. It runs a fireworks display that
says "Happy 99" while modifying files on your hard
drive. It will then email itself unknowingly to everyone you
send mail to from here on in. This affects Windows95/98/NT.
For more information, please visit CERT's
Incident Notes on Happy99.
For information on removing the virus, please visit Symantec's
Happy99.Worm Page.
Back Orifice -
This application is not a virus, but a Trojan Horse. This
means that an infected system is that way because the user
installed the software that provided the back door. Back Orifice
is usually disguised as a game or some "cool, new networking
application". This affects Windows95/98 machines.
For general information on both Back Orifice and NetBus,
please visit Symantec's
Information page.
Pretty Park.exe -
This is a worm program that behaves similar to Happy99 Worm.
Once the worm program is executed, it will try to email itself
automatically every 30 minutes (or 30 minutes after it is
loaded) to email addresses registered in your Internet address
book. It will also try to connect to an IRC server and join
a specific IRC channel. The worm will send information to
IRC every 30 seconds to keep itself connected, and to retrieve
any commands from the IRC channel.
More information about what Pretty Park.exe is and how to
remove it is available at Symantec's
Information page.
Security Links
|
