Computer Knowledge Newsletter – December 1997 Issue

In This Issue:

Virus News

Poppy Virus. Instructions for finding a “hidden virus that can’t be detected easily by virus scanners” are circulating. The instructions tell users to use the Windows95 “find” command and search all files for the text “poppy.” There is a Windows poppy virus and it is fairly new; but using the “find” operation is not a good way to find it. For one thing, if you found it that way you would still have no way to get rid of it (short of deleting some critical file or another). Just make certain your virus scanner has the latest definition files. All current scanners can detect this virus.

General Security

Yahoo Hack. For about 15 minutes the popular Yahoo site was hacked and users with an old browser (browsers that support frames could not see the material) got a message that said all visitors to Yahoo over the past month had been infected with a “logic bomb/worm” that would “detonate” on Christmas day and wreak “havoc upon the entire planet’s network.” The release of Kevin Mitnick from jail would result in an antidote program being released to the net.

Readers of this newsletter will know that such a logic bomb and/or worm is virtually impossible. There are so many different browsers and configurations of those browsers that such an action (which would require a great deal of standardization and active content) simply can’t presently be done.

Yahoo has automatic warnings in place to detect such intrusions and the rogue page was removed within 15 minutes.

Removing IE. With all the press about Microsoft and its Internet Explorer browser versus the Department of Justice, there are now “guides” circulating with instructions on how to remove IE from Windows95 without damaging the operating system. Bottom line: Don’t try it.

Microsoft products are not known for their clean installs and even though you might be able to find all the files associated with a particular product you never know if one or more of those files might also be used with another product or be expected to be on the system by products made by other software vendors.

If you don’t want IE on your system use the Add/Remove function to uninstall IE. This will take the icons, etc. off your system and some of the unique files. The uninstall will leave lots of other files on your system but this is better than taking something off and then needing it later (but not knowing and having some piece of software not work).

Added note: If you have installed IE 4.x and want to go back to IE 3.x do NOT simply install over IE 4.x. That is a guarantee for disaster. To do the job properly you are going to have to reinstall the operating system and then install IE 3.x. Frankly, you’re better off just keeping IE 4.x.

More E-mail Trojans. More E-mail Trojans being sent to AOL users have been uncovered. The latest involves BPS Software, a developer of AOL add-on tools.

The E-mail used the company logo and valid company E-mail addresses in the text and offered a free copy of the company’s PowerTools as an attachment. The problem is that BPS never sent out such a message or software. The Trojan actually is a password sniffer and each person who ran it had their account information sent to a particular address which, within hours, disappears; but not before collecting hundreds of passwords.

The old saying “if it seems to be too good to be true, it probably is” is always a good one to keep in mind. Companies don’t usually send software out without a request from you in advance. If you happen to get unsolicited executable files at least take the time and trouble to verify the source before running them. While a scanner will likely find a virus attached to such a file, no scanner can detect all the various Trojans that can exist since Trojan activity often uses valid system calls.

General Information

More on Spam. Found two sites of interest if you are interested in the subject of spam. The first has significant information about spam and methods of blocking it both at the individual and at the server level. The second site is an organization you can join (no cost) that lobbies Congress relative to spam and keeps you up-to-date with a newsletter.

http://spam.abuse.net/Web Link
http://www.cauce.orgWeb Link

In closing: I wish each and every one of you the very best of the holiday season and a wonderful new year in 1998.