Computer Knowledge Newsletter – January 1998 Issue

In This Issue:

Virus News

Win.RedTeam. If all the stories about E-mail virus hoaxes were not enough, now we have a case of a real virus that uses a popular E-mail client to help spread itself. Not only that, this virus even talks about the hoaxes as a way to get you to run the E-mail attachment (that’s right, the actual virus code is in an attachment; it’s still not possible to directly get a virus by reading an E-mail message).

When spreading, the virus uses Eudora, a popular E-mail package. It creates a message with the subject “Red Team” that contains the following text and an attached 6351 byte EXE file called K-RTEAM.EXE (“Kill Red Team”). It’s this do-nothing EXE file that contains the virus. If executed, the EXE file will spread the virus to your computer.

Message text:

Hiya!

Just thought I’d warn you about a destructive new e-mail virus.
Here is some info:

> The “Red Team” virus is a complex new computer virus that spreads via
> the Microsoft Windows operating system, and Internet E-Mail. Although
> it is not the first virus to spread via E-Mail (that was “Good Times”),
> the Red Team virus is unparalelled in its destructive capabilities.
> Further more, the virus is exceedingly common – it has already been
> reported in much of western Europe, the USA, Russia, Australia, and
> Japan. In short, everywhere.
>
> We at QUEST, have spent several weeks analysing this virus, and are proud
> to anounce that we finally have a cure! The program, named “K-RTEAM”
> (Kill Red Team), can be executed in any Microsoft Windows environment,and
> will reliably detect (and remove if nescessary) the Red Team virus from
> your system buffers.
>
> —
> Julia Blumin
> QUALCOMM Enterprise Software Technologies
> World Wide Web: http://www.qualcomm.com

The reason I thought I should warn you, is that we recently had a run in
with this beast. Luckily we managed to get a copy of the excellent
‘K-RTEAM’ programme before the destruction really started. Just in case
you should suffer the same misfortune, I have included this programme for
you too.

Bye!

P.S. Make sure you warn all your friends of this new threat!

This virus is apparently not in the wild just now and only seems to work correctly under Windows 3.x. However, it’s reported that the Windows95 errors could be easily corrected.

Bottom line: Don’t run E-mail attachments before checking them, even from people who you know. And, if the message is at all suspicious, double check even then.

General Security

Common Sense. Security is not just using all the best technology in the proper way. One must use a bit of imagination and “common sense” when setting up a computer security system. Here are a few example situations that might give you some ideas:

  • You use two redundant servers on your network so that when/if one fails the second takes over. But, you’ve co-located the servers and plugged them into the same power outlet (or even on the same electrical circuit). Consider where the weak link is in this situation.
  • You use RAID hot-swap disk storage for maximum data protection. But, the cabinet where the RAID server is stored is in a room that could be flooded should fire protection systems go off or a place where the engine company water will flow should upper floors have a fire. Again, look at the weak link.
  • You’ve spared no expense to install the very latest in facial recognition technology to protect some vital interest in your company. But, the wires from that recognition system to the recognition computer run for a short distance in an unprotected area. Since, at their basic, the facial images will be digital, how easy would it be to intercept that information flow and duplicate one of the recognized faces for future use?
  • How about microwave protection? Consider that modern electronics use low voltages and currents to do lots of things. This, however, makes them more vulnerable to electronic interference, either accidental or planned. Are your components in the sidelobe of a microwave system (or even in the beam)? Are vital components along the side of a building where someone on a street can drive by and fire a pulse weapon at them? (Don’t laugh, microwave pulse devices are a known possibility and plans for making them are available to those who look for them. Such devices can cripple electronic components — shielding can be used to help protect the most important.)

Bottom line: Use a bit of common sense (and imagination) when installing any security system. Look for weak links outside the immediate system.

Macintosh Java Bug. Have you downloaded MacOS Runtime for Java (MRJ) 1.5 since it was posted on Apple’s web site in August? If so, you may be at risk. Apparently, this version of the software mistakenly allows Java applets to gain access to Macintosh system resources via an Apple technology called JDirect. Gaining access to system resources via Java is a no-no as Java applets are supposed to run in a sandbox (isolated from the system). The risk is small because you would have to encounter a hostile applet; and, to be honest, the Apple market share does not make it a large target for malicious attacks (even though similar security flaws have shown up on the DOS/Windows side in the past, there have been few actual incidents reported).

Until the problem is fixed Mac IE 3.0 and 4.0 users should use Microsoft’s virtual machine (included with the browser). Cyberdog users should reinstall MRJ 1.0.2 or stop using Cyberdog until the fix has been posted. Navigator users are not at risk (the browser uses its own virtual machine).

Magnetic Traytop Warning. Apparently there is a “warning” about magnetized tray tables in airplanes circulating. It goes something like:

Recently, two individuals from USPL were traveling to Belgium on Sabena Belgian World Airlines, which is affiliated with Delta Airlines. They were seated in row 6 of the plane where seats contain the tray tables in the armrest section of the seat. They set up their tray tables and proceeded to use their laptop computers. During the flight, both their PCs began to experience problems, and soon they were unable to use their PCs. Apparently the tray tables were magnetized, so that they will not make noises while stored in the armrests. The magnetized trays corrupted the hard drives of both laptops. On this particular Belgian flight, the aircraft happened to be a ‘new’ Airbus 340, which explains why this has not surfaced until now. etc.

This warning is supposed to be issued by The International Air Transport Association (IATA).

It’s a hoax. At http://www.iata.org/pr/pr97dece.htmWeb Link you’ll find:

Unsubstantiated reports have been circulating recently claiming that the tray tables in the seats of Sabena A340 aircraft are magnetised and have been responsible for corrupting the disk drives of laptops.
IATA wishes to emphasise that it does not, and never has, supported such a claim. It has now received confirmation from the seat manufacturer, the airline and the aircraft manufacturer, that these seats do not include any magnetic devices and therefore cannot inflict any damage to electronic equipment.

Information of Interest

AOL Pop-up Ads. These are the latest things AOL is asking their users to put up with; I gather sometimes coming at three at a time. The following method for stopping this was hidden in an MSNBC story (I’ve verified this procedure with a friend who tried it).

Apparently there is no way to click to the screen that will remove the ads, but if you type “marketing prefs” into the AOL keyword dialog you will be taken to the marketing prefs menu screen. From here click on “pop-up preferences” and look for the tiny window that you click on to stop them from appearing. (After clicking on “Tell us what your popup preferences are” it brings up a big screen, and down in the lower right hand corner is a little box/button to click on for canceling all pop-ups. Clicking on this brings up a small window with a check box to check if you “really” want to cancel all pop-ups, then you press “OK” to really-really cancel all pop-ups.) You will still get system notices, but no pop-up ads. You have to do this individually for each different screen name you might have (logging off, and then back on again, for each name). (It’s probably a good idea to remember how to get to this screen for the next thing AOL tries.)

Contractual Y2K Considerations. It’s not enough that the Year2000 technical problem exists; now, since the fix is so expensive, the legal ramifications of the fix are starting to emerge. Those affected are trying to find ways of recouping some of the costs and, in the process, have uncovered other potential legal problems. Some questions and discussion follow.

  • What contractual rights exist? Most hardware and software is sold under some form of warranty; limited or not. Even if warranties are limited or disclaimed, some courts have held that such limitations or disclaimers are not valid for a variety of reasons. So, it may be possible to recover damages even when it appears you cannot. Additionally, one might be able to get relief from faulty commercial-off-the-shelf (COTS) software used by a consultant. A vendor’s warranty may flow through the consultant.
  • What about intellectual property issues? To fix software one is likely going to have to modify the source code and maybe even disassemble binary code. But, consider that doing this may actually violate the intellectual rights of the person or company that wrote the software. Indeed, if you modify something and then claim reimbursement from the vendor, they might come after you for doing the modification! Resolve permission questions early.
  • What about disclosure? Companies fall under various disclosure laws. Make certain you understand to what extent and to whom Year2000 problems have to be disclosed; and, what form that disclosure must take.

I am so happy that Computer Knowledge software does not use any date arithmetic and that I put caveats about how to set the DOS date when 2000 comes into my original tutorial release in 1984.