Many of the newer viruses and worms capitalize on well-documented security flaws in Windows. If these flaws are corrected, there will be significant immunity to many of these new threats. Microsoft has been posting what it describes as “critical updates” on an as-needed basis, averaging about one per week. Most of these critical updates contain security patches to close any newly discovered vulnerability in Windows, and related applications. Obtaining the correct updates is a simple process; first connect to the Internet, and then click on “Start – Windows Update”. This will connect to Microsoft’s update server, identify needed patches, and list them. Critical updates will be listed and can be downloaded and installed. Newer versions of Windows offer an automated update; if on a broadband connection, the automatic update may be a good idea, but if the user has slower dial-up service, the downloads may take a significant amount of time, and the auto update feature may be disabled. For older versions of Windows, such as 98 and ME, or those wanting to manually update any supported version of Windows, Microsoft updates are available at windowsupdate.microsoft.com. Other then a few minutes of time, there is absolutely no reason why anyone having a supported version of Windows should not have all of the critical patches installed. Windows must also be updated with new security patches, as they are made available. All users should check the Windows update site at least weekly, and install the critical updates when available.
About 300 new computer viruses or variants appear in an average week. While most are benign and rarely encountered, there are several new viruses or variants that frequently appear which contain a dangerous payload. These dangerous payloads may destroy critical system files or delete data files, steal personal information, or contain other threats. As I type this, I am looking at the current threats as listed by some of the major antivirus software publishers.
One threat that is especially nasty is a new variant of “Gruel”. Gruel shows up as an apparently authentic email from Microsoft with the title “Microsoft Windows Critical Update” claiming to contain attachments with the latest security patches. Instead of installing the patches, Gruel displays a message that it has taken over the computer, and shows a scalding anti-Microsoft message. Gruel sends itself out to all of the addresses in the computers’ address book, disables many Windows functions (task manager, logoff, shutdown, etc.), and then deletes many of the important Windows files. Once Gruel has done its damage, the Windows operating system has been effectively destroyed, and must be reinstalled after Gruel has been cleaned from the computer. Gruel is just one of several such viruses and worms that propagate disguised as realistic appearing Microsoft announcements.
Almost all antivirus programs provide for the creation of bootable rescue disks that can clean the computer of most viruses, and users must create these floppies, and keep them updated. If no rescue floppy is available, several of the antivirus publishers have released free utilities than can be used to clean viruses from infected computers.
Microsoft has repeated in press releases and public statements that it never distributes critical security patches via email. The latest official Microsoft security announcements and warnings can be found at www.microsoft.com/security.
Variants of other viruses that have been discussed here in previous columns are still endemic, infecting millions of computers. Sobig, Bugbear, and Klez variants are still among the most common computer viruses and worms. Sobig-E, the fifth variant, can provide a flood of emails from the infected computer, interfering with the legitimate flow of email. Sobig uses “To:” and “From:” addresses found on the computer, concealing the true source of the infected emails. Sobig can shut down or interfere with a system. I recently received hundreds of copies of Sobig, one every few seconds. They appeared to come from several people, and contained different attachments. A quick analysis of the message headers showed the real source, the unique “IP” address of the computer sending them out. I contacted the ISP used by the victim, who shut down her connection, and notified her of the infection.
Bugbear should not be the threat that it is, because it takes advantage of a well-known Windows hole. Microsoft released a patch over a year ago, but Bugbear still preys on the millions of unpatched computers. Bugbear opens a backdoor in the infected computer, allowing for the theft of personal information, possibly for identity theft or financial fraud.
Klez in its many variants have been around for over a year. Klez destroys antivirus software and firewalls, and also opens the computer to other forms of attack and damage as well. The shame is that most updated antivirus programs provide substantial protection against most versions of Klez.
Keep your operating system and antivirus software up to date to minimize these threats.
As I type this, it appears that “Erika” may be approaching the Gulf of Mexico. If you would like to find out the latest on Erika, or any other major weather event, go to my non-commercial weather page at www.beaumontweather.com. There are no irritating ads, banners, or pop-ups on my weather page. Your comments and feedback will be appreciated.
For more information on the Tulsa Computer Society click here