Good Morning All, Patrick Crispen's Tourbus explains "Nimda" perfectly... Read on ...... murray ---------------------------------------------------------------------- TOURBUS Volume 7, Number 18 -- 21 Sep 2001 ---------------------------------------------------------------------- TODAY'S TOURBUS STOP(S): Nimda TODAY'S TOURBUS ADDRESS(ES): http://windowsupdate.microsoft.com/default.htm http://www.webwasher.com/en/products/wwash/download_license.htm Howdy, y'all, and greetings once again from beautiful Tuscaloosa, Alabama, a town that is still in tremendous mourning. ----- Nimda ----- As if the events of the past week haven't been enough to deal with, there is a new virus/worm called Nimda. Every computer running Microsoft Windows 95, 98, 98SE, ME, NT, or 2000 is vulnerable. Computers running non-Windows operating systems (like Macs and Linux boxes) are *NOT* vulnerable, though. How is Nimda different from the squillion other viruses out there? Well, if you'll pardon my using an analogy, most viruses try to break into your computer through your front door. Close the front door and the virus ceases to be a threat. Nimda tries to break in through your front door, your living room window, and your chimney. Close the front door and you're still vulnerable. In other words, you're going to have to do a bit of work to protect your computer from Nimda. ---------------------- Closing the Front Door ---------------------- Update your virus definitions. This closes the front door. How do you update your virus definitions? That depends on the antivirus program you use. Norton Antivirus has a "Live Update" button built into the program; click on it, and Norton automatically downloads and installs the latest virus definitions from Net. McAfee VirusScan has a similar update function (go to File --> Update VirusScan). And, of course, *NEVER* double-click on any file, especially an email attachment, regardless of who the file is from, until you first scan that file with your antivirus program. As long as you update your virus definitions weekly and never double- click on attachments without first scanning those attachments, you're pretty well protected from *most* computer viruses. But not Nimda. ------------------------------ Closing the Living Room Window ------------------------------ Nimda also exploits a well-known hole in the PC version Internet Explorer (other versions, including the Mac version of Internet Explorer, are *NOT* affected by this hole). According to Microsoft, Internet Explorer does not handle MIME (Multipurpose Internet Mail Extensions) headers in HTML e-mails correctly. If a malicious user sends an affected HTML e-mail or hosts an affected e-mail on a Web site, and a user opens the e-mail or visits the Web site, Internet Explorer automatically runs the excecutable on the user's computer. If this occurs, the executable can take any action on the computer that the user can take, including adding, changing, or deleting data, communicating with Web sites, or reformatting the hard drive. Fortunately, Microsoft patched this hole back in March. And finding, downloading, and installing this patch couldn't be simpler: just run Windows Update and download *ALL* of the critical updates. There are a couple ways to run Windows Update, but the easiest is to launch Internet Explorer and then go to Tools --> Windows Update. You can also go to Start --> Settings --> Windows Update. Either way will automatically redirect you to Microsoft's Windows Update page at http://windowsupdate.microsoft.com/default.htm On the top left side of the Windows Update page, click on the "Product Updates" link (it is the one with the hand and the red *). A pop-up window will appear, telling you to wait while your computer DOESN'T send any information to Microsoft (well, that's what it says!) Eventually, you'll see a page that says "Select Software." When Microsoft releases an essential update or patch to close a security hole in Windows, they put it in this page's "Critical Updates" section. Microsoft also puts a bunch of other, non-essential stuff on this page, but you can ignore that. You are here for the Critical Updates. Select (or click on) EVERYTHING in the "Critical Updates" section -- you need *ALL* of the critical updates -- and then click on the big, gray "Download" arrow in the top right hand corner of the page. Then, just follow the on-screen prompts. This closes the living room window. By the way, if you run Windows Updates and don't see any Critical Updates, don't panic. This just means that your version of Internet Explorer has already been patched (and your living room window is already closed). :) ------------------- Closing the Chimney ------------------- You're still not done. According to our friends at CERT, As part of the infection process, the Nimda worm modifies all web content files it finds (including, but not limited to, files with .htm, .html, and .asp extensions). As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby infecting the browsing system. [from http://www.cert.org/advisories/CA-2001-26.html ] You've already taken care of the automatic execution problem in the last step (Microsoft's Critical Update patch closes that hole), but it is still possible that an infected Web page could automatically download a Nimda virus-infected file to your computer. Your computer wouldn't be infected, though. Instead, the virus-infected file would be like a letter bomb; it will just sit there, taking up space, waiting for you to open it. The folks at CERT recommend disabling JavaScript to avoid this problem, but I have a much more beautiful solution: download and install a "pop-up killer" like WebWasher. Nimda tries to "come down the chimney" through JavaScript pop-up window. Pop-up killers like WebWasher keep this from happening. In other words, WebWasher closes the chimney. Originally developed by German electronics giant Siemens, WebWasher is a filter program for PCs, Macs, and Linux boxes running either Netscape Navigator or Microsoft Internet Explorer. Once you install WebWasher on your computer, the program automatically blocks unwanted Web content like banner ads and pop-up windows. Instead of the ads, all you see is white space -- the ads aren't even downloaded! :) What is most amazing is that WebWasher is free for home and education use. You heard right, folks: IT'S FREE! To download WebWasher, point your Web browser to http://www.webwasher.com/en/products/wwash/download_license.htm and click on the "I agree" button. The download process is self- explanatory. Once you download WebWasher to your hard drive (the file less than 1 Mb in size, so it should download pretty quickly). double-click on the installation file to install the program, and then follow the on- screen instructions to configure both WebWasher and your browser. This sounds complicated, but it is actually rather easy. That's it! You are now free to surf the Web relatively ad-free. And unlike a lot of other ad filtering programs, WebWasher doesn't change the appearance of most popular Web sites. In fact, some sites -- like Intellicast -- look significantly better without the ads! As I said earlier, most viruses try to break into your computer through your front door. Close the front door and the virus ceases to be a threat. Nimda tries to break in through your front door, your living room window, and your chimney. BUT, if you update your virus definitions, never double-click on attachments, download and install the Critical Update patches from Microsoft, and use a pop-up killer like WebWasher, the Nimda virus will become just like Yoko Ono: an annoying thing about which you need not worry. :P --------------- And Finally ... --------------- After last week's attack, I decided to check my homeowners insurance to see what is and is not covered. Here is what I found. The last sentence gave me a much-needed chuckle. Section 1 - Losses Not Insured 1. e. War, including undeclared war, or any warlike act, including destruction or seizure or use for a military purpose, or any consequence of these. Discharge of a nuclear weapon is deemed a warlike act even if accidental. Well, DUH! :P That's it for this week. Have a safe and happy weekend and we'll talk again soon. TODAY'S TOURBUS STOP(S): Nimda TODAY'S TOURBUS ADDRESS(ES): http://windowsupdate.microsoft.com/default.htm http://www.webwasher.com/en/products/wwash/download_license.htm =====================[ Tourbus Rider Information ]=================== The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238 Copyright 1995-2001, Crispen & Rankin - All rights reserved Help the hungry, poor and sick - for free! http://FreeDonation.com Subscribe, Signoff, Archives, Free Stuff and More at the Tourbus Website - http://www.TOURBUS.com ======================================================= .~~~. )) (\__/) .' ) )) Patrick Douglas Crispen /o o \/ .~ {o_, \ { [log in to unmask] / , , ) \ http://www.netsquirrel.com/ `~ '-' \ } )) AOL Instant Messenger: Squirrel2K _( ( )_.' '---..{____} Warning: squirrels. * * * [log in to unmask] ---------------------------------------------------------------------- To sign-off Parkinsn send a message to: mailto:[log in to unmask] In the body of the message put: signoff parkinsn