Security Supplement.Win2K/Stream: a new virus that runs on Windows 2000
Panda Software has detected a new virus Win2K/Stream, the first of its kind to use the "file stream" feature of Windows 2000 to infect PCs. This feature allows for the division of a file into several sub-files or "streams". Upon infection the virus creates a new stream associated with the victim file which will then read filename:str. This means that the new sub-file or stream can then only be accessed using the new name created by the virus, and as the original file remains hidden and its icon changed, the user cannot access it.
On the other hand, to be executed correctly, the virus needs to be executed from an NTFS (NT File System) An optional file system for Windows NT, 2000 and XP operating systems. NTFS is the more advanced file system, compared to FAT32. It improves performance and is required in order to implement numerous security and administrative features in the OS. partition; if executed from a non-NTFS partition, the damage is worse. In this case, the virus cannot create a new stream on which it will try to copy the original file and will overwrite (1) A data entry mode that writes over existing characters on screen when new characters are typed in. Contrast with insert mode.
(2) To record new data on top of existing data such as when a disk record or file is updated. its code directly on the original file, eliminating it from the hard disk.
Unlike other viruses, which spread automatically via e-mail, Win2K/Stream is spread through infected exe files, which may reach the user as e-mail attachments, downloadable programs, or in diskettes, CD Roms etc.
Win2K/Stream is in itself a Windows application A program that is written to run under Microsoft's Windows operating system. Such applications typically run under all 32-bit versions of Windows, but earlier applications might also run under the 16-bit versions (Windows 3.x) as well. See Windows. , 3.628 bytes in size and compressed by Petite Pi EXE files compressor. When run, the virus infects all EXE file or programs present in the current directory, tries to copy the original file in a hidden stream and then by default, overwrites its own code in the original stream. This way'each time the user tries to open this file, he/she is actually executing the Win2K/Stream. The main symptoms of infection of Win2K/Stream are the change in size of a file (3.628 bytes + ) and a change in the associated icon.
Panda Antivirus detects Win2K/Stream and as such, reminds users to update their antivirus at the corporate website www.pandasoftware.com.
Erap Estrada Trojan Horse See Trojan.
hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad]
See : Deceit
(application, security) Trojan horse Threat Over-hyped.
Some users have been alarmed today by reports from NIPC (U.S. National Infrastructure Protection Center) Originally organized in response to Presidential Decision Directive 63 (PDD-63), functions of the NIPC were moved to the U.S. Department of Homeland Security (DHS) Information Analysis and Infrastructure Protection (IAIP) Directorate. about a new Trojan horse called Erap Estrada or Philippines Trojan Horse. According to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. the NIPC alert an email is spreading with the subject line "Erap Estradau (the nickname of the President of the Philippines, Joseph Estrada This page is currently protected from editing until (UTC) or until disputes have been resolved. ) with a malicious attachment. Sophos Anti-Virus Sophos Anti-Virus is an anti-virus, anti-spyware and HIPS software program by Sophos plc, which is aimed primarily at corporate environments. Centralised management is performed via Sophos Enterprise Console. It is believed to be the Anti-Virus used by Gmail. researchers have determined that the malicious attachment is, in fact, a Trojan horse called Troj/DonaldDick (also known as DonaldD or DonaldD.Trojan).
"Reports of attacks by Troj/DonaldDick seem to have been grossly exaggerated by the media,' said Graham Cluley Graham Cluley is a British computer programmer and 'Senior Technology Consultant' at Sophos. He is very well known in the anti-virus industry, and his corporate biography , senior technology consultant for Sophos Anti-Virus. `There are more emails being sent back-and-forth about this `threat' than actual sightings.'
Troj/DonaldDick was first discovered in September 1999, and should pose no threat to companies who have kept their anti-virus protection up to date. For more information visit http://www.sophos.com
Kaspersky Demystifies the Discovery of the First True Wireless Virus
Because of the numerous user requests regarding the discovery of the first true wireless virus for mobile phones, Kaspersky Lab Kaspersky Lab is a computer security company, co-founded by Natalia Kaspersky and Eugene Kaspersky in 1997, offering antivirus, anti-spyware, anti-spam, and anti-intrusion products. , considers it necessary to clarify the issue.
According to the news published on August 30 by key international information agencies, the Norwegian Internet company for wireless technologies has discovered a security breach in some models of Nokia mobile phones. This breach allows a special SMS (1) (Storage Management System) Software used to routinely back up and archive files. See HSM.
(2) (Systems Management Server) Systems management software from Microsoft that runs on Windows NT Server. text message to be sent to the phone that will freeze its keys and disable normal operation. Functionality can be restored by the removal of the phone's battery. This announcement has been repeated by many sources and has caused the story to be widely misunderstood. Many mobile phones owners took the news as if the first true wireless virus had been discovered that is able to operate inside the phone's memory and cause harm to the phone's environment. Kaspersky Lab claims that this security breach is not a real virus threat.
It is known that the main distinctive attribute of a virus is its ability to self-replicate, i.e., infect other objects. The previously mentioned Nokia phone models simply do not have the necessary hardware or software capabilities to enable a malicious program to plant itself into the phone's management system.
We admit that it is possible to block a phone's keys by sending an SMS-message containing a special code. This is not the first and obviously not the last security breach discovered in mobile phones. Moreover, I believe as more functionality is added to mobile phones, it will result in more breaches being found. However, the discovered vulnerability is not a virus. From computer virology virology, study of viruses and their role in disease. Many viruses, such as animal RNA viruses and viruses that infect bacteria, or bacteriophages, have become useful laboratory tools in genetic studies and in work on the cellular metabolic control of gene expression point of view it enables the creation of malicious programs of the Trojan type".
Kaspersky Lab affirms that mobile phones owners do not need to trouble themselves about this issue. Firstly, Nokia has not officially confirmed the existence of this vulnerability as yet. However company officials stated that if they do find something, they would make the necessary changes to prevent further exploitation of this breach. Secondly, we believe the technology for creating dangerous SMS-messages is in a safe place and is currently not available for malicious persons to misuse. Thirdly, the discovered breach is applicable only for certain Nokia models and cannot be exploited on other vendor's mobile phones.
We classify this event as a "false start' in announcing the discovery of the next generation of viruses able to infect mobile phones. Despite this, Kaspersky Labs believe it is likely that such viruses will emerge in the near future to exploit the latest improvements to the functionality of mobile phones. To prevent this, the Lab is ready to announce the world's first platform-independent anti-virus engine, that allows us to move anti-virus software anti-virus software n → Antivirensoftware f to any operating system operating system (OS)
Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. , processor type and even mobile phones, PDAS PDAS Public Domain Aeronautical Software
PDAS Plant Data Acquisition System
PDAS PCS Data Access Service (Telcordia)
PDAS Personnel Data Access System , Internet-enabled smart home appliances". www.kasperskylabs.com
Internet Power-Base in Europe Could Shift to Mobile Operators,
According to IDC, wireless application protocol (WAP (1) (Wireless Access Point) See access point.
(2) (Wireless Application Protocol) A standard for providing cellular phones, pagers and other handheld devices with secure access to e-mail and text-based Web pages. )-based applications are coming of age in Europe, which could result in a shifting of the Internet power-base in favor of the mobile operators, such as Vodafone, Orange, or Telecom Italia Mobile TIM (Telecom Italia Mobile) is Telecom Italia's mobile phone brand, and runs a GSM, EDGE, UMTS and HSDPA network in Italy and a GSM network with EDGE in Brazil. In Europe, TIM is part of the FreeMove alliance. TIM Peru was sold to América Móvil and rebranded Claro. . This theme will be explored in one of the presentations at this year's European IT Forum, to be held in Monaco next month.
IDC believes the mobile operators have the potential to be the Yahoos and AOLs of the future in terms of content and access. In Japan, for example, NTT NTT Nippon Telegraph and Telephone Corporation
NTT New Technology Telescope
NTT National Technology Transfer, Inc
NTT Name That Tune (TV game show)
NTT National Tree Trust
NTT Number Theoretic Transform DoCoMols i-mode wireless Internet service has over 10 million subscribers, making it the second biggest ISP (1) See in-system programmable.
(2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. in the world - in a few years it could be the biggest ISP in the world in terms of subscriber numbers, possibly followed by Vodafone and France Telecom Orange. MCommerce and mobile location~based services are the killer apps of the mobile Internet Refers to gaining access to the Internet using a lightweight, handheld device. See Mobile IP, PDA, smartphone and mobile TV. ," said Tim Sheedy,for IDC's European Wireless and Mobile Communications research. "Applications such as these are what's required to grow the market as organizations begin to launch such services, there will be huge levels of growth in usage of mobile Internet.' According to a recent IDC study, mobile@commerce in Western Europe Western Europe
The countries of western Europe, especially those that are allied with the United States and Canada in the North Atlantic Treaty Organization (established 1949 and usually known as NATO). is set to grow from $51.2 million this year to a staggering $37.7 billion in 2004. `Mobile Internet isn't about GPRS (General Packet Radio Service) The first high-speed digital data service provided by cellular carriers that used the GSM technology. GPRS added a packet-switched channel to GSM, which uses dedicated, circuit-switched channels for voice conversations. , UMTS (Universal Mobile Telecommunications System) The GSM implementation of the 3G wireless phone system. Part of IMT-2000, UMTS provides service in the 2 GHz band and offers global roaming and personalized features. , or WAP, but about the applications that use these services," Sheedy said. "Without mobile applications that require broadband connections, third-generation services are redundant." www.idc.com
Kaspersky Lab launches the Viral Encyclopedia at the Web
Kaspersky Lab and MediaLingua company announced their new joint project, the Viral Encyclopedia webserver. It will provide Russian and foreign users with information on more than 14,000 viruses and ways of fighting them.
The encyclopedia is available in both Russian and English. It presents descriptions of the majority of the known viruses, peculiarities of their propagation and spawning, effective means of their detection and elimination. The site utilizes the search engine by MediaLingua, which allows to make requests in "natural language". This helps the user to find the desired information according to viral symptoms. E.g., one may type "dropping letters", and the system "I return the list of viruses which demonstrate such effect. The Viral Encyclopedia by Kaspersky Lab may be found at http:llwwwviruslist.com and http:llwwwavpve.ru.
Top Ten Viruses in August
For August 2000, the chart according to Sophos is as follows, with the most frequently occurring virus at number one:
1 (18.7%) VBS/Kakworm 2 (11.9%) VBS/LoveLet-G 3 (7.4%) VBS/Stages-A 4 (7.3%) WM97/Marker-C 5 (4.1%) W32/Ska-Happy99 6= (3.7%) WM97/Marker-0 6= (3.7%) XM97/Laroux 8= (2.3%) W32/Pretty 8= (2.3%) WM97/Thus-T 8= (2.3%) XM97/Divi-S Others 36.3%
"In a month of hype about Pokemon viruses and Palm trojans it is interesting to view statistics of the true virus threat. Email-aware script worms dominate the charts,'say Sophos Anti-Vitus. "Kakworm continues to be the most commonly encountered virus worldwide. Many companies have still not bothered to roll-out the patch Microsoft issued last year to protect against it."
The main issue in the anti-virus industry in August has been the hyping of viruses for mobile platforms such as WAP and Palmtops. However, no virus currently exists for these platforms.
VBS/Kakworm exploits security vulnerabilities in Microsoft Internet Explorer See Internet Explorer. and Microsoft outlook which mean it is possible to be infected just by reading an email, rather than by launching an attached file.
More details on VBS/Kakworm and how to protect against it are described at http:l/www.sophos-com/virusinfo/ articles/kakworm-html
`Liberty Trojan horse low threat to Palm users'
Sophos Anti Virus, has advised that a Trojan horse which deletes applications on the Palm operating system poses little threat to computer users.
The Trojan horse (known as PalmOS/LibertyCrack or Palm Liberty.A) appears to have been distributed in the warez (soft "wares") Pirated software distributed over the Internet. A warez site may also provide hackers with viruses and Trojans as well as tips, techniques and scripts for gaining illegal entry into networks and systems. It may also offer ways to cheat at online games. (plirated--software) Community as a crack for Liberty, an application to emulate a Nintendo Gameboy on a Palm PDA (Personal Digital Assistant) A handheld computer for managing contacts, appointments and tasks. It typically includes a name and address database, calendar, to-do list and note taker, which are the functions in a personal information manager (see PIM). operating system.
Instead of illegally cracking, the Liberty software (and allowing users access to functionality normally only available upon registration) the Trojan horse deletes all programs on a Palm PDA. The author of Liberty, a Swedish lecturer called Aaron Ardiri, has admitted writing the trojan horse and giving it to "a few friends". Sophos has received no reports of this Trojan horse from customers, and do not believe it will become widespread. "It has always been possible to write malicious software for the Palm operating system," said Graham Cluley, for Sophos Anti-Virus. `This Trojan horse is a very low threat to Palm users who are sensible enough to avoid warez mailing lists and do not download pirated software. This, combined with the Trojan horse's extremely obvious payload and lack of replication code means it is unlikely to be encountered by the vast majority of users. www.sophos.com
Keytools range of E-Security Products
Baltimore KeyTools is a new familty of products for developers worldwide which adds technology enhancements to Baltimores previous toolkit range and introduces a licensing structure enabling developers to integrate advanced security applications.
KeyTools offers software developers the ability to add a range of security features to their applications, including:
* Cryptographic processing of information transmitted over the Internet to ensure confidentiality
* Authentication of people, computers and software using digital certificates (`digital IDs'), to prevent spoofing of identifies
* Digital signature capabilities that allow people to legally sign documents online Integrity checking of documents and data to ensure information has not been changed en route
* The ability to link to a "Public Key Infrastructure (PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of )" system to provide policy based security for a business or Internet community. www.balltimore.com
Kane Secure Enterprise 4.0.4
Kane Secure Enterprise 4.0.4, is a centralized security analysis system that delivers intelligent enterprise-wide monitoring for intrusion and misuse detection from hosts, network devices and multi-vendor security applications. A new release includes a java graphical user interface graphical user interface (GUI)
Computer display format that allows the user to select commands, call up files, start programs, and do other routine tasks by using a mouse to point to pictorial symbols (icons) or lists of menu choices on the screen as opposed to having to (GUI (Graphical User Interface) A graphics-based user interface that incorporates movable windows, icons and a mouse. The ability to resize application windows and change style and size of fonts are the significant advantages of a GUI vs. a character-based interface. ) to enhance usability and simplify the tracking and analysis of events. Additional enhancements include improved scalability, increased agent-to-manager performance for Sun Solaris and Windows NT agents, and increased database performance. www.unipalm.co.uk
Norton Latest Releases
Symantec have announced Norton AntiVirus 2001, Norton Utilities 2001, and Norton CleanSweep 2001 for use across all Windows-based systems. The solutions extend system optimisation capabilities such as virus protection, problem-solving, and system clean- up for Windows 9.x, Windows Millennium, Windows NT, and Windows 2000 Pcs. Norton AntiVirus 2001, Norton Utilities 2001, and Norton CleanSweep 2001 are also integral components of Norton SystemWorks 2001 utility suite. Norton AntiVirus 2001 features an improved LiveUpdate feature and new SmartScan technology. LiveUpdate automatically senses an open Internet connection then checks and automatically retrieves and installs any available virus definition updates.
New SmartScan technology intelligently finds all files with executable code that must be scanned for viruses, eliminating the need to scan all files in the system. Norton AntiVirus 2001 provides users a bootable CD allowing them to start-up their systems in the event of an emergency situation. Also included is a utility which assists users in creating emergency boot disks if their computer will not support a bootable CD. Norton AntiVirus 2001 continues to scan e-mail automatically as it is received, detecting viruses in attachments before the user accesses the attachment.
Norton Utilities 2001 allows users of Windows NT or Windows 2000 to optimise their systems and solve PC problems quickly. Norton Utilities 2001 speeds PC performance, identifying and fixing a wide range of problems is through an integrated set of tools that include Norton SpeedDisk, Norton Optimisation Wizard, Norton Disk Doctor, Norton WinDoctor, Norton System Doctor, and Norton System Check.
Norton CleanSweep 2001 now can run Fast & Safe from the CD, saving space by cleaning the hard drive before installing additional software.
Norton AntiVirus 2001, Norton Utilities 2001 and Norton CleanSweep 2001 cost of 29.99 [pounds sterling] respectively. www.SvmantecStore.com
JRUN A J2EE-compliant application server from Macromedia. It provides support for Web services and tools for rapid deployment of applications. JRun integrates with leading development environments such as JBuilder and Forte. See J2EE. 3.0 Java Application
Allaire Corporation has announced the availability across Europe of JRun Server 3.0, offering support for the Java 2 Platform, Enterprise Edition (language, programming) Java 2 Platform, Enterprise Edition - (J2EE) Sun's Java platform for multi-tier server-oriented enterprise applications.
The basis of J2EE is Enterprise JavaBeans (EJB).
See also the Standard edition J2SE and the Micro edition J2ME. (J2EE (Java 2 Platform, Enterprise Edition) A platform from Sun for building distributed enterprise applications. J2EE services are performed in the middle tier between the user's machine and the enterprise's databases and legacy information systems. ) specification, together with JRun 3.0 Studio, an integrated development environment See IDE.
integrated development environment - interactive development environment for JavaServer Pages (JSP (JavaServer Page) An extension to the Java servlet technology from Sun that allows HTML to be combined with Java on the same page. The Java provides the processing, and the HTML provides the layout on the Web page. ). With a new enterprise edition that opfers support, for Enterprise JavaBeans (EJB (Enterprise JavaBeans) A software component in Sun's J2EE platform, which provides a pure Java environment for developing and running distributed applications. EJBs are written as software modules that contain the business logic of the application. ) as well as an integrated transaction server and massaging server, the JRun 3.0 product line makes the capabilities of S2EE accessible to the entire Java developer community. www.allaire.com
VisualCafe Enterprise Edition V 4.01
VisualCafe Enterprise Edition 4.0. provides a more powerful and productive environment for Java developers for developing debugging the deployment of Enterprise Java Beans (EJB) across Java 2 Enterprise Edition application servers. Specific VisualCafe Enterprise Edition V.4 enhancements include:
* Single-View distributed debugging makes it possible to View multiple processes runnirig simultaneously on multiple and different Virtual machines (VM's), platforms and operating systems. WebGain VisualCafe 4 Enterprise Edition also includes a new debugging engine that supports custom-class loaders and hot deployment to BEA WebLogic Server v. 5.1 without recycling the server.
* VisualCafes new plug-in J2EE application server architecture simplifies the configuration and deployment to Hewlett-Packard HP/UX HP/UX Hewlett-Packard UNIX operating system
HP/UX Unexploded Human Particulate Operating System 11, Sun Solaris, Microsoft Windows NT Server 4.0, and Microsoft Windows 2000 Server. It also includes new re-entrant (programming) re-entrant - Used to describe code which can have multiple simultaneous, interleaved, or nested invocations which will not interfere with each other. This is important for parallel processing, recursive functions or subroutines, and interrupt handling. productivity wizards that streamline the development and deployment of Enterprise Java Beans. www.webgain.com
NetWare Migrator 6.0
NetIQ NetWare Migrator, part of the comprehensive NetIQ Administration product line, manages the migration from Novell NetWare to Windows 2000. The new version adds support for migration to Active Directory that can reduce the time, costs, and potential disruption involved in implementing Windows 2000. The product's strength is its ability to migrate permissions, the security locks and keys for accounts and files, to Windows 2000. NetIQ NetWare Migrator attacks the problem from all angles to ensure that permissions are accurately and completely transferred into Active Directory.
Comprehensive utilities provided by NetIQ Netware Migrator give the ability to migrate file permissions assigned to Novell Directory Services See NDS. (NDS See eDirectory.
NDS - Netware Directory Services ) organisational units (OUs), as well as permissions assigned to an account via the NetWare `Security Equal To' attribute. NetIQ Netware Migrator can also merge multiple NetWare Bindery A NetWare file used for security and accounting in the early NetWare 2.x and 3.x versions. The bindery pertained only to the server it resided in and contained the names and passwords of users authorized to log in to that server. accounts into a single Windows 2000 account.
NetIQ NetWare Migrator also gives IT administrators the ability to select target OUs for objects that are migrated from NDS into Active Directory or even migrate entire NDS OU subtrees to Active Directory. It also has the ability to migrate NetWare Bindery users, groups, files and permissions to Windows 2000. www.netiq.com