Printer Friendly

Security Supplement.

Win2K/Stream: a new virus that runs on Windows 2000

Panda Software has detected a new virus Win2K/Stream, the first of its kind to use the "file stream" feature of Windows 2000 to infect PCs. This feature allows for the division of a file into several sub-files or "streams". Upon infection the virus creates a new stream associated with the victim file which will then read filename:str. This means that the new sub-file or stream can then only be accessed using the new name created by the virus, and as the original file remains hidden and its icon changed, the user cannot access it.

On the other hand, to be executed correctly, the virus needs to be executed from an NTFS partition; if executed from a non-NTFS partition, the damage is worse. In this case, the virus cannot create a new stream on which it will try to copy the original file and will overwrite its code directly on the original file, eliminating it from the hard disk.

Unlike other viruses, which spread automatically via e-mail, Win2K/Stream is spread through infected exe files, which may reach the user as e-mail attachments, downloadable programs, or in diskettes, CD Roms etc.

Win2K/Stream is in itself a Windows application, 3.628 bytes in size and compressed by Petite Pi EXE files compressor. When run, the virus infects all EXE file or programs present in the current directory, tries to copy the original file in a hidden stream and then by default, overwrites its own code in the original stream. This way'each time the user tries to open this file, he/she is actually executing the Win2K/Stream. The main symptoms of infection of Win2K/Stream are the change in size of a file (3.628 bytes + ) and a change in the associated icon.

Panda Antivirus detects Win2K/Stream and as such, reminds users to update their antivirus at the corporate website

Erap Estrada Trojan Horse Threat Over-hyped.

Some users have been alarmed today by reports from NIPC about a new Trojan horse called Erap Estrada or Philippines Trojan Horse. According to the NIPC alert an email is spreading with the subject line "Erap Estradau (the nickname of the President of the Philippines, Joseph Estrada) with a malicious attachment. Sophos Anti-Virus researchers have determined that the malicious attachment is, in fact, a Trojan horse called Troj/DonaldDick (also known as DonaldD or DonaldD.Trojan).

"Reports of attacks by Troj/DonaldDick seem to have been grossly exaggerated by the media,' said Graham Cluley, senior technology consultant for Sophos Anti-Virus. `There are more emails being sent back-and-forth about this `threat' than actual sightings.'

Troj/DonaldDick was first discovered in September 1999, and should pose no threat to companies who have kept their anti-virus protection up to date. For more information visit

Kaspersky Demystifies the Discovery of the First True Wireless Virus

Because of the numerous user requests regarding the discovery of the first true wireless virus for mobile phones, Kaspersky Lab, considers it necessary to clarify the issue.

According to the news published on August 30 by key international information agencies, the Norwegian Internet company for wireless technologies has discovered a security breach in some models of Nokia mobile phones. This breach allows a special SMS text message to be sent to the phone that will freeze its keys and disable normal operation. Functionality can be restored by the removal of the phone's battery. This announcement has been repeated by many sources and has caused the story to be widely misunderstood. Many mobile phones owners took the news as if the first true wireless virus had been discovered that is able to operate inside the phone's memory and cause harm to the phone's environment. Kaspersky Lab claims that this security breach is not a real virus threat.

It is known that the main distinctive attribute of a virus is its ability to self-replicate, i.e., infect other objects. The previously mentioned Nokia phone models simply do not have the necessary hardware or software capabilities to enable a malicious program to plant itself into the phone's management system.

We admit that it is possible to block a phone's keys by sending an SMS-message containing a special code. This is not the first and obviously not the last security breach discovered in mobile phones. Moreover, I believe as more functionality is added to mobile phones, it will result in more breaches being found. However, the discovered vulnerability is not a virus. From computer virology point of view it enables the creation of malicious programs of the Trojan type".

Kaspersky Lab affirms that mobile phones owners do not need to trouble themselves about this issue. Firstly, Nokia has not officially confirmed the existence of this vulnerability as yet. However company officials stated that if they do find something, they would make the necessary changes to prevent further exploitation of this breach. Secondly, we believe the technology for creating dangerous SMS-messages is in a safe place and is currently not available for malicious persons to misuse. Thirdly, the discovered breach is applicable only for certain Nokia models and cannot be exploited on other vendor's mobile phones.

We classify this event as a "false start' in announcing the discovery of the next generation of viruses able to infect mobile phones. Despite this, Kaspersky Labs believe it is likely that such viruses will emerge in the near future to exploit the latest improvements to the functionality of mobile phones. To prevent this, the Lab is ready to announce the world's first platform-independent anti-virus engine, that allows us to move anti-virus software to any operating system, processor type and even mobile phones, PDAS, Internet-enabled smart home appliances".

Internet Power-Base in Europe Could Shift to Mobile Operators,

According to IDC, wireless application protocol (WAP)-based applications are coming of age in Europe, which could result in a shifting of the Internet power-base in favor of the mobile operators, such as Vodafone, Orange, or Telecom Italia Mobile. This theme will be explored in one of the presentations at this year's European IT Forum, to be held in Monaco next month.

IDC believes the mobile operators have the potential to be the Yahoos and AOLs of the future in terms of content and access. In Japan, for example, NTT DoCoMols i-mode wireless Internet service has over 10 million subscribers, making it the second biggest ISP in the world - in a few years it could be the biggest ISP in the world in terms of subscriber numbers, possibly followed by Vodafone and France Telecom Orange. MCommerce and mobile location~based services are the killer apps of the mobile Internet," said Tim Sheedy,for IDC's European Wireless and Mobile Communications research. "Applications such as these are what's required to grow the market as organizations begin to launch such services, there will be huge levels of growth in usage of mobile Internet.' According to a recent IDC study, mobile@commerce in Western Europe is set to grow from $51.2 million this year to a staggering $37.7 billion in 2004. `Mobile Internet isn't about GPRS, UMTS, or WAP, but about the applications that use these services," Sheedy said. "Without mobile applications that require broadband connections, third-generation services are redundant."

Kaspersky Lab launches the Viral Encyclopedia at the Web

Kaspersky Lab and MediaLingua company announced their new joint project, the Viral Encyclopedia webserver. It will provide Russian and foreign users with information on more than 14,000 viruses and ways of fighting them.

The encyclopedia is available in both Russian and English. It presents descriptions of the majority of the known viruses, peculiarities of their propagation and spawning, effective means of their detection and elimination. The site utilizes the search engine by MediaLingua, which allows to make requests in "natural language". This helps the user to find the desired information according to viral symptoms. E.g., one may type "dropping letters", and the system "I return the list of viruses which demonstrate such effect. The Viral Encyclopedia by Kaspersky Lab may be found at and

Top Ten Viruses in August

For August 2000, the chart according to Sophos is as follows, with the most frequently occurring virus at number one:
1 (18.7%) VBS/Kakworm
2 (11.9%) VBS/LoveLet-G
3 (7.4%) VBS/Stages-A
4 (7.3%) WM97/Marker-C
5 (4.1%) W32/Ska-Happy99
6= (3.7%) WM97/Marker-0
6= (3.7%) XM97/Laroux
8= (2.3%) W32/Pretty
8= (2.3%) WM97/Thus-T
8= (2.3%) XM97/Divi-S
Others 36.3%

"In a month of hype about Pokemon viruses and Palm trojans it is interesting to view statistics of the true virus threat. Email-aware script worms dominate the charts,'say Sophos Anti-Vitus. "Kakworm continues to be the most commonly encountered virus worldwide. Many companies have still not bothered to roll-out the patch Microsoft issued last year to protect against it."

The main issue in the anti-virus industry in August has been the hyping of viruses for mobile platforms such as WAP and Palmtops. However, no virus currently exists for these platforms.

About Kakworm

VBS/Kakworm exploits security vulnerabilities in Microsoft Internet Explorer and Microsoft outlook which mean it is possible to be infected just by reading an email, rather than by launching an attached file.

More details on VBS/Kakworm and how to protect against it are described at http:l/www.sophos-com/virusinfo/ articles/kakworm-html

`Liberty Trojan horse low threat to Palm users'

Sophos Anti Virus, has advised that a Trojan horse which deletes applications on the Palm operating system poses little threat to computer users.

The Trojan horse (known as PalmOS/LibertyCrack or Palm Liberty.A) appears to have been distributed in the warez (plirated--software) Community as a crack for Liberty, an application to emulate a Nintendo Gameboy on a Palm PDA operating system.

Instead of illegally cracking, the Liberty software (and allowing users access to functionality normally only available upon registration) the Trojan horse deletes all programs on a Palm PDA. The author of Liberty, a Swedish lecturer called Aaron Ardiri, has admitted writing the trojan horse and giving it to "a few friends". Sophos has received no reports of this Trojan horse from customers, and do not believe it will become widespread. "It has always been possible to write malicious software for the Palm operating system," said Graham Cluley, for Sophos Anti-Virus. `This Trojan horse is a very low threat to Palm users who are sensible enough to avoid warez mailing lists and do not download pirated software. This, combined with the Trojan horse's extremely obvious payload and lack of replication code means it is unlikely to be encountered by the vast majority of users.

Keytools range of E-Security Products

Baltimore KeyTools is a new familty of products for developers worldwide which adds technology enhancements to Baltimores previous toolkit range and introduces a licensing structure enabling developers to integrate advanced security applications.

KeyTools offers software developers the ability to add a range of security features to their applications, including:

* Cryptographic processing of information transmitted over the Internet to ensure confidentiality

* Authentication of people, computers and software using digital certificates (`digital IDs'), to prevent spoofing of identifies

* Digital signature capabilities that allow people to legally sign documents online Integrity checking of documents and data to ensure information has not been changed en route

* The ability to link to a "Public Key Infrastructure (PKI)" system to provide policy based security for a business or Internet community.

Kane Secure Enterprise 4.0.4

Kane Secure Enterprise 4.0.4, is a centralized security analysis system that delivers intelligent enterprise-wide monitoring for intrusion and misuse detection from hosts, network devices and multi-vendor security applications. A new release includes a java graphical user interface (GUI) to enhance usability and simplify the tracking and analysis of events. Additional enhancements include improved scalability, increased agent-to-manager performance for Sun Solaris and Windows NT agents, and increased database performance.

Norton Latest Releases

Symantec have announced Norton AntiVirus 2001, Norton Utilities 2001, and Norton CleanSweep 2001 for use across all Windows-based systems. The solutions extend system optimisation capabilities such as virus protection, problem-solving, and system clean- up for Windows 9.x, Windows Millennium, Windows NT, and Windows 2000 Pcs. Norton AntiVirus 2001, Norton Utilities 2001, and Norton CleanSweep 2001 are also integral components of Norton SystemWorks 2001 utility suite. Norton AntiVirus 2001 features an improved LiveUpdate feature and new SmartScan technology. LiveUpdate automatically senses an open Internet connection then checks and automatically retrieves and installs any available virus definition updates.

New SmartScan technology intelligently finds all files with executable code that must be scanned for viruses, eliminating the need to scan all files in the system. Norton AntiVirus 2001 provides users a bootable CD allowing them to start-up their systems in the event of an emergency situation. Also included is a utility which assists users in creating emergency boot disks if their computer will not support a bootable CD. Norton AntiVirus 2001 continues to scan e-mail automatically as it is received, detecting viruses in attachments before the user accesses the attachment.

Norton Utilities 2001 allows users of Windows NT or Windows 2000 to optimise their systems and solve PC problems quickly. Norton Utilities 2001 speeds PC performance, identifying and fixing a wide range of problems is through an integrated set of tools that include Norton SpeedDisk, Norton Optimisation Wizard, Norton Disk Doctor, Norton WinDoctor, Norton System Doctor, and Norton System Check.

Norton CleanSweep 2001 now can run Fast & Safe from the CD, saving space by cleaning the hard drive before installing additional software.

Norton AntiVirus 2001, Norton Utilities 2001 and Norton CleanSweep 2001 cost of 29.99 [pounds sterling] respectively.

Database Tools

JRUN 3.0 Java Application

Allaire Corporation has announced the availability across Europe of JRun Server 3.0, offering support for the Java 2 Platform, Enterprise Edition (J2EE) specification, together with JRun 3.0 Studio, an integrated development environment for JavaServer Pages (JSP). With a new enterprise edition that opfers support, for Enterprise JavaBeans (EJB) as well as an integrated transaction server and massaging server, the JRun 3.0 product line makes the capabilities of S2EE accessible to the entire Java developer community.

VisualCafe Enterprise Edition V 4.01

VisualCafe Enterprise Edition 4.0. provides a more powerful and productive environment for Java developers for developing debugging the deployment of Enterprise Java Beans (EJB) across Java 2 Enterprise Edition application servers. Specific VisualCafe Enterprise Edition V.4 enhancements include:

* Single-View distributed debugging makes it possible to View multiple processes runnirig simultaneously on multiple and different Virtual machines (VM's), platforms and operating systems. WebGain VisualCafe 4 Enterprise Edition also includes a new debugging engine that supports custom-class loaders and hot deployment to BEA WebLogic Server v. 5.1 without recycling the server.

* VisualCafes new plug-in J2EE application server architecture simplifies the configuration and deployment to Hewlett-Packard HP/UX 11, Sun Solaris, Microsoft Windows NT Server 4.0, and Microsoft Windows 2000 Server. It also includes new re-entrant productivity wizards that streamline the development and deployment of Enterprise Java Beans.

NetWare Migrator 6.0

NetIQ NetWare Migrator, part of the comprehensive NetIQ Administration product line, manages the migration from Novell NetWare to Windows 2000. The new version adds support for migration to Active Directory that can reduce the time, costs, and potential disruption involved in implementing Windows 2000. The product's strength is its ability to migrate permissions, the security locks and keys for accounts and files, to Windows 2000. NetIQ NetWare Migrator attacks the problem from all angles to ensure that permissions are accurately and completely transferred into Active Directory.

Comprehensive utilities provided by NetIQ Netware Migrator give the ability to migrate file permissions assigned to Novell Directory Services (NDS) organisational units (OUs), as well as permissions assigned to an account via the NetWare `Security Equal To' attribute. NetIQ Netware Migrator can also merge multiple NetWare Bindery accounts into a single Windows 2000 account.

NetIQ NetWare Migrator also gives IT administrators the ability to select target OUs for objects that are migrated from NDS into Active Directory or even migrate entire NDS OU subtrees to Active Directory. It also has the ability to migrate NetWare Bindery users, groups, files and permissions to Windows 2000.
COPYRIGHT 2000 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2000, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Database and Network Journal
Geographic Code:1USA
Date:Oct 1, 2000
Previous Article:Data Handling.
Next Article:Mobiles Intrude into Personal Life.

Related Articles
Security Supplement.
Abilitec distributes AlarmPoint. (Security Supplement).
StoneBeat ServerCluster. (Security Supplement).
SecurityAnalyst 5.0. (Security Supplement).
Security manager 5.1. (Security Supplement).
Securing the E-Commerce Transaction. (Security Supplement).
Symantec patents on microdefinition system. (Security Supplement).

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters