Date: Fri, 5 May 2000 01:50:23 -0500
Reply-To: TOURBUS-Request@LISTSERV.AOL.COM
Sender: The Internet TourBus - A virtual tour of cyberspace
Comments: Resent-From: crispen@netsquirrel.com
Comments: Originally-From: Patrick Douglas Crispen
From: Patrick Douglas Crispen
Subject: TOURBUS -- 4 MAY 00 -- THE LOVE BUG
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
----------------------------------------------------------------------
TOURBUS Volume 5, Number 89 -- 4 May 2000
----------------------------------------------------------------------
[ Tip: Use a monospace font like Courier when reading this message ]
_________ ____________ ________ __________ _____________ ___ _
/ | / | | / | \
| LOCAL NEWS... YOUR HOME'S VALUE IS INCREASING. / | \
|__________|__________/__________|__________|___________/_____| \
/ |----\
| Would you like to know by how much? Find out how much you've |////|
| gained at HomeGain. Get a FREE, instant valuation report on |////|
| your home, complete with prices of comparable homes recently |////|
| sold in your neighborhood. |////|
| |////|
| |////|
| CLICK HERE |////|
\_______________________________________________________________|____|
/ \ / \ / \
\___/ \___/ T h e I n t e r n e t T o u r B u s \___/
FIVE YEARS of Searchable Archives at http://www.TOURBUS.com !!
TODAY'S TOURBUS STOP(S):
THE LOVE BUG
TODAY'S TOURBUS ADDRESS(ES):
http://www.cert.org/advisories/CA-2000-04.html
Howdy, y'all, and greetings from the city of Tuscaloosa, Alabama,
former capital of the Ottoman Empire. (I ran out of things to say
about my hometown, so I figured I'd just start making stuff up). :)
TOURBUS is made possible by the kind support of our sponsors. I thank
the folks at "HomeGain.com," "SmarterKids.com," and "Candlemart.com"
for making today's post possible. As always, please visit our
wonderful sponsors and thank them for keeping the bus rolling!
+------------------------------------------------------------------+
Get a FREE Children's CD-Rom with any order of $10 or more
at SmarterKids.com, the web's leading online educational
toy store. Choose from 10 of today's most popular children's
software titles including favorites like Dr. Seuss, Arthur,
Webster's, Sesame Street and more. (Values to $29.95.)
Click by May 15th to Get Yours:
CLICK HERE
+------------------------------------------------------------------+
+----------- SAVE 75% on a Great MOTHER'S DAY GIFT! ------------+
Fruit Jel Candle w/fruit chunks just $6.99 for a limited time.
I'm sure you've seen them in stores for as much as $24.95 but until
our stock is gone they are just $6.99 at the World's Largest Candle
Store! Daily Deal section has many items listed BELOW wholesale.
We also offer a 100% money back guarantee on all of our products!
http://www.candlemart.com/cgi-bin/orders/showproducts.pl?01-CC-573
+------------------[ http://www.Candlemart.com ]-------------------+
On with the show ...
------------------------------------------------------
I LOVE YOU ... I HONESTLY L#$@_^($@ ... **NO CARRIER**
------------------------------------------------------
Update your antivirus definitions, kiddies. There's a new bug in
town: the "ILoveYou" worm (a.k.a. "VBS.LoveLetter.A").
Who is affected? Anyone who is running Windows, especially if you
also have Windows Scripting Host enabled. Should you panic? NO!
This too shall pass (and, besides, there are some SIMPLE ways to
protect yourself from both the "ILoveYou" worm and the countless
copycat worms that are already starting to pop up).
Here's what's going on. Someone sends you an email with the subject
"ILOVEYOU" and a body that reads "kindly ch3ck th3 attach3d LOV3L3TT3R
coming from m3." Attached to the email is a file named "LOVE-LETTER-
FOR-YOU.TXT.VBS." If you are foolish enough to double-click on the
attached file, that's when the fun begins. [By the way, since many
ISPs are now automatically filtering ANY message that contains the
"kindly check ..." body text, I took the liberty of changing the
"e"s in that sentence to "3"s. After all, we wouldn't want your ISP
to inaccurately think that today's TOURBUS post is actually the
dreaded "ILoveYou" letter.] :)
Anyway, according to our friends at CERT, the organization formerly
known as the computer emergency response team, "when the worm executes,
it attempts to send copies of itself using Microsoft Outlook to *ALL*
the entries in *ALL* the address books." [Emphasis mine] In other
words, if you have Outlook and you foolishly double-click on LOVE-
LETTER-FOR-YOU.TXT.VBS, the worm will automatically email itself to
EVERYONE you know.
Oh, but wait. It gets worse.
Even if you don't use Microsoft Outlook, the "ILoveYou" worm can still
do an unimaginable amount of damage to your PC. According to CERT, if
executed, the worm will locate certain files on your computer (.vbs,
.vbe, .js, .jse, .css, .wsh, .sct, and .hta files) and replace them
with copies of the "ILoveYou" worm. The worm will also take *ALL* of
the JPEG picture files stored on your computer and replace them with
worm-infected files. (For example, a file named x.jpg will be
replaced by a file called x.jpg.vbs containing a copy of the worm).
And, for you music lovers who have MP3 and MP2 files on your PCs,
"ILoveYou" will create a copy of itself for every one of those files
as well. (Fortunately, your original mp3 or mp2 files will still be
there, but they will be hidden).
Frightening, isn't it? But wait ... there is even MORE! CERT warns
that
Since the modified files are overwritten by the worm code rather
than being deleted, file recovery is difficult and may be
impossible.
Users executing files that have been modified in this step will
cause the worm to begin executing again. If these files are on a
filesystem shared over a local area network, new users may be
affected.
I may be wrong here, but I think the folks at CERT are trying to tell
us that if our PCs become infected with this little bugger, the only
way to fix it will be to format our hard drives and start from
scratch. EEEK!
You can read *ALL* of CERT's comments on the "ILoveYou" worm at
http://www.cert.org/advisories/CA-2000-04.html .
With all of the nasty stuff that the "ILoveYou" worm does to your
computer, and with the squillion different copycat viruses that are
waiting in the wings, why on earth did I, a few paragraphs ago, tell
you NOT to panic? Simple! While the "ILoveYou" worm is frightening,
protecting yourself from it (and its ilk) isn't all that difficult ...
---------------------------------------------
Crispen's *SIX* Antivirus Rules -- 4 May 2000
---------------------------------------------
In light of the recent "ILoveYou" worm outbreak, I decided to re-
rewrite my rules on how to protect yourself from computer viruses,
Trojan horses, or worms. Regardless of your operating system, these
six rules should protect you from most of the over FORTY-SIX THOUSAND
viruses that are currently floating around the Net (including the
"ILoveYou" worm).
----------------------------------------------------------------------
1. PURCHASE A GOOD, COMMERCIAL ANTIVIRUS PROGRAM LIKE NORTON ANTIVIRUS
OR MCAFEE VIRUSSCAN.
----------------------------------------------------------------------
Most commercial antivirus programs usually cost between US$40
and US$50 and can be purchased at almost any computer store in
the world. [You can usually save about US$10 if you purchase
the software online -- visit http://www.shopper.com/ for more
information].
Antivirus program manufacturers also release minor upgrades
every two to three months and major upgrades every twelve to
eighteen months. YOU NEED THESE UPGRADES. Minor upgrades are
usually free, and major upgrades usually cost anywhere between
US$20 and US$40, depending on the manufacturer [think of this
as an expected expense -- just as you have to change your
car's oil every 3,000 miles, you have to upgrade your
antivirus software every year to year-and-a-half].
To see if any minor or major upgrades are available for your
antivirus program, visit your antivirus program manufacturer's
homepage. A list of antivirus manufacturers' homepages can be
found at http://www.yahoo.com/ or at AOL keyword "virus."
----------------------------------------------------------------------
2. UPDATE YOUR VIRUS DEFINITIONS FREQUENTLY (AT LEAST ONCE A
WEEK).
----------------------------------------------------------------------
With over 250 new viruses being discovered each week, if you
don't update your definitions frequently you won't be
protected from ANY of the new viruses floating around the Net.
How do you update your virus definitions? That depends on
the antivirus program you use. Norton Antivirus has a "Live
Update" button built into the program; click on it, and Norton
automatically downloads and installs the latest virus
definitions from Net. McAfee VirusScan has a similar update
function (go to File --> Update VirusScan).
If you are unsure of how to update your virus definitions,
visit the homepage of your antivirus software manufacturer and
look for their "download," "update," or "technical support"
section.
----------------------------------------------------------------------
3. NEVER DOUBLE-CLICK (OR LAUNCH) *ANY* FILE, ESPECIALLY AN EMAIL
ATTACHMENT, REGARDLESS OF WHO THE FILE IS FROM, UNTIL YOU
FIRST SCAN THAT FILE WITH YOUR ANTIVIRUS PROGRAM.
----------------------------------------------------------------------
This is probably the most important rule of them all. There
are currently over forty-six thousand viruses out there, there
are over 2.8 trillion possible files names out there, and any
one of those viruses could be hiding in any one of those file
names. A lot of people think that you can protect yourself
from a computer virus by being on the lookout for one
particular virus or one particular file name (hence all of the
virus warnings you have received in your email inbox lately).
That's not only silly, that's dangerous. If you want to
protect your computer from viruses, you need to ignore ALL of
the virus warnings you receive and instead beware of EVERY
file you see, especially every file that is attached to an
email message.
It is important to note that, despite all of the warnings to
the contrary, there is no such thing as an email virus. If
you are running the most up-to-date version of Windows (see
rule #5 below) or if you have a Mac, you can open your emails,
regardless of their subject lines, without fear of infecting
your computer, provided your email program doesn't
automatically open attachments (most don't). It is the files
that are ATTACHED to emails that you have to fear.
Think of a computer virus as a well-packaged letter bomb. You
can move a letter bomb from room to room in your house without
any danger. Open the letter bomb, however, and you die. The
same is true with computer viruses. You could download a
billion virus-infected files from the Internet and receive
another billion virus-infected files attached to email
messages and your computer still wouldn't be infected with a
virus. Open, or double-click on, just ONE of those files,
though, and your computer is dead.
Remember, to infect your computer with a virus, you have to
open (or double-click on) a file that contains a virus. As
long as you don't open that file, you really have nothing to
fear.
How can you scan a file for viruses? That depends on the
antivirus program you use. The best bet is to read your
antivirus program's instructions or read its online help
section. If you use Norton Antivirus or McAfee VirusScan,
right-click (or, if you have a Mac, click and hold) on the
file in question. A pop-up menu should appear, and one of the
choices should be "Scan with ..." and the name of your
antivirus program. If that doesn't work, just open your
antivirus program and try to scan the file from there.
Do you have to scan EVERY file, even if that file is from your
friends or coworkers? Yes! The Melissa, WormExplore.Zip, and
"ILoveYou" viruses distributed themselves by opening your
email program, looking at either your 'friends' list or the
list of email addresses in your inbox, and then distributing
virus-infected files to everyone on that list.
In the world of computer viruses, you can't trust ANYONE
(even if they say they love you). :P
----------------------------------------------------------------------
4. TURN ON MACRO VIRUS PROTECTION IN MICROSOFT WORD, AND BEWARE
OF ALL WORD MACROS, ESPECIALLY IF YOU DON'T KNOW WHAT MACROS
ARE.
----------------------------------------------------------------------
Word Macros are saved sequences of commands or keyboard
strokes that can be stored and then recalled with a single
command or keyboard stroke. They enable advanced Word users
to easily accomplish what would otherwise be difficult tasks.
They also allow virus writers to do serious damage to your
computer. For example, the Melissa virus was actually a Word
Macro virus.
If you use Word 97, go to Tools --> Options. Click on the
"General" tab. Make sure that "Macro virus protection" (at
the bottom of the list) is checked.
If you use Word 2000, Double-click on the Tools menu, point to
"Macro," and then choose "Security." Select the level of
security you want. High security will allow only macros that
have been signed to open. Unsigned macros will be
automatically disabled. Medium security always brings up the
macro dialog protection box that allows you to disable macros
if you are unsure of the macros.
With Macro virus protection turned on, Microsoft Word will
warn you every time you try to open a Word document that
contains a macro. The warning gives you three choices: the
option to open the file but disable its macros ("disable
macros"), open the file with macros enabled ("enable macros"),
or the option to not open the file ("do no open"). Chose the
first (default) option: "disable macros."
For more information, visit the Macro Virus Protection page at
http://officeupdate.microsoft.com/focus/articles/o97mcrod.htm
----------------------------------------------------------------------
5. RUN WINDOWS UPDATE AT LEAST ONCE A MONTH
----------------------------------------------------------------------
Windows is aptly named because it is full of holes. There are
several, inadvertent 'open doors' (or 'security holes') in the
Windows operating system that *COULD* conceivably make your
computer vulnerable to outside attack. In specific, a mean-
spirited hacker *COULD* 'walk through' one of these open doors
on your Windows PC and read any file on your computer, delete
specific files or programs, or even completely erase your hard
drive.
When the folks at Microsoft discover a security hole, they
immediately release a software patch to close it. Without the
patch -- and there are MANY -- your computer is wide open to
outside attack.
Fortunately, downloading these patches couldn't be simpler.
Built into every 98 PC (and into every version of Microsoft's
Internet Explorer since version 4.0)is something called
"Windows Update." Windows Update is an easy-to-use tool that
helps you ensure that your PC is running the absolute latest
Microsoft software patches and drivers.
Here is how to use Windows Update to download all of the
security patches Microsoft has released since your PC was
made:
1. Connect (or logon) to the Internet.
2. If you have Windows 98, launch Windows Update by going
to Start --> Settings --> Windows Update on your PC.
You can also launch Windows Update by going to Tools
--> Windows Update in either Internet Explorer 4 or 5.
Either way will connect you to Microsoft's Windows
Update page [ http://windowsupdate.microsoft.com/ ].
By the way, if you don't have Internet Explorer 4 or
later, Microsoft's Windows Update page will
automatically talk you through the process of
downloading and installing the latest version of
Internet Explorer.
3. On the top left-hand side of the Windows Update page,
click on the "Product Updates" link (it is the one
with the hand and the red *)
4. A pop-up window will appear, telling you to wait while
your computer DOESN'T send any information to
Microsoft (well, that's what it says!)
5. Eventually, you'll see a page that says "Select
Software." When Microsoft releases an essential
update or patch to close a security hole in Windows,
they put it in this page's "Critical Updates" section.
Select (or click on) EVERYTHING in the "Critical
Updates" section -- you need *ALL* of the critical
updates -- and then click on the big, gray "Download"
arrow in the top right hand corner of the page.
6. Follow the on-screen prompts. That's it! :)
New security holes are found in Windows every week or two, so it is a
good idea to run Windows Update at least once a month. The first time
you run it, expect to see a MESS of critical updates. After that,
though, there should only be one or two critical updates you'll have
to download every month.
----------------------------------------------------------------------
6. IF SOMEONE UNEXPECTEDLY SENDS YOU AN EXECUTABLE FILE OR VISUAL
BASIC SCRIPT FILE -- IN OTHER WORDS, A FILE THAT ENDS IN .EXE
OR .VBS -- THROW IT OUT.
----------------------------------------------------------------------
Most of the forty-six thousand viruses that are floating
around the Net right now are hiding in executable files. Some
of the most vicious, new viruses are hiding in Visual Basic
script files. If someone, even a close personal friend,
unexpectedly sends you a file that ends in .exe or .vbs -- or
if they unexpectedly send you a zipped file that contains a
file or files that end in .exe or .vbs -- your safest bet is
to delete the file without opening it.
The key word here is "unexpectedly." If you are expecting a
friend to send you an executable file, you certainly don't
need to delete that file -- just virus scan it first before
you open it.
However, if you are in an environment (like a home) where you
don't often receive ANY files attached to your incoming email
messages, a better rule would be: "When in doubt, throw it out
... and doubt EVERYTHING."
How well will these six rules protect your computer from becoming
infected with a virus, Trojan horse, or worm? Take a look at the
following questions, and decide for yourself. How many people whose
computers were infected with the "ILoveYou" virus ignored at least one
of these rules? ALL OF THEM! How many people who followed these six
rules had their computers infected by "ILoveYou?" NONE OF THEM! How
many people whose computers were infected with the WormExplore.Zip
virus ignored at least one of these rules? ALL OF THEM! How many
people who followed these six rules had their computers infected by
the WormExplore.Zip virus? NONE OF THEM!
These six rules will not protect you from every computer virus, Trojan
horse, or worm, but they will so significantly decrease your
computer's chances of becoming infected that you can all but forget
about the next virus scare and all the ones that will follow.
TODAY'S TOURBUS STOP(S):
THE LOVE BUG
TODAY'S TOURBUS ADDRESS(ES):
http://www.cert.org/advisories/CA-2000-04.html
---------------------------------
TODAY'S SOUTHERN WORD OF THE WEEK
---------------------------------
BAUGH-WEE (noun). A male child.
Usage: "Baugh-wee, you have any idea how fast you's drivin?"
[Special thanks go to J. Ray Bobo for today's word]
You can find all of the old Southern Words of the day at
http://netsquirrel.com/crispen/word.html
=====================[ Tourbus Rider Information ]===================
=
The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
Copyright 1995-2000, Rankin & Crispen - All rights reserved
Like Tourbus? Recommend It! You could Win $10K or a Sony DVD Player
CLICK HERE
HELP the hungry, poor and sick - for free! http://FreeDonation.com
Join : Send SUBSCRIBE TOURBUS Your Name to LISTSERV@LISTSERV.AOL.COM
Leave: Send SIGNOFF TOURBUS to LISTSERV@LISTSERV.AOL.COM
Note : Put LISTSERV commands in the message BODY, not SUBJECT line.
Tourbus Home: Archives, Free Stuff and More - http://www.TOURBUS.com
======================================================================
.~~~. ))
(\__/) .' ) )) Patrick Douglas Crispen
/o o \/ .~
{o_, \ { crispen@netsquirrel.com
/ , , ) \ http://www.netsquirrel.com/
`~ '-' \ } )) AOL Instant Messenger: Squirrel2K
_( ( )_.'
'---..{____} Warning: squirrels.
