Date:         Fri, 21 Sep 2001 19:57:17 -0400
Reply-To:     TOURBUS-Request@LISTSERV.AOL.COM
Sender:       The Internet TourBus - A virtual tour of cyberspace
              
Comments:     Resent-From: crispen@netsquirrel.com
Comments:     Originally-From: Patrick Douglas Crispen

From:         Patrick Douglas Crispen 
Subject:      TOURBUS -- 21 SEP 01 -- NIMDA
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
 
----------------------------------------------------------------------
                TOURBUS Volume 7, Number 18 -- 21 Sep 2001
----------------------------------------------------------------------
     _________ ____________ ________ __________ _____________ ___ _
    /         |            /        |          |             /   | \
   |         **FREE* *FREE* *FREE INKJET CARTRIDGES!**      /    |  \
   |__________|__________/__________|__________|___________/_____|   \
  /                                                              |----\
|  Buy 1, Get 1 FREE on all cartridges for your Epson, Canon,   |////|
|  HP, or Lexmark printer!  100% Guaranteed Quality - Secure    |////|
|  Ordering - Fast Service!  Free shipping on orders over $25!  |////|
|  Call 1-877-290-0687 or visit our web site and check out all  |////|
|  our new low prices!                                          |////|
|                                                               |////|
|  CLICK  |////|
\_______________________________________________________________|____|
        /   \  /   \                                             /   \
        \___/  \___/  T h e   I n t e r n e t   T o u r B u s    \___/
        SIX YEARS of Searchable Archives at http://www.TOURBUS.com !!
 
TODAY'S TOURBUS STOP(S):
    Nimda
TODAY'S TOURBUS ADDRESS(ES):
    http://windowsupdate.microsoft.com/default.htm
    http://www.webwasher.com/en/products/wwash/download_license.htm
 
Howdy, y'all, and greetings once again from beautiful Tuscaloosa,
Alabama, a town that is still in tremendous mourning.
 
TOURBUS is made possible by the kind support of our sponsors.  PLEASE
take a moment to thank each of our sponsors for keeping our little bus
of Internet happiness on the road week after week.
 
 
+----------------------  PARLEZ VOUS LINUX?  -----------------------+
  Learn Linux now with Bob Rankin's NO B.S. GUIDE TO LINUX.  The
  FREE CD with this book has Red Hat Linux, tons of freeware, Apache
  web server and cool Linux games.  You'll find valuable new job
  skills in 350 plain English pages -- no geekspeak or technobabble.
 
  NEWYORK NEWSDAY says: "The most accessible guide to getting started
  with Linux... Covers basic knowhow in a lighthearted style."  Cover
  price is $34.95 but TOURBUS readers get a 20% discount.  Order your
  copy today and get delivery anywhere in the world. Learn more about
  the book, read sample chapters, order online and save $7 now!
 
 CLICK HERE 
+-------------------------------------------------------------------+
 
 
On with the show ...
 
-----
Nimda
-----
 
As if the events of the past week haven't been enough to deal with,
there is a new virus/worm called Nimda.  Every computer running
Microsoft Windows 95, 98, 98SE, ME, NT, or 2000 is vulnerable.
Computers running non-Windows operating systems (like Macs and Linux
boxes) are *NOT* vulnerable, though.
 
How is Nimda different from the squillion other viruses out there?
Well, if you'll pardon my using an analogy, most viruses try to break
into your computer through your front door.  Close the front door and
the virus ceases to be a threat.  Nimda tries to break in through your
front door, your living room window, and your chimney.  Close the
front door and you're still vulnerable.
 
In other words, you're going to have to do a bit of work to protect
your computer from Nimda.
 
----------------------
Closing the Front Door
----------------------
 
Update your virus definitions.  This closes the front door.  How do
you update your virus definitions?  That depends on the antivirus
program you use.  Norton Antivirus has a "Live Update" button built
into the program; click on it, and Norton automatically downloads and
installs the latest virus definitions from Net.  McAfee VirusScan has
a similar update function (go to File --> Update VirusScan).
 
And, of course, *NEVER* double-click on any file, especially an email
attachment, regardless of who the file is from, until you first scan
that file with your antivirus program.
 
As long as you update your virus definitions weekly and never double-
click on attachments without first scanning those attachments, you're
pretty well protected from *most* computer viruses.
 
But not Nimda.
 
------------------------------
Closing the Living Room Window
------------------------------
 
Nimda also exploits a well-known hole in the PC version Internet
Explorer (other versions, including the Mac version of Internet
Explorer, are *NOT* affected by this hole).  According to Microsoft,
 
      Internet Explorer does not handle MIME (Multipurpose Internet
      Mail Extensions) headers in HTML e-mails correctly. If a
      malicious user sends an affected HTML e-mail or hosts an affected
      e-mail on a Web site, and a user opens the e-mail or visits the
      Web site, Internet Explorer automatically runs the excecutable on
      the user's computer. If this occurs, the executable can take any
      action on the computer that the user can take, including adding,
      changing, or deleting data, communicating with Web sites, or
      reformatting the hard drive.
 
Fortunately, Microsoft patched this hole back in March.  And finding,
downloading, and installing this patch couldn't be simpler: just run
Windows Update and download *ALL* of the critical updates.
 
There are a couple ways to run Windows Update, but the easiest is to
launch Internet Explorer and then go to Tools --> Windows Update.  You
can also go to Start --> Settings --> Windows Update.  Either way will
automatically redirect you to Microsoft's Windows Update page at
 

http://windowsupdate.microsoft.com/default.htm .
 
On the top left side of the Windows Update page, click on the "Product
Updates" link (it is the one with the hand and the red *).  A pop-up
window will appear, telling you to wait while your computer DOESN'T
send any information to Microsoft (well, that's what it says!)
 
Eventually, you'll see a page that says "Select Software."  When
Microsoft releases an essential update or patch to close a security
hole in Windows, they put it in this page's "Critical Updates" section.
Microsoft also puts a bunch of other, non-essential stuff on this page,
but you can ignore that.  You are here for the Critical Updates.
 
Select (or click on) EVERYTHING in the "Critical Updates" section --
you need *ALL* of the critical updates -- and then click on the big,
gray "Download" arrow in the top right hand corner of the page.  Then,
just follow the on-screen prompts.
 
This closes the living room window.
 
By the way, if you run Windows Updates and don't see any Critical
Updates, don't panic.  This just means that your version of Internet
Explorer has already been patched (and your living room window is
already closed).  :)
 
-------------------
Closing the Chimney
-------------------
 
You're still not done.  According to our friends at CERT,
 
      As part of the infection process, the Nimda worm modifies all web
      content files it finds (including, but not limited to, files with
      .htm, .html, and .asp extensions).  As a result, any user
      browsing web content on the system, whether via the file system
      or via a web server, may download a copy of the worm.  Some
      browsers may automatically execute the downloaded copy, thereby
      infecting the browsing system.
 
      [from http://www.cert.org/advisories/CA-2001-26.html ]
 
You've already taken care of the automatic execution problem in the
last step (Microsoft's Critical Update patch closes that hole), but it
is still possible that an infected Web page could automatically
download a Nimda virus-infected file to your computer.  Your computer
wouldn't be infected, though.  Instead, the virus-infected file would
be like a letter bomb; it will just sit there, taking up space,
waiting for you to open it.
 
The folks at CERT recommend disabling JavaScript to avoid this
problem, but I have a much more beautiful solution: download and
install a "pop-up killer" like WebWasher.  Nimda tries to "come down
the chimney" through JavaScript pop-up window.  Pop-up killers like
WebWasher keep this from happening.
 
In other words, WebWasher closes the chimney.
 
Originally developed by German electronics giant Siemens, WebWasher is
a filter program for PCs, Macs, and Linux boxes running either
Netscape Navigator or Microsoft Internet Explorer.  Once you install
WebWasher on your computer, the program automatically blocks unwanted
Web content like banner ads and pop-up windows.  Instead of the ads,
all you see is white space -- the ads aren't even downloaded!  :)
 
What is most amazing is that WebWasher is free for home and education
use.  You heard right, folks: IT'S FREE!  To download WebWasher, point
your Web browser to
 

http://www.webwasher.com/en/products/wwash/download_license.htm 
 
and click on the "I agree" button.  The download process is self-
explanatory.
 
Once you download WebWasher to your hard drive (the file less than 1
Mb in size, so it should download pretty quickly). double-click on the
installation file to install the program, and then follow the on-
screen instructions to configure both WebWasher and your browser.
This sounds complicated, but it is actually rather easy.
 
That's it!  You are now free to surf the Web relatively ad-free.  And
unlike a lot of other ad filtering programs, WebWasher doesn't change
the appearance of most popular Web sites.  In fact, some sites -- like
Intellicast -- look significantly better without the ads!
 
As I said earlier, most viruses try to break into your computer
through your front door.  Close the front door and the virus ceases to
be a threat.  Nimda tries to break in through your front door, your
living room window, and your chimney.
 
BUT, if you update your virus definitions, never double-click on
attachments, download and install the Critical Update patches from
Microsoft, and use a pop-up killer like WebWasher, the Nimda virus
will become just like Yoko Ono: an annoying thing about which you need
not worry.  :P
 
---------------
And Finally ...
---------------
 
After last week's attack, I decided to check my homeowners insurance
to see what is and is not covered.  Here is what I found.  The last
sentence gave me a much-needed chuckle.
 
      Section 1 - Losses Not Insured
      1. e.  War, including undeclared war, or any warlike act,
      including destruction or seizure or use for a military purpose,
      or any consequence of these.  Discharge of a nuclear weapon is
      deemed a warlike act even if accidental.
 
Well, DUH! :P
 
That's it for this week.  Have a safe and happy weekend and we'll talk
again soon.
 
TODAY'S TOURBUS STOP(S):
    Nimda
TODAY'S TOURBUS ADDRESS(ES):
    http://windowsupdate.microsoft.com/default.htm
    http://www.webwasher.com/en/products/wwash/download_license.htm
 
The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved
=====================[ Tourbus Rider Information ]===================
    The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
      Copyright 1995-2001, Crispen & Rankin - All rights reserved
 
  Help the hungry, poor and sick - for free!  http://FreeDonation.com
 
       Subscribe, Signoff, Archives, Free Stuff and More at the
               Tourbus Website - http://www.TOURBUS.com
=====================================================================
 
 
            .~~~.  ))
  (\__/)  .'     )  ))       Patrick Douglas Crispen
  /o o  \/     .~
{o_,    \    {              crispen@netsquirrel.com
   / ,  , )    \           http://www.netsquirrel.com/
   `~  '-' \    } ))    AOL Instant Messenger: Squirrel2K
  _(    (   )_.'
'---..{____}                  Warning: squirrels.
 

TOURBUS
HOME PAGE
LINUX
TUTORIAL
TOURBUS
ARCHIVES
TOURBUS - 21 SEP 01 - NIMDA, viruses, hoaxes, urban legends, search engines, cookies, cool sites
TOURBUS Site Search