If you get a copy of the "Love Bug" ...

Computer Security Weekly May 8, 2000

Lots of brief mentions this week. If you've been hit by the "Love Bug," or one of its variants, you aren't reading this. I'll get you some details for next week, but this type of thing is not news. The possibility was foreseen two years ago, but nobody paid any attention.

Janet Reno foams at the mouth over mafiaboy. I have the sneaking suspicion that somewhere, somebody is getting away with murder, undetected in the media hype over a couple of teenagers. (Oh, by the way, the source code for yet another DDoS program was released last week.)

http://www.wired.com/news/politics/0%2C1... http://CNN.com/2000/TECH/computing/04/19...

The US feds are talking about security again. Yawn.

http://www.wired.com/news/politics/0,128...

A brief report has said that Windows Explorer for Win9x has a buffer overflow bug when a filename extension contains more than 129 characters. The report states that arbitrary commands can be executed if embedded in the extension. Further, it may be possible to cause the same when sending long filenames as email attachments.

http://www.securax.org/pers

With the warnings going around about the CIH/Chernobyl viruses, someone is spreading a "cure" for Chernobyl. Unfortuantely, the cure, NOCIH.EXE, is a virus (Win.Santana) ...

http://www.avp.ru http://www.viruslist.com

Another virus, Smash, is a standard file infector, except that it doesn't care about filename extensions, infecting .DLLs and .SCRs as well as .EXEs. In most infected machines it resides in IO.SYS.

Some interesting, if not entirely dependable, security survey results are available at:

http://www.gocsi.com/prelea_000321.htm

The forerunner of the "Love Bug" is possibly Unicle, a recent virus that attacked only Chinese versions of Outlook and Windows, spread without attachments, and was invoked upon reading the message. Microsoft reacted in typically understated fashion. Kaspersky Labs did research and has provided a demo antiviral that deals with Unicle.

http://support.microsoft.com/support/kb/... http://www.kasperskylab.ru/eng/products/...

British Telecom is ramping up to a big ADSL roll-out. You can even pre-register for the service. However, the site for registering has all kinds of security loopholes, and just about anyone can get in and collect all the registrations and data on customers.

http://www.ntk.net/2000/04/28/signuplist... http://www.ntk.net/2000/04/28/dohopenwor...

I warned you. (On August 30th, 1999, and November 1st, 1999, in fact.) UCITA has been signed into law in Virginia, and is well on the way in Maryland.

http://www.washingtonpost.com/wp-dyn/art... http://www.idg.net/idgns/2000/03/29/UCIT...

the Swedes seem to be doing it right. Three hours after he started, and while the attack was still in progress, the National Police Computer Crime Squad arrested a teenager who was trying to break into a government site. (Maybe they could give Janet Reno a few pointers.)

http://www.aftonbladet.se/nyheter/0004/0... (in Swedish)

Stephen King's ebook has been cracked.

interactive.wsj.com/articles/SB954465411569087773.htm/t000030180.html

Find virus, book info http://victoria.tc.ca/techrev/rms.htm

The copyright of the article If you get a copy of the "Love Bug" ... in Computer Security is owned by Robert Slade. Permission to republish If you get a copy of the "Love Bug" ... in print or online must be granted by the author in writing.

Go To Page: 1 2

Articles in this Topic    Discussions in this Topic