PC Alamode Magazine Online; Just the Other Day, Lee Besing

Alamo PC Organization > HOME > PC Alamode > Archive > Just the Other Day

Just the Other Day
by Lee Besing

Threats to your computer
September, 2002

Just the other day, a customer told me about how one of the computers on his network was acting up. He stated that this computer did not have direct access to the Internet; only one computer on his network had dialup. This meant obviously that this computer could not get updates by running Live Update. The solution was for me to manually load Norton's update module onto his computer from a CDR and run the update. Surprise, surprise, surprise! Viruses were suddenly detected all over his computer. Seems that he had been using his other computer to download files from the Internet or from e-mail, and then dragging them across to the other computer. He hadn’t been keeping either computer updated to prevent viruses, and both of them were highly infected. Three hours later his entire system was cleaned and updated. Better yet, he now knows how to manually download the update module from Norton's website and install it on both computers himself.

Another trick I used at first, since he was running the same operating system on both (W98se) and the same version Norton Anti-Virus on both (2002), was to drag the entire Symantec Shared folder from the Windows folder on the computer with Internet access to the same folder on the others. After rebooting, the other computers recognized the upgrade and used the new version files to check. Not sure I recommend that action to the novice user. If you overwrite the wrong folder, your computer might be worse off than before you started, although the worst thing to happen could be a requirement that you reinstall it again. Try it at your own risk if you want to.

According to Symantec, as of the end of July 2002, the ten most commonly reported viruses, worldwide are: (1) W32.Klez.H@mm, (2) W32.Nimda.A@mm, (3)W32.Klez.E@mm, (4) W32.Nimda.E@mm, (5) W95.Hybris.worm, (6) Trojan Horse, (7) W32.Magistr.39921@mm, (8) Backdoor.Trojan, (9) JS.Seeker, and last but not least (10) W32.Badtrans.B@mm.

Worm Authors A Goner
Five Israeli youths, one still in middle school, have been indicted for authoring and distributing the Goner worm. Goner was discovered in the wild in December 2001, after the youths distributed it via various online forums. Goner spread via Microsoft Outlook and IRC (Internet Relay Chat) and was able to successfully shutdown many popular antivirus and firewall products running on infected systems.

Officials were able to track down the youths, using clues found within the virus. Upon opening the infected attachment, gone.scr, a screen containing identifying information was temporarily displayed. By comparing the nicknames displayed to IP addresses registered on DALnet, clues were derived that eventually led to the arrest of four of the youths. A fifth teen was arrested at a later time.

Legalized Hacking?
Congressmen propose legislation legalizing RIAA (Recording Industry Association of America) hacking of file-sharing networks. Drawing the line at the use of viruses, the bill otherwise permits "disabling, interfering with, blocking, diverting, or otherwise impairing the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network. This appears to grant the RIAA the privilege to legally hack into P2P users' computers to prevent or thwart the distribution of free mp3 files.

On July 25, 2002, California representative Howard Berman proposed a bill in Congress that would allow the recording industry to legally hack into systems suspected of sharing copyrighted material. Berman introduced the bill along with representatives Howard Coble of North Carolina, Lamar Smith of Texas, and Robert Wexler of Florida. This is not a hoax, I've seen the actual copy of the proposed bill from Congress’ Website.

While Berman is quick to defend the proposed bill by saying,

It does not allow copyright owners to send viruses through P2P networks, destroy files, hack into the personal files of P2P users, or indiscriminately block lawful file-trading,

the bill does allow

disabling, interfering with, blocking, diverting, or otherwise impairing the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network.

The bill includes a number of provisions, including a requirement to notify the Department of Justice seven days prior to engaging in the attack.

Berman crafted the bill to level the playing field between copyright holders and so-called 'file traders'.Berman said,

In other words, while P2P technology is free to innovate new and more efficient methods of distribution that further exacerbate the piracy problem, copyright owners are not equally free to craft technological responses. This is not fair. ... Songwriters, photographers, film producers, karaoke tape makers and other copyright owners are experiencing massive piracy of their works through P2P networks. Billions of P2P downloads every month constitute copyright infringements for which these creators and owners receive no compensation. There is no excuse or justification for this piracy. Theft is theft, whether it is shoplifting a CD in a record store, or illegally downloading a song from Morpheus.

Perhaps in response, unknown hackers launched a DoS (Denial of Service) attack against the RIAA over the weekend following the announcement of the proposed bill. The attacks began on Friday night and continued until early Monday morning, making the site virtually inaccessible to legitimate traffic.

I’m personally not ready to get too excited about this proposed bill, until gets assigned a HR number for serious consideration by Congress. Past attempts by the RIAA have been defeated, such as when they tried to tack an anti-piracy amendment to an anti-terrorism bill in October 2001. When one compares current legislative initiatives to comments made by lobbyist Mitch Glazier after the failed October attempt, it seems the newly proposed bill itself could have been drafted directly by the RIAA.

But there is some truth to stories about a higher infection rate among computers who are participating in these sharing activities. I’ve had several clients who have been using one or more of the three P2P networks (Gnutella, Morpheus, and KaZaA) with higher levels of virus attacks caused by folks purposely infecting files being traded in an effort to shut down the other non-protected computers. If you insist on playing in this area, please do yourself a favor and be sure your anti-virus software is updated on at least a weekly basis if not daily. And if you haven't seen an alert on your computer saying the Klez virus has been detected and quarantined within the past month, you are either already infected with it or you don't get much e-mail from the outside world.

Lee Besing is the owner of Computer Solution Experts, a consulting firm that provides on-site service and support for PC computers and networks.