A flurry of worms

• The strangest variance I've ever seen
• Other lovesan/blaster related activities
• Sobig is back - with a vengeance
• New Office Ship Date
• Outlook's new navigation
• Read it on the web
• Google Links
• Keep the Megabyte Minute Tip Letter Free

Last week, the lovesan (a.k.a.) blaster worm made life hectic for many of you.  You were busy patching, rebooting (if you got infected) or spreading the word.  So having a worm fix the problem for you might seem like a welcome change.  But think again.

This week, another worm started making the scene. This one, known as Blaster-D/Nachi penetrated systems using the same security hole as last week's blaster worm.  However, instead of creating havoc; it fixed the problem.  If the Nachi worm hits your system, it removes the file that was created by last week's worm.  Then it goes to Microsoft's Windows Update to download the patch that plugs the security hole and initiates the installation of the patch.  Once complete, you don't have to worry about that particular vulnerability anymore.

While this may have some positive aspects - especially related to systems that people haven't bothered to update (or who don't know enough to update), it also creates some problems.

First, it's still exploiting a hole in security by compromising a system that you should be controlling.  Any time that somebody else can take control of your system without your permission is a problem.

Second, there are many corporate systems that were not patched because the IT managers had not completed their rigorous testing procedures.  Most savvy IT managers will not apply a patch throughout networks as soon as they are available.  They first apply it on a test system or test network to make sure that the patch doesn't cause any other problems.  Since every company has different configurations running different applications for different purposes, this is an important activity, and should not be skipped.  There are too many things that can go wrong by simply applying patches without proper testing.  (For those of you who are on old versions of Windows, Office or other applications, this may be one of the reasons.)

Third, letting a worm do your work is not the most trustworthy way to apply patches - especially in work environments.  You never really know what extra "baggage" comes along with the worm.

• More Information

Other lovesan /blaster related activities

The distributed denial of service attack scheduled to start on Saturday was a dud.  This DDoS attack was to have been launched by lovesan/blaster against Microsoft's  windowsupdate.com and would have made it even more difficult to download the patch to fix the problem.  Microsoft made some quick moves to head off the problem, one of which was to pull down windowsupdate.com.  This was actually an easy step, because normally, it pushes your browser to windowsupdate.microsoft.com, which would not have been effected by the blaster worm.  It also added systems and bandwidth and took other precautions.  So the expected problem was avoided.

According to Symantec, over 400,000 systems were affected by blaster during the past week.  In addition, Kapersky Labs found at least two other variences.

The blaster code is now available to any script-kiddie who wants to copy it and change a couple parameters.  So you need to be cautious.  Update your Windows system by applying the patch.  Start by clicking on the globe with the Windows logo in the bottom left corner of your monitor (near your clock).  If you don't see it there, look for Windows Update in your [Start] menu.  If you don't see it there, go to windowsupdate.microsoft.com to get the patch.

If you can't download it because the worm has infected your system (thereby making it reboot continuously), read the instructions in MegabyteMinute.com's features section to apply the short term fix that will allow you to download the patch.

• More Features at MegabyteMinute.com

Sobig is back - with a vengeance

The name may be familiar, but the threat is different.  Sobig.F spreads through email.  You get it by opening an attachment in an email that you receive.  That starts a chain of events that includes:

1. copying the worm to your hard disk drive
2. trying to copy the worm to other systems on your network
3. installing its own mailing application which lets it send mail to others using your address book to disguise its contents and get new prey
4. opening a port on your computer from which it can receive commands over the Internet

Panda Technology, an anti-virus company with US headquarters in Glendale CA, told me that Sobig is being mailed at an extremely rapid rate.  The company rates the threat level "severe" and the distribution of Sobig.F as "epidemic"

It seems to be using a technique called dictionary spam among its many tactics - mailing to info@, sales@ and other common email addresses.  Upon further research, the worm is actually browsing the copies of web pages on infected systems - and harvesting the email addresses off those web pages.  So it is actually a combination of worm and spam. 

The attachments are fairly big.  Between the large attachments and epidemic numbers of messages being sent, Sobig.F is causing slowdowns at several levels.   No ISP has been left untouched.   Sharee Stout at City Net, a Pittsburgh PA ISP, told me that it came out of nowhere and had been blitzing email accounts.  She detected the problem very early and was dealing with it quickly.  Other ISPs might not have been as quick to react, which is why we're still hearing about Sobig.F several days after it was detected.

I even saw it attack an address that was posted online at the bottom of one of my Post Gazette newspaper column before quickly using Spam Slicer to block the attack.

The major anti-virus software companies have updated their virus definitions.  So update your anti-virus software now to make sure that Sobig.F doesn't infect your system.

Office Ship Date

Microsoft is readying the new Office 2003 and has shipped it to manufacturing.  By the end of September, you should be seeing it on systems that you buy.  The official release date is October 21. 

Microsoft has officially pulled OneNote from the release, although the company still considers OneNote to be part of the Office 2003 system.  The bottom line for you is that you'll get a $100 rebate on OneNote if you also purchased Office 2003

Outlook's New Navigation

Outlook 2003 may take some getting use to.  Microsoft has made several substantial changes in the user interface.  The one that will hit you in the face is the elimination of the Outlook Bar.  That's the gray bar on the left side of the screen that many people used for short cuts to folders in Outlook 2002(XP), 2000, and earlier versions.

It has been replaced by the new Navigation Pane.  This pane is segmented into several parts:

Your favorites folders - which shows the Outlook folders you use the most.

All mail folders - showing your entire directory structure of MAIL folders

other Outlook applications - where you get to select your contacts, calendar, notes, etc.  Clicking on any one will replace your mail folders with your favorites of that type.

The new approach has some advantages.  For instance, it is easier to find your contacts if you have multiple contacts folders.  However, it moves your contacts an extra click away from your mail, with no apparent way of putting them back together with buttons that can be seen concurrently.

Yet there are many other usability enhancements that we'll detail in future Megabyte Minute Tip Letters.

Help with Office 2003

Of course, Megabyte Minute Tip Letter subscribers will receive tips and tricks to use with Office 2003.  But you can take a great big leap in productivity by having me conduct a seminar, workshop or individual coaching session right in your office.  It will help you get the most of Office 2003 (or other versions of Office - or even other applications).  I concentrate on your critical mission - not just on the 1-2-3s of using the software.  So you get so much more out of it.   If you're interested, send me your name, company, phone number and other pertinent information.

• Send it now

• Music Downloads - the real scoop
  Hear from legal and technical experts and college administrators - because that's where the real action is. Could your children get you into legal hot water while they're away at school?
   
• Napping Napster on Verge of Waking Up
  The file sharing service that started the revolution is about to come back - legally.
   
• Regional Tax Sharing Resources
  My hometown of Pittsburgh is trying to deal with a financial crisis, so I looked up how other regions deal with the tax disparity between the core city and the suburbs. Some of the resources are interesting. So I thought I'd share them with you.

Megabyte Minute Radio

• Disruptions Worldwide
• A Svelte Handspring
• Ubiquitous Air Mail
• eBay Shipping Calculator
• Faster Net

Pass along your Tip Letter

Please pass this Tip Letter on to others. If you received this from a friend, please sign up for a subscription of your own. It costs you nothing to join. And you'll get the Megabyte Minute Tip Letter right in your own email inbox as soon as it is released. Better yet, subscribe to Spam Slicer. Then subscribe to the Megabyte Minute Tip Letter.

Google Links

Notice the Google search links on various pages on our new Megabyte Minute web site? Please use them to find additional information about our topic matter. They are specially served by Google to be related to the topic of the page you're reading.

Search tip:  If you don't want to lose your page, instead of left-clicking on the Google link, right-click. Then select [Open in New Window]. A new window will pop up with the Googled page. The Megabyte Minute page will stay open - behind the new window.

Keep The Megabyte Minute Tip Letter Free

We're glad to count you as a subscriber. Please help us pay for the costs of creating and sending the Tip Letter. You can do it in several ways:

1. Purchase Spam Slicer for yourself or your company. (You'll get the benefits of the Home Edition, Family Pack or Small Business Edition. It's perfect for people who subscribe to various newsletters.)
2. Use the Google links on the Megabyte Minute web site.
3. Sponsor our national radio show - Megabyte Minute
4. Purchase cost-effective, targeted advertising in the Tip Letter

David is available for corporate coaching, workshops, and presentations. Find out more by clicking the Contact tab at the top of this page.

MEGABYTE MINUTE TIP LETTER
Issue 1703mbm
Thursday, August 21, 2003
---------------------------------
Megabyte Minute, The Radin Report, and TipLetter are trademarks of M. Masters Corporation. All rights reserved. Spam Slicer is a trademark of Spam Slicer LLC. All rights reserved. All other trademarks are owned by their respective companies.