Alerts: dangerous new virus & a big red Mars

2003-08-15

Richard Moore

--------------------------------------------------------
Delivered-To: •••@••.•••
From: •••@••.•••
Subject: [OCtech] Digest #10: Technology Tips: AntiVirus; Open Source; Events;
 Email Merges
List-Id: Organizers' Collaborative Technical Digest 
<octech.lists.democracygroups.org>
List-Post: <mailto:•••@••.•••>
List-Subscribe: <http://lists.democracygroups.org/mailman/listinfo/octech>,
        <mailto:•••@••.•••?subject=subscribe>
List-Archive: <http://lists.democracygroups.org/pipermail/octech/>
Date: Thu, 14 Aug 2003 13:00:39 -0400

========================================
OCTech E-mail Digest 2003, #10     ----      August 14, 2003
Published by Organizers' Collaborative, Inc. (www.organizenow.net)
Contents of this Digest:

1. Important information on the New Windows Virus
2. New Email List Established - Open Source on the Desktop for Nonprofits
3. Upcoming Demonstrations of Organizers' Database
4. How to send personalized Mass Email for free (Fletmail)

========================================

1. Information on the New Windows Virus

Dear OC Tech readers:

In response to the questions we have been getting, yesterday I prepared a draft
summary about the Windows security problem (revealed last month) and
the new Microsoft virus/worm which, just in the last few days, has been
widespread on the Internet.

This is a SERIOUS issue unlike any previous Windows virus; that is why we
are alerting you all in this e-newsletter.  After reading this, I think
people will be convinced of the need to update their PCs.

-rich

P.S. Several people responded to an early draft of this by suggesting
nonprofits use GNU/Linux.  While this might be a good idea, switching is
not trivial; if you want us to go in this direction the best thing you can do
is make a donation to the group NOSI.NET, by sending a check made
payable to "CFNCR/NOSI" and sending it to NOSI, c/o Community Fdn. of
the National Capital Region, 1201 15th St., Washington, DC  20005. OC
is doing some work with Nonprofit Open Source Initiative on a booklet that
explains some of the alternatives to Microsoft that are available, and on a
new email list (see item #2 in this newsletter to subscribe).



TIP SHEET:  "Talking points" About the New "MSblast" Virus -- and the
Windows security Problem, MS03-026, that it depends on

Prepared by www.organizenow.net

a) The new computer virus that has been circulating spreads in a different
method from almost all previous viruses:  it does not spread through email
or web sites: you can get the virus IF YOU HAVE A COMPUTER WTH
CERTAIN VERSIONS OF WINDOWS that can be accessed by another
Windows computer on a network (see #3, #4 for details).

b)  To fix the problem you need to download a patch from Microsoft.  However,
the usual method to download the patch, to use the WindowsUpdate web site,
might not work as the latest virus is designed to overload and disable this web
site.  So it might be better to fix the problem by following the instructions 
here:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

c) The virus does not affect all versions of Windows, but it does affect the
newest versions.  It affects Windows XP, 2000, or NT -- basically all the
systems that allow people to remotely log in to a machine.  It does not affect
Win95, Win98, or WinME, which don't have built in remote access capability.

d) The new virus spreads by randomly generating IP addresses, the numeric
addresses that are used to identify computers on a network.  So if you dial in
on a modem to the Internet, you are vulnerable as dialing in gives your computer
a temporary IP address, making it accessible to other computers.

If your computer is not directly on the network but is behind a router (which is
usually the case with DSL or with small offices), then you won't be as 
vulnerable,
because PCs outside your office can't directly reach your machine.  Even if you 
do
have a router (or firewall), it is possible for you to be infected if someone in
your
office hooks up an infected laptop to your network!  This is because the new 
virus is
programmed to try to infect the local area network even before it tries outside 
machines.

e) If you have the new virus your machine may no longer be able to connect to 
the
Internet.  You can tell you have the new virus by the presence of the file:
c:winntsystem32msblast.exe                 (on win nt/2000)
c:windowssystem32msblast.exe             (on win XP)

It is not easy to remove the virus, but a tool and instructions for doing so is 
here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

f) Even if you don't have the virus, the nature of the security problem with 
Windows is
so severe that you will definitely want to fix your machine as described in #2.
How
severe, you ask? Let me illustrate how vulnerable you actually are:

Since August 1, 2003 there is a hacking tool widely available on the Internet, 
i.e.:
http://cyruxnet.com.ar/download/rpcdcom/dcom_final.zip

that allows you, if you can open up a "Command Prompt" on your computer, to
easy open a "Command Prompt" on someone else's computer, and delete or modify 
files.
Just download the tool, unzip it into c:, Click on Start->Run and type 
'command.' and
type 'dcom  0 123.45.67.89' and press <enter>.  If that doesn't work, try
'dcom  1  123.45.67.89'; one of these works for WinXP, the other works for 
Win2000.
You would replace 123.45.67.89 with the IP address of the machine you are trying
to test.

g) If you do have the virus, your machine is programmed to launch an attack on
Microsoft, starting this Saturday.  It is therefore important to act now, as it 
might
be more difficult to fix this problem after Microsoft is attacked!  More details
are here:
http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html



--------------------------------------------------------
Date: Thu, 14 Aug 2003 13:12:51 -0700
From: Anita Sands Hernandez <•••@••.•••>
Organization: StarPower Map of the Month 
X-Accept-Language: en
To: anita <•••@••.•••>
Subject: close encounters of the third kind

> CLOSE ENCOUNTER WITH MARS 
> 
> Never again in our lifetimes will the Red Planet be so spectacular! 
> 
> This month and next Earth is catching up with Mars, an encounter that will 
> culminate in the closest approach between the two planets in recorded 
> history. 
> 
> The next time Mars may come this close is in 2287. 
> 
> Due to the ways Jupiters gravity tugs on Mars and perturbs its orbit, 
astronomers can only 
> be certain that Mars has not come this close to Earth in the last 5,000 
> years but it may be as long as 60,000 years. The encounter will culminate on 
> August 27th when Mars comes to within 34,649,589 miles and will be 
> (next to the moon) the brightest object in the night sky. It will attain a 
magnitude 
> of -2.9 and will appear 25.11 arc seconds wide. At a modest 75-power 
magnification, 
> Mars will look as large as the full moon to the naked eye. 
> 
> Mars will be easy to spot. At the beginning of August Mars will rise in the 
> east at 10 p.m. and reach its azimuth at about 3 a.m. But by the end of 
> August when the two planets are closest, Mars will rise at nightfall and 
> reach its highest point in the sky at 12:30 a.m. That's pretty convenient 
> when it comes to seeing something that no human has seen in recorded 
> history. 
> 
> So, mark your calendar at the beginning of August to see Mars grow 
> progressively brighter and brighter throughout the month. 
> Share this! No one alive today will ever see this again. 
More on Stars, metaphysics, conspiracy theory, astrology, plus 12
lessons in palmistry wi. graphics so you can start today, all at
http://home.earthlink.net/~astrology/
and legacy for our children project, at
http://home.earthlink.net/~charettem/

--------------------------------------------------------

Share: