Karaoke Forums

http://www.infoworld.com/article/06/08/ ... ing_1.html
Hackers target flaw in networking function within Windows used for file sharing and printing

By Jeremy Kirk, IDG News Service
August 14, 2006    

Hackers are actively using exploit code to target a flaw in Microsoft's software that generated a special warning from the U.S. government last week.


The problem concerns a networking function called Windows Server services within the Windows OS, used for file sharing and printing.

Microsoft issued a patch, MS06-040, for the problem on Aug. 8, which affected several Microsoft OSs. Security experts warned then that exploit code had been detected and could be used more widely.

However, the latest exploit code only affects users running Windows 2000 who have not applied the patch, Microsoft said. The impact so far from the malware, which the company calls "Win32/Graweg," has been low, the company said.

"We are not currently aware of widespread customer impact," Microsoft said Sunday.

The SANS Institute reported on Sunday other names given to the malware by security vendors. Symantec calls it "W32.Wargbot" while TrendMicro has named it "Worm.IRCBOT.JK and JL." McAfee goes by "IRC.Mocbot" and F-Secure refers to the malware as "IRCBOT-ST."

The malware is a "bot," a class of malicious code that allows a hacker to take remote control over a computer. The malware appears to be a version of one called "Mocbot," which first appeared in late 2005, according to Lurhq, a security company. Both SANS and Lurhq said two similar versions of the bot are circulating.

Once on an infected machine, the bot contacts remote servers in China over IRC (Internet Relay Chat), Lurhq said.

"Historically Chinese ISPs (Internet Service providers) and government entities have been less-than-cooperative in taking action against malware hosted and controlled from within their networks," Lurhq said in an advisory.

The bot is capable of several malicious functions, Lurhq said. It can send messages through a user's AOL Instant Messenger account, an activity that could be used to trick other users into downloading the bot. It's also possible to use the bot to launch a DDOS (distributed denial-of-service) attack, Lurhq said.

The bot could also spread itself to other computers on a network, giving it worm-like characteristics. Microsoft, however, said the exploit code does not appear to be self-replicating at this point

The U.S. Department of Homeland Security highlighted the MS06-040 vulnerability a day after Microsoft issued a patch, saying it "could impact government systems, private industry and critical infrastructure, as well as individual and home users."

Microsoft issued a total of 12 fixes this month on what's known as "Patch Tuesday."

Is XP safe?

I use PC-WINxp with both hardware and software firewalls
I have anti-spy and anti-virus programs are always running - these are auto updated
I run anti-spy detector and remove tracking cookies daily
have full encryption active with IP masking also active
I set open ports manually and block known hacker ports

Is this enough?  
I ask because I only do MS updates when absolutely needed!
ALWAYS have to spend hours afterwards fixing stuff MS updates will glitch up
Would rather not do it unless I have to...would appreciate hearing your opinion, Knightshow

Thx, Tink

Deleted-

Another good reason to defect to the Mac side.

I've only had one real issue with a microsoft patch. Other than that, I do auto updates on the patches with no problems

Deleted---

Hi Gilly
You know, in some respects, I agree with you about MACs.  My first computer was a MAC and they have a lot going for them.

The best feature they have is the one you mentioned here. MACs have had such a small market share that hackers typically don’t bother writing stuff to attack them.  Of course the flip side of that coin is that software programmers don’t always bother writing stuff for them either.  That is what moved me from MAC into the WIN.x world about 6 or 7 years ago.   I don’t see it as much these days (still pretty often though), but I just did not like seeing “Not Available for Macintosh” on most of the things I wanted to do.

Switching to PC has been a learning adventure for me.  With the help of talented friends my first PC was built from components off the shelves at Fry’s.  I accept the perils in the PC world though I’ve had to continue learning.   It’s been kind of like learning to ride a unicycle.  Tough at first, but still fun.

About 5 years ago, while still playing with WIN.98, I had an OS crash, reinstalled and had the same crash again 10 days later.  Reinstalled and first website I went to was MS Knowledgebase and basically typed in “WTF?!”  Answer came back with 98% probability that it was a known issue where WIN.98 would crash if MS updates were not installed within 10 days.  

Since then I’ve learned to install all updates as needed, though I am still very cautious about allowing MS to install stuff that allows them or anyone else to have remote access to my PC.  This is why I do custom updates.  MS auto-updates also usually include a bunch of stuff I just don’t want or need like “briefcase suite” and other garbage.  It takes time to pick through and do only what I feel is important but it holds down on headaches and hard drive space in the long run.

I’ll try to make this brief.   PCs have one other advantage that I really like.  About 3 years ago during one of our lovely “rolling black-outs” my PC motherboard got fried.  Had surge protection but it just wasn’t enough for whatever hit that day.  I’ll spare everyone all the techie details but I walked out of Fry’s with a new tower (motherboard and a lot else included) for a little under $200.  With salvaged usable parts from the old PC, I was backed up and online within a day.  Don’t know what typical cost would have been for getting a fried MAC up and running again.  Maybe someone here will know.

BTW I spent too much of my spare time last night reading what I could find on this heads-up (thanks, Knightshow).  I know just enough about WIN.xp to take this one seriously.  This virus is based on WIN.2k, but then so is WIN.xp.  Attacks are few so far but seem to be similar to the infamous “code red” virus a few years ago.  My spare time tonight will be spent doing a custom MS update for the patches I REALLY need.  

Last thought for today…  Gilly, I truly do like MACs…just don’t like their limitations and cost factors.  One thing I truly do love though are the devoted longtime MAC fans.  They are always wonderful and unique people who are able to think “outside the box.”  I’ve had this view ever since I was using a MAC, and I must say, you have not changed my view on this at all.  :handshake:

deleted----

Keep talkin', Gilly, you might win me back when my pocketbook expands

I reeeally do love MACs based on similar early education, but have had to make compromises based on what I want to do and the money it takes to get me there.

I might catch up with you someday and will always enjoy hearing what yo're up to with your MACs  :yes:

The MacMuses are calling me, the little Scott's sirens beckon. Should I forsake the clan that has forsaken me to join the clan of the apple.

I just might.

It is one way to stay out of the clan wars. What about the clearances though? Will I awaken one day to find my landlord has burned my home and killed my livestock? So he can do what? Tend sheep?

It is a risk I must consider if I join that highland clan, Intosh.

Deleted------

can we stay on TOPIC for ONCE... Just ONCE?

there are plenty of other threads out there to destroy.

My Gawd in a flippin' SIDECAR!

Sorry, I immediately took the topic OFF topic. But, I didn't entirely mean to. it just happens with me.

I obviously shouldn't have posted at all, because I don't own a "microsoft computer". I apologize.

Sorry.

I spend too much complaining about Microsoft. I need to just keep in mind that there will always be exploits for any OS that MS creates.

I'll notify the IT department where my wife works. They are often the last to know bout these security issues.

Out of respect to Matt's thread, I will confine my complaints for MS in the following thread, http://www.karaoke-forum.com/viewtopic. ... sc&start=0, and I will treat this thread as a tech thread.

Excuse me Matt. Carry-on.

... I wasn't MAD guys... and Gilly, I WAS following the MAC stuff...

Sorry you deleted your comments.

everyone... Sorry for being too intense, or coming off that way!

Knightshow---Does your god really ride in a sidecar? I might be interested in your religion, where can I sign up?



Sorry. I can talk er... mac talk, in private though;)

And, I don't mind if you come off as intense, just so long as you come:)


Ok. I think i just made up for all of the replies of mine that I deleted. Back to your regularly scheduled programming:)

A few nights ago I posted that where asia andy wanted to join my buddy list on msn live messenger...  I deleted it 3 or 4 times finally I clicked yes The next day he logged on it wasnt 1 minute and zone alarm or something popped up Im msngr wants to act as server grant permission?   I clicked no and deleted asia andy as fast as I could.

I havnt read anything lately about backdoors in microsoft messenger but I sure suspect it..

@ Gilly... g/f you ROCK ON!!!

Mark, my updates are all done
Thanks for the heads-up to get it done

Tink

Whilst an up to date firewall and virus checker helps it's foolish to think these are enough. Each software release is designed to address the latest threats and counter measures. this is why in some respect each release of windows is guaranteed to be more secure as it addresses the latest threats where as the old versions do not. The fact it might have some new undiscovered holes is another issue but with the general improvements in MS software security these new holes are becoming a lesser risk.

Many virus and worms can circumvent firewall and virus checkers this is sometimes through malicious code and on other occasions through social engineering. If this happens your last line of defence could be an up to date copy of windows or office.

Windows XP is certainly the most secure operating system I've seen and Vista promises to be even better.

One thing people forget is that if there were as many people using Linux or macs as there are using windows there would be as many threats for those platforms. the fact is that "hackers" know the majority of people use windows and therefore spend most their time looking for exploits in these machines. So whilst using a mac may mitigate some risks it is inaccurate to say it is more secure.

_________________
Dan Bayley