Norton AntiVirus 2000
According to Bugnet (www.bugnet.com), there’s a security hole in NAV 2000 that leaves a TCP/IP port wide open to Internet attackers while scanning e-mail messages on Win 95/98/NT machines. Hackers can then use this open port to crash certain portions of NAV 2000 or, in certain situations, the host machine itself.
Symantec has issued a patch that’s available through its LiveUpdate feature. The patch will change the port 110 settings to “closed”, allowing only Norton AntiVirus 2000 on your system to use it. Thus, if a hacker tries to send arbitrary data to the open port, the host machine will return a connection error. It’ll also prevent hackers from hitting the host machine with buffer overflow attacks.
To get LiveUpdate, go to Start> Programs>Norton AntiVirus>LiveUp-date-Norton AntiVirus.
Mac OS 9
According to Bugnet (www.bugnet.com), there’s a security hole in Mac OS 9 that reveals the previous user’s NetWare connection when you log in under a different user account. Thus, when NetWare users log out from the Mac OS 9, their NetWare connections remain active and open to subsequent users.
The problem arises because Mac OS 9 uses a closed security database. When users log out of the operating system, it checks for and closes all active AppleShare mounted drives, but doesn’t check for any mounted NetWare volumes.
This vulnerability won’t endanger AppleShare servers and it won’t open your machine to any unwelcome mischief. However, it leaves the door wide open to your NetWare servers, especially if you use Mac OS 9’s password-free Guest account feature.
Apple is aware of the problem but failed to comment regarding any plans to modify its security architecture to support non-AppleShare clients.
As a temporary workaround, click on the NetWare tree from your Apple taskbar and select Logout completely. Then log out of Mac OS 9 by clicking on the special pull-down menu from the Apple taskbar and click on logout.
This is a Trojan horse that pretends to be a fix for the Y2k bug. It arrives as an EXE file named Y2k.exe–an MS-DOS executable about 24,944 bytes in size–and deletes all the files on your PC.
It simulates a Y2k-compatibility check on your PC and displays a generic menu on your screen. The program pretends to be checking all your files while in reality it overwrites and deletes all of them. You can also see the file names at the bottom of your screen.
However, upon completion you’re informed that you’ve been fooled and have actually been hit by a virus. This corruption renders the system inoperable.
To get rid of this trojan, delete the Y2k.exe file. If you’ve already run the program, you must restore your system completely.
New virus spreads from
According to Computer Associates, there’s a new virus–Win32/H4.1852–that can infect systems simply by browsing Websites. Unlike viruses that spread through e-mail, this virus distributes itself by directing your Web browser to a Web page that contains the virus. It’s likely to affect those who use IE on a machine with Windows scripting host installed and the security settings set to low. If your security settings are set to medium or higher, it’ll prompt you before executing the code.
The virus payload is created by a VBScript routine that can be embedded in any HTML page. It creates a debug script and batch files, which when executed creates additional files to infect your system. The virus infects EXE and SCR files in several directories and deletes the data files of several anti-virus vendors.
It also creates a shortcut that points to the virus-writer’s page. At present, the virus is ineffective due to problems in its code, but these are likely to be fixed in the near future.
This is a Portuguese Happy New Year Trojan that deletes files on your PC and leaves it unable to boot. It deletes the following files:
After deleting all these, it displays
a bitmap of an ugly-looking face entitled
“FELIZ ANO NOVO!!!” which means “Happy New Year”.
When you press Exit, it displays a number of message boxes in Portuguese. Your PC may not be able to boot after that.
The Windows installation directory (“C:\Windows”) is hard coded in the trojan body and the trojan won’t cause any harm if Windows is installed in any other directory.