-----<BR>Nimda<BR>-----<BR>Our previous email stated that only Microsoft servers were affected. It<BR>has since been found to attack home computers as well.<P>As if the events of the past week haven't been enough to deal with,<BR>there is a new virus/worm called Nimda. Every computer running<BR>Microsoft Windows 95, 98, 98SE, ME, NT, or 2000 is vulnerable.<BR>Computers running non-Windows operating systems (like Macs and Linux<BR>boxes) are *NOT* vulnerable, though.<P>How is Nimda different from all the other viruses out there?<BR>Well, if you'll pardon my using an analogy, most viruses try to break<BR>into your computer through your front door. Close the front door and<BR>the virus ceases to be a threat. Nimda tries to break in through your<BR>front door, your living room window, and your chimney. Close the<BR>front door and you're still vulnerable.<P>In other words, you're going to have to do a bit of work to protect<BR>your computer from Nimda.<P>----------------------<BR>Closing the Front Door<BR>----------------------<P>Update your virus definitions. This closes the front door. How do<BR>you update your virus definitions? That depends on the antivirus<BR>program you use. Norton Antivirus has a "Live Update" button built<BR>into the program; click on it, and Norton automatically downloads and<BR>installs the latest virus definitions from Net. McAfee VirusScan has<BR>a similar update function (go to File --> Update VirusScan).<P>If you do not have a virus checker installed get on the net and download a<BR>free one at <A HREF="http://WWW.grisoft.com." TARGET=_blank>WWW.grisoft.com.</A> <P>And, of course, *NEVER* double-click on any file, especially an email<BR>attachment, regardless of who the file is from, until you first scan<BR>that file with your antivirus program.<P>As long as you update your virus definitions weekly and never double-<BR>click on attachments without first scanning those attachments, you're<BR>pretty well protected from *most* computer viruses.<P>But not Nimda.<P>------------------------------<BR>Closing the Living Room Window<BR>------------------------------<P>Nimda also exploits a well-known hole in the PC version Internet<BR>Explorer (other versions, including the Mac version of Internet<BR>Explorer, are *NOT* affected by this hole). According to Microsoft,<P> Internet Explorer does not handle MIME (Multipurpose Internet<BR> Mail Extensions) headers in HTML e-mails correctly. If a<BR> malicious user sends an affected HTML e-mail or hosts an affected<BR> e-mail on a Web site, and a user opens the e-mail or visits the<BR> Web site, Internet Explorer automatically runs the executable on<BR> the user's computer. If this occurs, the executable can take any<BR> action on the computer that the user can take, including adding,<BR> changing, or deleting data, communicating with Web sites, or<BR> reformatting the hard drive.<P>Fortunately, Microsoft patched this hole back in March. And finding,<BR>downloading, and installing this patch couldn't be simpler: just run<BR>Windows Update and download *ALL* of the critical updates.<P>There are a couple ways to run Windows Update, but the easiest is to<BR>launch Internet Explorer and then go to Tools --> Windows Update. You<BR>can also go to Start --> Settings --> Windows Update. Either way will<BR>automatically redirect you to Microsoft's Windows Update page at<BR> <A HREF="http://windowsupdate.microsoft.com/default.htm" TARGET=_blank>http://windowsupdate.microsoft.com/default.htm</A> <P>On the top left side of the Windows Update page, click on the "Product<BR>Updates" link (it is the one with the hand and the red *). A pop-up<BR>window will appear, telling you to wait while your computer DOESN'T<BR>send any information to Microsoft (well, that's what it says!)<P>Eventually, you'll see a page that says "Select Software." When<BR>Microsoft releases an essential update or patch to close a security<BR>hole in Windows, they put it in this page's "Critical Updates" section.<BR>Microsoft also puts a bunch of other, non-essential stuff on this page,<BR>but you can ignore that. You are here for the Critical Updates.<P>Select (or click on) EVERYTHING in the "Critical Updates" section --<BR>you need *ALL* of the critical updates -- and then click on the big,<BR>grey "Download" arrow in the top right hand corner of the page. Then,<BR>just follow the on-screen prompts.<P>This closes the living room window so to speak.<P>By the way, if you run Windows Updates and don't see any Critical<BR>Updates, don't panic. This just means that your version of Internet<BR>Explorer has already been patched (and your living room window is<BR>already closed). []images/icons/default/smile.gif" border="0[/]<P>-------------------<BR>Closing the Chimney<BR>-------------------<P>You're still not done. According to our friends at CERT,<P> As part of the infection process, the Nimda worm modifies all web<BR> content files it finds (including, but not limited to, files with<BR> .htm, .html, and .asp extensions). As a result, any user<BR> browsing web content on the system, whether via the file system<BR> or via a web server, may download a copy of the worm. Some<BR> browsers may automatically execute the downloaded copy, thereby<BR> infecting the browsing system.<P> <A HREF="http://www.cert.org/advisories/CA-2001-26.html" TARGET=_blank>http://www.cert.org/advisories/CA-2001-26.html</A> <P>You've already taken care of the automatic execution problem in the<BR>last step (Microsoft's Critical Update patch closes that hole), but it<BR>is still possible that an infected Web page could automatically<BR>download a Nimda virus-infected file to your computer. Your computer<BR>wouldn't be infected, though. Instead, the virus-infected file would<BR>be like a letter bomb; it will just sit there, taking up space,<BR>waiting for you to open it.<P>The folks at CERT recommend disabling JavaScript to avoid this<BR>problem, but I have a much more beautiful solution: download and<BR>install a "pop-up killer" like WebWasher. Nimda tries to "come down<BR>the chimney" through JavaScript pop-up window. Pop-up killers like<BR>WebWasher keep this from happening.<P>In other words, WebWasher closes the chimney.<P>Originally developed by German electronics giant Siemens, WebWasher is<BR>a filter program for PCs, Macs, and Linux boxes running either<BR>Netscape Navigator or Microsoft Internet Explorer. Once you install<BR>WebWasher on your computer, the program automatically blocks unwanted<BR>Web content like banner ads and pop-up windows. Instead of the ads,<BR>all you see is white space -- the ads aren't even downloaded! []images/icons/default/smile.gif" border="0[/]<P>What is most amazing is that WebWasher is free for home and education<BR>use. You heard right, folks: IT'S FREE! To download WebWasher, point<BR>your Web browser to<BR> <A HREF="http://www.webwasher.com/en/products/wwash/download_license.htm" TARGET=_blank>http://www.webwasher.com/en/products/wwash/download_license.htm</A> <BR> <BR>and click on the "I agree" button. The download process is self-<BR>explanatory.<P>Once you download WebWasher to your hard drive (the file less than 1<BR>Mb in size, so it should download pretty quickly). double-click on the<BR>installation file to install the program, and then follow the on-<BR>screen instructions to configure both WebWasher and your browser.<BR>This sounds complicated, but it is actually rather easy.<P>That's it! You are now free to surf the Web relatively ad-free. And<BR>unlike a lot of other ad filtering programs, WebWasher doesn't change<BR>the appearance of most popular Web sites. In fact, some sites -- like<BR>Intellicast -- look significantly better without the ads!<P>As I said earlier, most viruses try to break into your computer<BR>through your front door. Close the front door and the virus ceases to<BR>be a threat. Nimda tries to break in through your front door, your<BR>living room window, and your chimney.<P>BUT, if you update your virus definitions, never double-click on<BR>attachments, download and install the Critical Update patches from<BR>Microsoft, and use a pop-up killer like WebWasher, the Nimda virus<BR>will become just like Yoko Ono: an annoying thing about which you need<BR>not worry. :P<P>---------------<BR>And Finally ...<BR>---------------<P>After last week's attack, I decided to check my homeowners insurance<BR>to see what is and is not covered. Here is what I found. The last<BR>sentence gave me a much-needed chuckle.<P> Section 1 - Losses Not Insured<BR> 1. e. War, including undeclared war, or any warlike act,<BR> including destruction or seizure or use for a military purpose,<BR> or any consequence of these. Discharge of a nuclear weapon is<BR> deemed a warlike act even if accidental.<P>Credit for much of the text contained in this letter goes to Patrick<BR>Douglas Crispen who writes a very interesting news letter. You can find<BR>them on the net at <A HREF="http://www.TOURBUS.com" TARGET=_blank>http://www.TOURBUS.com</A> <P><BR>Cheers,<P>Stan.