I send you this file in order to have your advice

by Bob Nunn

I got this in my email box the other day. It read:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

Well number one, I don't know anyone from this part of the country that speaks this way so it got my suspicion up. Secondly, who would be asking me for advice anyway. It has an attachment named VCDXXX.doc.pif. Of course I immediately double clicked it.

I bet you are thinking, boy what an idiot; now he's done it. Nope. I use Macintosh equipment. Double clicking only brought up a window asking me what program I wanted to open it in. I chose a text editor and looked at the content. I realized that it was probably a virus or a worm. In the text I read: This program must be run under Win32. After I got another 20 or so of these from all over, I knew it was. I just checked my mail again and I got one from Fred. I don't know who Fred is and the attachment was titled ISPRINGHAUSEN.doc.bat. Perhaps you have received a few of these. Well, don't open the attachment.

SARC - a defensive line?

A quick check on SARC <http://www.sarc.com> let me know that it was a worm called SIRCAM. Well, SIRCAM does effect Mac users. We have to suffer through deleting all of these attachments and mail from what seems like all over the planet. My Mac mail server is working overtime delivering attachments. What is really scary about this one is that it picks up a random document from your system and sends pieces of it with the SIRCAM worm. I just hope Ukrainian President Leonid Kuchma didn't have his enemies email addresses in his address book since his travel schedule went out courtesy of SIRCAM. <http://www.cnn.com/2001/TECH/internet/08/02/ukraine.sircam/index.html>

Tech TV has a few articles up about this <http://www.techtv.com/news/story/0,24195,3338667,00.html>. They point out also that in about one out of every 20 infected computers, SIRCAM will delete all the files and directories on the hard drive, according to the experts.

A friend of mine's wholesale price list was included with an attachment I got from him. I knew he was a victim when the same "I send you this file in order...." came with it. I just hope his competitors aren't in his Outlook address book. There are many other stories of businesses accidentally sharing their customer lists with their competitors and other confidential material being shared, etc. Hope you don't keep your customers credit cards in a list like that.

PLANT DIFFERENT TREES

This really is a nightmare for many folks. All I can say is, don't plant the same kind of trees your neighbor has. If everyone has the same trees, then everyone has the same diseases and pests and everyone's trees die at the same time. Just ask someone who remembers what an Dutch Elm tree looks like.

Quit using the same mail program. Quit using the same server software. Quit using the same browser as everyone else. In the next decade it may be your business's survival that is at stake and I think now may be the time to consider this. Perhaps your first line of defense should be something as simple as modifying the paths on your server to nonstandard paths. The problem is, all of them are set up exactly the same with the same drive names and the same paths. Mega software conglomerates installers place things in the same directories throughout the world.

I am not saying that one platform or the next is the best plan for everyone, but I watched while company after company succumbed to "we have to standardize our systems and software". Yeah good plan. It probably did make it easy for a couple of the tech guys in your company until the LOVE VIRUS hit and put you out of business for "How Long?".

CodeRed and 7 Really Serious Viruses

There were 7 "Level 4" viruses on SARC when I checked it the other day. All of them are directed at WIN32 machines. I won't even mention CodeRed Worm since it only affects Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Microsoft Windows NT 4.0 and Windows 2000 that run IIS 4.0 and 5.0 Web servers. There are probably only a few thousand folks running these programs. I have been watching my server logs getting tagged all evening by CodeRed. Of course my server simply says file not found instead of executing a command.

Yep, the patches are up on most of the virus sites. The problem with a patch though is, it is often too late and ten minutes later version 2 of the virus comes out. While you may have not been hit, lots of people were before the patch got written. You have to take a proactive approach to this.

I am no security expert and I know that any platform is vulnerable. I do know that you can make it harder for people to take advantage of you. Consider changing some of your systems to a different platform. Maybe it's time to put in that Linux Box or an OSX Server. There ARE alternatives out there. Eudora makes a decent mail client. Netscape makes a decent browser neither of which use Visual Basic to operate. One thing I do know is you better start thinking and doing something about this. It isn't going to go away. While your customers may be understanding a time or two while your systems are down with a virus, there will always be competitors still online taking orders from your customers.

You probably already have people in your office that would prefer to run an alternate setup. Perhaps it is time to let them have their way.

FROM: Bob Nunn

Hi how are you?

"I send you this article in order that you should take my advice".

See you later. Thanks

 

Bob Nunn - President, Operator Headgap Systems
E-mail: headgap@headgap.com
http://headgap.com http://tfbbs.com
http://mac-batteries.com - affordable clock batteries for your Mac!
http://drivejumper.com - jumpers or shunts are sometime hard to find but necessary when changing drive configurations. Order online!
http://MemphisApplecore.com - Apple User Group
http://PortalMemphis.com - Memphis Best Web Sites