Add to your RANT:
New E-mail Virus May Hurt Worse Than 'Love'
Take note:
**Kak affects computers running Internet Explorer 5.0 or
Microsoft (MSFT) Office 2000. It spreads by taking advantage
of a security hole in Explorer that is caused by a
programming bug in an ActiveX control called
scriptlet.typelib. The browser doesn't need to be running
for the virus to be unleashed, and the bug can be installed
on a computer through its default security settings,
according to a security alert issued Wednesday by the System
Administration, Networking and Security Institute.**
New E-mail Virus May Hurt Worse Than 'Love'
The bug doesn't even require a user to open the
attachment for it to spread. By Elinor Abreu
The Standard, May 10, 2000, 06:47 PM PST
As detectives in the Philippines continue their
investigation of the "ILoveYou" virus and as corporations
worldwide scramble to clean up in its aftermath, security
experts in the U.S. are targeting an e-mail virus that may
be more destructive: it doesn't even require its attachment
to be opened before it wreaks havoc.
First seen several months ago, the virus, which is called
Kak, seizes on any e-mail program that recognizes HTML, the
language used to create most Web pages. It infects computers
that lack updated virus protection when the e-mail message
that contains it is merely opened or previewed.
Kak affects computers running Internet Explorer 5.0 or
Microsoft (MSFT) Office 2000. It spreads by taking advantage
of a security hole in Explorer that is caused by a
programming bug in an ActiveX control called
scriptlet.typelib. The browser doesn't need to be running
for the virus to be unleashed, and the bug can be installed
on a computer through its default security settings,
according to a security alert issued Wednesday by the System
Administration, Networking and Security Institute.
"This is by far the fastest growing virus distribution
problem and ripe for a hugely destructive event � at least
as large as the ILOVEYOU virus," the SANS alert stated.
"If the ILoveYou virus had made use of this, we would have
gone crazy," says Jimmy Kuo, a McAfee fellow at Network
Associates (NETA) . "By the time you find out you've
received the e-mail, you've gone and looked at it, and that
itself sets off the virus and it's a bit too late."
The ILoveYou virus spread via Microsoft Outlook, sending
itself to all recipients listed in a user's address book
before deleting image files and hiding audio files. It has
spawned at least 25 copycats with varying levels of
destructiveness. Police in Manila, Philippines, released a
man from custody who they initially suspected of writing the
virus, and are now looking at suspects connected with a
local university.
In response to the outbreak of the virus, which has caused
an estimated $6.7 billion in damage, Microsoft and security
experts have advised computer users that the best way to
preempt infection is to avoid opening suspect attachments.
That remedy no longer applies.
A Minneapolis company claims to have developed the first
software that allows users to recover files destroyed or
hidden by the ILoveYou virus. OnTrack Data International's
EasyRecovery software, which sells for $49.95 and can be
downloaded here, restores JPG, JPEG, MP2 and MP3 files
damaged by the virus to their original condition. It doesn't
attempt to repair corrupted files or rewrite the original
drive, but instead locates the files' signatures, copies
"deleted" image data to a new location and reveals the
location of audio files, says Jim Reinert, OnTrack's
director of software products.
While the Kak virus, which Network Associates believes
originated in France, isn't as malicious as the ILoveYou bug
and doesn't spread in the same way, it has the potential to
be the most dangerous virus to date if it were expanded with
nasty attributes.
"The only viruses using [the hole] aren't very malicious,
but that has nothing to do with tomorrow," says Alan Paller,
director of research at the SANS Institute.
So far, the Kak virus doesn't do any damage and merely
displays a message on the first of the month that says:
"Kagou-Anti-Kro$oft says not today!" according to Network
Associate's profile of the virus. If a user's security
settings are set high, Kak might display warning messages
regarding ActiveX and scripts. Users who see a dialogue box
asking, "Do you want to allow software such as ActiveX
controls and plug-ins to run?" should respond "No."
The same security hole that spawned Kak also exposes users
to harmful scripts in malicious Web pages. Microsoft could
not be reached for comment on the hole, but a bulletin
posted on the software giant's Web site says it could allow
a "malicious Web operator to take inappropriate actions on
the computer of a user who visited the site."
Users of IE 5.0 and Office 2000 should update their virus-
detection software in order to close the hole, which takes
less than five minutes, according to Paller. Network
Associates also advises computer users to remove Windows
Scripting Host from their systems.
Tools to patch the hole, which Microsoft posted in August
1999, are available here:
http://www.microsoft.com/security/bulletin/ms99-032.asp
and a correction script may be run directly from here:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Network Associates has information on its Web site about the
virus: http://vil.nai.com/villib/dispVirus.asp?virus_k=9706
Copyright (c) 2000 The Industry Standard
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
