hwg-techniques archives Sep 2001 new search results previous next

Re: Virus !?! RE: Please Read This Announcement Everyone

by "Dave Hall" <dhall(at)wavegate.com>

 Date:  Tue, 18 Sep 2001 21:31:48 -0400
 To:  <hwg-techniques(at)hwg.org>
 References:  alg2 cincy opalintel
  todo: View Thread, Original 
    Thanks for this most recent notice of the related virus information. I
have gathered several web resources which will help each of you protect your
computers. Feel free to comment on any of the items below or to contact me
if you have PC security questions.

Microsoft's official statement on Nimda:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
topics/Nimda.asp

Wired News article outlining the effect and prevention of the Nimda (Admin
spelled backwards) virus:
http://www.wired.com/news/technology/0,1282,46944,00.html

Symantec's Antivirus Research center gives the technical advice on removing
the virus from an infected computer and displays other related information:
http://www.sarc.com/avcenter/venc/data/w32.nimda.a(at)mm.html
    Main SARC page outlining current virus threats:
    http://www.sarc.com/

Cert.org has yet to release the memo on this virus, however, increased port
80 scans have been detected:
http://www.cert.org/
    Cert's port 80 scan activity info:
    http://www.cert.org/current/current_activity.html

The proposed fix revolves around either patching IE (Security bulletin
number: MS01-020), Upgrading to IE6, or by turning "Active Scripting" off in
all security zones (located in Tools --> Internet Options --> Security
Tab --> Select the zone to set (setting all is recommended) --> Select
"Custom Level" --> scroll down to Active Scripting and select "Disable".

Disabling the Active Scripting may cause problems when accessing Outlook Web
Access and other similar interactive scripted applications.

A quick note on good security practices:
    Never view E-mails you aren't expecting, especially those bearing
attachments.
    If you believe you are infected, disconnect from the net immediately in
order to reduce the risk of spreading a virus.
    Have the latest virus scanner installed and schedule daily virus
definition updates. I recommend Norton Antivirus for its frequent updates
and excellent detection capabilities.
    Make sure your virus software has an auto-protect feature and that it is
enabled.
    Make sure your Antivirus scanner is set to scan all files as opposed to
program files only.
    Run a personal firewall, such as ZoneAlarm from http://www.zonelabs.com/
to monitor and prevent unwanted internet activity originating from or
arriving at your computer. This step will help prevent infection by trojan
horse programs such as Sub7 or BackOrifice.
    If you have questions, be sure to ask a system administrator or
knowledgeable computer professional. It's better to be safe than sorry!

I hope all of this helps. If you should have any questions, feel free to let
me know.
Dave
**********************************************
dave(at)exterranet.com
webmaster(at)berry.edu
http://www.berry.edu/
http://www.news-at-eleven.com/
**********************************************

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA