# Good reads on AV



## merlin

Well, I've decided to put up a thread with links to various pages with AV content. I will try to follow up with AV issues as they become available. Primary scope of this is to help members and visitors with finding upgrades, patches, and downloads related to the current AV issues. There should be a similar thread in Security Forum, focusing on all of the current security issues. If anyone has a great link, tip or a suggestion to offer, please feel free to post it. Please do not post links or how to's related to hacking, cracking, and other illegal activities. Thanks and enjoy !!!


----------



## merlin

*GNU Project FTP Server Compromise*

The GNU Project, principally sponsored by the Free Software Foundation (FSF), produces a variety of freely available software. The CERT/CC has learned that the system housing the primary FTP servers for the GNU software project, gnuftp.gnu.org, was root compromised by an intruder. The more common host names of ftp.gnu.org and alpha.gnu.org are aliases for the same compromised system. The compromise is reported to have occurred in March of 2003. 
Because this system serves as a centralized archive of popular software, the insertion of malicious code into the distributed software is a serious threat. As the above announcement indicates, however, no source code distributions are believed to have been maliciously modified at this time.

More about this at CERT 

Fix for the issue : 
We encourage sites using the GNU software obtained from the compromised system to verify the integrity of their distribution. 
Sites that mirror the source code are encouraged to verify the integrity of their sources. We also encourage users to inspect any and all other software that may have been downloaded from the compromised site. Note that it is not always sufficient to rely on the timestamps or file sizes when trying to determine whether or not a copy of the file has been modified.


----------



## merlin

*Viralock*

Viralock has software that prevents mass-mailing of infected emails. If you do get a virus that tries to mass email itself trough your email, Viralock stops it before it gets out. They do have a trial download. Check it out 

http://www.viralock.com/


----------



## merlin

*Some interesting SOBIG.F stats up to date*

Computers infected since August 19, 2003 
North America 85,710 
Europe 56,907 
Asia 408 
Australia and New Zealand 101 
South America 70 
Africa 11 
(unknown) 9 
Total 143,216 

Top 10 countries 
United States 85,501 
Denmark 38,642 
Norway 11,774 
Sweden 1,408 
Iceland 1,149 
Switzerland 1,018 
Germany 696 
United Kingdom 611 
Finland 430 
Italy 397 

Rate of infection 
North America 3.8% 
Australia and New Zealand 3.0% 
Europe 2.5% 
Africa 1.3% 
Asia 1.1% 
South America 0.9%


----------



## merlin

*$800 from Microsoft Hoax*

The $800 for Microsoft warning is a hoax, The hoax message is similar to the following

Netscape and AOL have recently merged to form the largest internet company in the world. In an effort to remain at pace with this giant, Microsoft has introduced a new email tracking system as a way to keep Internet Explorer as the most popular browser on the market. This email is a beta test of the new software and Microsoft has generously offered to compensate who participate in the testing process. For each person you send this email to, you will be given $5. For every person they give it to, you willbe given an additional $3. For every person they send it to you will receive $1. Microsoft will tally all the emails produced under your name over a two Week period and then email you with more instructions. This beta test is only for Microsoft Windows users because the email tracking device that contacts Microsoft is embedded into the code of Windows 95 and 98. I know you guys hate forwards. But I started this a month ago because I Was very short on cash. A week ago I got an email from Microsoft asking me For my address. I gave it to them and yesterday I got a check the mail for $800. It really works. I wanted you to get a piece of the action. You won't regret it.

Courtesy of 
Symantec


----------



## merlin

*Blocking Kazaa traffic with Linux/IPTables firewall*

The "p2pwall" project has developed a GPL add-in for iptables based firewalls that allows blocking of traffic to and from "Fast-Track" software such as "Kazaa", Kazaa-lite, iMesh and grokster. The software is designed for use in "permissive" firewall configurations where home-net hosts are permitted more or less unlimited access to the public internet, but are protected from in-bound connections. Ftwall adds logic to such systems to block all fast-track traffic, thus protecting precious network bandwidth and reducing the risk of legal action resulting from the downloading of copyright material by network users

More here


----------



## merlin

*Zombie Attackers*

While researching information for writing Spyware, Part 1 and Part 2, I explored the Gibson Research Corporation Web site. Steve Gibson, an assembly language programmer and noted advocate for consumer privacy on the Internet, is also interested in security systems connected to the Internet. Recently, script kiddies attacked his Web site (script kiddies are young crackers who maliciously knock off Web sites).

Unlike most victims of an Internet assault, Gibson dissected and analyzed the attack. On his Web site, Gibson describes what he did to find out how the script kiddies used a Distributed Denial of Service (DDoS) attack on his systems, and he shares what he can do to protect his Web site in the future. It turned out that some young people created automated robots (bots) that spread through email. Once installed and operational on a target (zombie) computer, these bots connect to an Internet Relay Chat (IRC) room and receive commands from a central operator (the attacker). With hundreds of these infected zombie computers at the operator’s command, the attacker invoked simultaneous large-packet pings and broken Internet Control Message Protocol (ICMP) messages, which overloaded Gibson’s dual-T1 connection to the Internet. Under this heavy load, legitimate traffic couldn't get through, so Gibson's Web site appeared to drop off the Internet.

Read more


----------



## merlin

*How Firewalls Work*

Many small office/home office (SOHO) users connect to the Internet, and many have a network of computers. Any network that connects to the outside world needs protection against unauthorized use and entry, and a firewall provides that protection.

read more here


----------



## merlin

*Email Security Testing Zone*

Is your email system secure against email viruses and attacks?
The most deadly viruses, able to cripple your email system and corporate network in minutes, are being distributed worldwide via email in a matter of hours (for example, the LoveLetter virus). Email worms and viruses can reach your system and infect your users through harmful attachments. But that's not all! Some viruses are transmitted through harmless-looking email messages and can run automatically without the need for user intervention (like the Nimda virus). Are you covered against such threats?

Check here


----------



## merlin

NAME: Mimail.C 
ALIAS: I-Worm.Mimail.c, W32/[email protected], Mimail.C 
ALIAS: Bics, I-Worm.WatchNet 

Mimail.C worm was first found on 31st of October, 2003. The worm spreads in e-mails as a ZIP archive that contains the worm's executable with PHOTOS.JPG.EXE name. The worm tries to perform a DoS (Denial of Service) attack on certain sites and to steal information from infected computer users. 

NOTE: Shortly after Mimail.C was found, also D, E, F, G and H variants have been found. They have minor differences and attack other web sites. F-Secure Anti-Virus detects them too. 

Mimail variants


----------



## BernieLJ

*AD-Ware/Spy-Ware etc.*

I use SpywareBlaster to protect my system from spyware being installed on my system, of course if spyware was already on your system when you installed SpywareBlaster, then the SpyBot will remove that.

I use Ad-Aware 6 for Adware removal, and I use Easy Cleaner for removing invalid Registry entries, but it also can remove with a click other things as well, like Most Recently Used documents, History, Temporary Internet files, etc.

I use IE Privacy Keeper which can clean up history files too and I have that set up to clean files after the last Internet Explorer window is closed.

I also use AVAST for anti-virus, but used to also use AVG, until I upgraded from WIN98SE to WIN-XP, then AVAST said that I couldn't run two general system protection systems at the same time, not worded that way but that's the general idea, plus the fact that AVG all of a sudden stopped scanning my e-mail for viruses after running it for a year or so...and I needed to download another program that added a "Mail Proxy" tab to the AVG system console or whatever it's called...I now use AVAST for that.

I use, and have used for two years or more, Zone Alarm firewall, but I see that WIN-XP has a bulit-in firewall, so I don't know if that's necessary.

The Windows Update site has virus data, but I also get these "newsletters" or notifications from Trend Micro that gives info too, and they have where you can download a button that's added to your browser, I think only Internet Explorer though, where if you click on it, it will take you to the Housecall website where you can do a scan of your system for the latest viruses.

If the actual website address data would be necessary, I had that info saved in an Outlook Express folder, but when I upgraded, I lost that, but it's still on the hard drive I think, unless it got overwritten.

I also get virus info from the McAfee website and the Symantec website also...and I may try to get all of the website addresses and add them here...

:razz:


----------



## jgvernonco

jgvernonco’s
recommended 
security
software

Zonealarm Firewall (free edition) Zone Labs:

http://www.zonelabs.com/store/conte...reeDownload.jsp

Free antivirus software

http://www.grisoft.com/us/us_dwnl_free.php 


Spyware blocking programs (free): 

Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions).

http://www.javacoolsoftware.com/spywareblaster.html


Spyware Killers (free)! 

Spybot Search & Destroy

http://download.com.com/3000-2144-1...&tag=button

Adaware
Ad-aware - Software - Lavasoft

http://www.lavasoftusa.com/software/adaware/

I run both of these, as they occasionally find something that the other did not.

Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource.

Gibson Research Corporation Home Page 

http://grc.com/default.htm

The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it!

Stay safe! Enjoy the WWW!


----------

