Brochure
Best Practices

Jump to Virus News
Jump to Security Issues

I.S. Sentry's Top Eight Recommendations

Check out our "Best Practices" document. You may need the latest Adobe Reader available at http://www.adobe.com

1.) Backup - Backup -  Backup!!!

2.) Microsoft Windows Operating System Update (Microsoft)
Get the latest updates available for your computer's operating system, software, and hardware. [Click here for website]

3.) Microsoft Office Suite Update (Microsoft)
Get the latest updates available for the Microsoft Office suite of applications. [Click here for website]

4.) Get Notified Right Away of Important Security Updates (Microsoft)
To help you maintain a safe computing environment, Microsoft offers e-mail alerts that notify you when they release an important security bulletin or virus alert, or when you might need to take action to guard against a circulating threat. [Click here for website]

5.) Antivirus Software (McAfee)
McAfee (Network Associates) has been a long time leader in the Antivirus community. They offer a complete line of products supporting the single PC user all the way to International corporations. [Click here for website]

6.) Antispyware Software (Ad-aware)
With its ability to scan your RAM, Registry, hard drives, and external storage devices for known data mining, advertising, and tracking components, Ad-aware can easily rid your system of these tracking components, allowing you to maintain a higher degree of privacy while you surf the Web. There is a FREE version available for personal use. [Click here for website]

7.) Antipopup Software (AdBolish)
At last, a way to stop the annoying tactics of Web advertisers and spyware. Block pop-ups, banners, messenger service ads, and Flash ads, and detect ad-serving spyware. Ads are blocked in AIM, MSN, Kazaa, Morpheus, Gator, and Trillian. Experience the power of AdBolish Popup Blocker. Auto updates keep you one step ahead of advertisers.  [Click here for website]

8.) Crabby's Top 10 Spam-Fighting Tips (Microsoft)
If you have an e-mail address, it is about impossible for you to eliminate spam completely. However, there are steps you can take... [Click here for Full Story]

Virus News

New Worm Targets Sasser-Infected Systems (Information Week) 05/13/04
The latest infection, called Dabber, uses a vulnerability within the Sasser worm to attack and infect systems... What's unusual about the Dabber worm is that it's not using an operating-system vulnerability to spread itself. Instead, it's using a vulnerability within the Sasser worm to attack and infect systems.  [Click here for Full Story]

Sasser Activity Slows (Information Week) 05/04/04
The Sasser outbreak is the first true worm attack this year, and some security vendors, including Internet Security Systems Inc. and Network Associates Technology Inc., have pegged potential infections at 1 million systems. Unlike viruses, worms don't require users to click on a file or an E-mail attachment to get infected; they typically propagate through software vulnerabilities. Worm attacks similar to Sasser include the July 2001 Code Red outbreak, the January 2002 SQL Slammer attack, and the Blaster worm that infected millions of systems last August.  [Click here for Full Story]

Fast-Spreading Worm Has Infected As Many As 1 Million PCs (Information Week) 05/03/04
"Sasser is the MSBlast event of 2004," said Ken Dunham, director of malicious code research at iDefense. "There are lots of parallels between MSBlast and Sasser. Leading up to Sasser, we saw exploit code updated, Trojaning, and hacking of vulnerable computers, and an underground buzz that resembled that of Blast seen in 2003."  [Click here for Full Story]

The Poetic Side of Worms (Information Week) 04/27/04
Security experts say the newest variant of the Bagle worm includes an embedded poem--the latest jibe in the back-and-forth between Bagle and Netsky. [Click here for Full Story]

Super Worms On The Way? (Information Week) 04/22/04
The creator of the Bugtraq security discussion group says the threat from Internet worms is about to grow exponentially, and predicted an especially menacing version in the near future.  [Click here for Full Story]

MSBlast Epidemic Far Larger Than Believed (CNet) 04/02/04
New data from Microsoft suggests that at least 8 million Windows computers have been infected by the MSBlast, or Blaster, worm since last August--many times more than previously thought.  [Click here for Full Story]

Netsky: W And Counting (Information Week) 04/16/04
The latest variant of the pernicious Netsky worm, dubbed Netsky.w, was turned loose on the Internet on Friday, two days after Netsky.v, a more dangerous variation, appeared. [Click here for Full Story]

Newest Netsky Worms More Dangerous (Information Week) 04/08/04
... Netsky.s, Netsky.t, and Netsky.u, which first appeared on the Internet this past weekend, on Monday, and on Wednesday, respectively, all share one characteristic that separates them from the previous 18 variations: They install a backdoor component that leaves open TCP port 6789.  [Click here for Full Story]

Bugbear's Back (Information Week) 04/06/04
... If it manages to sneak onto a system, Bugbear loads a keylogger to track keystrokes, then transmits the results--which can include passwords and user names entered at the keyboard--as well as the contents of the Windows clipboard and E-mails to the hacker's remote Web site.  [Click here for Full Story]

Bagle.q prevention and cure (CNET) 03/22/04
The latest variation of the Netsky Internet worm automatically executes without the user having to open the attached file. Netsky.p (w32.netsky.p@mm) takes advantage of the Incorrect MIME header in Internet Explorer, the app that renders HTML e-mail for Microsoft Outlook. [Click here for Full Story]

Netsky.p prevention and cure (CNET) 03/22/04
The latest Bagle variation executes automatically without the user having to open the attached file. Bagle.q (w32.bagle.q@mm) takes advantage of an Object Tag vulnerability in Popup Window, the app that renders HTML e-mail for Microsoft Outlook. [Click here for Full Story]

Netsky.p Reaches Medium Threat (Information Week) 03/22/04
The latest variant of the Netsky virus was rated a medium threat Monday, and reportedly infected at least one large European company.  [Click here for Full Story]

New Trojan Targets Windows Systems (Information Week) 03/17/04
Phatbot uses known vulnerabilities to infect systems and can be used by attackers to steal information and control systems. [Click here for Full Story]

Don't be duped by hackers without computers (CNET) 03/15/04
Like con men and grifters, criminal hackers (a.k.a. crackers) are talented people persons. The infamous Kevin Mitnick, for example, conducted most of his corporate intrusions by using the telephone, relying on the gullibility and friendly helpfulness of real people to gain access to corporate networks. [Click here for Full Story]

Bagle Variants Use New Tricks To Sneak Past Defenses? (Information Week) 03/15/04
Two versions that surfaced over the weekend package their payloads in password-protected .rar compressed files that businesses may not block at the gateway. [Click here for Full Story]

Could you get caught in a virus gang war? (cnet) 03/10/04
It's a busy time for computer viruses and worms. Over the last three weeks, we've seen nearly two-dozen variations of Bagle, Netsky, and MyDoom circulate the Net. What gives? It looks like gang warfare is responsible--drive-by shootings on the information highway. [Click here for Full Story]

Netsky Won't Go Away (Information Week) 03/12/04
Netsky, the worm that plagued users last week, shows no sign of going away, contrary to comments embedded in a variant released Monday. Anti-virus vendors on Wednesday and Thursday discovered two new versions, tagged as Netsky.l and Netsky.m. [Click here for Full Story]

Sober-ing Thought: New Worm Poses As Microsoft Patch (Information Week)
Sober.d, discovered Monday, masquerades as a patch from Microsoft that purports to keep MyDoom at bay. [Click here for Full Story]

Updates aim to defuse Bagle ploy (cnet)
Security companies have started updating their products with more sophisticated techniques aimed at getting inside the encrypted attachments in which the Bagle worm has spread. [Click here for Full Story]

Worm Wave Rolls On (Information Week)
Users seek an end to the torrent of infections plaguing the Internet, but security vendors and analysts say there's no silver bullet or comprehensive patch--and new variants keep on coming. [Click here for Full Story]

Netsky.d Prevention and Cure (cnet)
The fourth variation of the Netsky worm is the most successful yet. Netsky.d (w32.netsky.d@mm) uses randomized e-mail messages to spread copies of itself via a PIF file attachment. Netsky.d does not open any backdoor Internet access to the infected computer but will execute random sounds on infected computers if the date is March 2, 2004, between the local time of 6 a.m. and 9 a.m. It will also attempt to remove copies of the MyDoom.a and MyDoom.b worms... [Click here for Full Story]

Worm Wars (Information Week)
The onslaught of new infections continues, but the new malware contains nasty messages aimed at other hacker factions. [Click here for Full Story]

Worm Wave: Coordinated or Coincidence (Information Week)
Security firms aren't sure whether the continuing slew of attacks is just happenstance or if there's something more devious. [Click here for Full Story]

New Netsky-D Worm Spreading Through E-Mail (Reuters)
...The worm is particularly difficult to root out because it lands in e-mail boxes using a number of different subject lines such as "re:details" or "re:here is the document." [Click here for Full Story]

Security Vendors Race To Keep Users Ahead Of Worm Wave (Information Week)
...Six new variations of the Bagle worm have been spotted--Bagle.c, Bagle.d, Bagle.e, and Bagle.f. Bagle.g, and Bagle.h--as well as two new versions of the Netsky worm, Netsky.d and Netsky.e.  [Click here for Full Story]

MyDoom.f Prevention and Cure (CNet)
The MyDoom virus lives on. The latest version, MyDoom.f (w32.mydoom.f@mm) attacks Microsoft sites and the Recording Industry Association of America site, RIAA.com. It also deletes several different file types from infected machines. MyDoom.f appears not to be created by the author of the first two versions of the virus. Because MyDoom.f spreads via e-mail and could delete files, this worm rates a 6 on the CNET/ZDNet Virus Meter.  [Click here for Full Story]

NetSky.C Variant Pushes NetSky Family Up Malware Damage List (ENT News)
The emergence of a fast-spreading C variant is pushing the NetSky virus family up a widely watched list of the most damaging viruses and worms.  [Click here for Full Story]

MyDoom.F Spreads, Deletes Files (Information Week)
...This is the first MyDoom variant that's had a direct, destructive impact on local machines infected with the worm...

MyDoom.f, discovered last Friday, continues to spread, security experts said Wednesday--but unlike other variants of the persistent worm, it can wreak havoc on the infected machine by randomly deleting files, including documents created with Microsoft Word and Excel. . [Click here for Full Story]

W32.MyDoom.F@mm
Latest mass-mailing worm that opens a backdoor on TCP port 1080. Worse yet, it deletes files with the extensions .mdb, .doc, .xls, .sav, .jpg, .avi, and .bmp on drives C-Z. Do not want to get infected with this one. Update your antivirus files right away. [Click here for Full Story]

Hackers Circulate New Code Fore Exploiting Windows (Information Week)
The code targets systems that haven't been patched against the flaw in Microsoft's Abstract Syntax Notation 1 Library. [Click here for website]

MyDoom Knocks Down SCO Web Site (Reuters)
The MyDoom Internet worm on Sunday knocked down the Web site of a small software company by bombarding it with a flood of data as Microsoft Corp. prepared for a similar, planned attack by the virus-like program this week. [Click here for Full Story]

Hackers Target Systems Infected by MyDoom (Information Week)
Now tagged by at least one security firm as "the worst worm in history," MyDoom has created a back door to infected systems that an army of hackers is quickly turning to its advantage. [Click here for Full Story]

SCO Moves Web Site To Battle MyDoom (Information Week)
The SCO Group was forced to move its home page after the MyDoom virus knocked the company's Web site offline under the weight of a powerful distributed denial-of-service attack. [Click here for Full Story]

Security Issues in the News

Symnatec Patches Firewall Flaws (Information Week) 05/13/04
The company has posted a security advisory on its Web site and made patches available for the third group of vulnerabilities since the start of the year. [Click here for Full Story]

Antivirus Firms Warn of Growing 'Bot' (Information Week) 05/13/04
Hackers are amassing a vast network of infected systems that could be used to steal personal information and launch large-scale denial-of-service attacks. "It's a big concern for businesses," Huger says. "These types of infections cross the lines of businesses and consumers. These bot networks can be used to steal confidential information from the infected machines, and it's a gaping security hole for anyone that telecommutes."  [Click here for Full Story]

PSS Security Response Team Alert - Sasser Worm and Variants (Microsoft) 05/03/04
The PSS Security Team is updating this alert to make customers aware of the “W32.Sasser.worm” and its variants. Currently, Microsoft is aware of the original Sasser worm and, B, C, D and E variants. All worms exploit the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004. [Click here for Full Story]

Bot Attacks Vulnerable Windows Systems; Microsoft Patch Buggy (Information Week) 04/26/04
Microsoft on Thursday disclosed a bug in a patch for a critical vulnerability, and Symantec Corp. retracted a claim that automated code was compromising one Windows vulnerability and warned that a bot network was on the loose and taking advantage of another.    [Click here for Full Story]

Tiny, Evil Things (Information Week) 04/26/04
Microsoft estimates spyware is responsible for half of all PC crashes. Dell says 12% of its tech-support calls involve spyware, a problem that has increased substantially in recent months. Scans of one million Internet-connected PCs, conducted last quarter by Internet service-provider EarthLink Inc. and desktop-privacy and -security vendor Webroot Software Inc., found an average of 28 spyware applications running on each PC and more than 300,000 programs at large that can steal data and give hackers access to computers.   [Click here for Full Story]

Microsoft Warns of a Score of Security Holes (CNet) 04/13/04
Microsoft released on Tuesday fixes that cover at least 20 Windows flaws, several of which could make versions of the operating system vulnerable to new worms or viruses.   [Click here for Full Story]

TCP flaw threatens Net data transmissions (CNet) 04/20/04
A flaw in the most popular communications protocol for sending data on the Net could let attackers shut down connections between servers and routers, according to an advisory released Tuesday by Britain's national emergency response team.  [Click here for Full Story]

Security Vulnerability Threatens Internet (MSNBC) 04/20/04
A new set of security flaws involving the Transmission Control Protocol could open corporate networks and the Internet to attacks. [Click here for Full Story]

Phising Fall-Out (MSNBC) 04/14/04
Scott Olechowski is better than most online users at distinguishing legitimate e-mail from ‘spoofs.’ It’s part of his job as vice president of product strategy at PostX, an Internet security company. But lately, he says, the fraudulent e-mails—dubbed “phishing” attacks because they look as if a legitimate business is asking (or fishing) for personal information from unsuspecting victims—have become so sophisticated that when he got a message from eBay recently asking him to enter and change his account password, his first instinct was to delete the e-mail. “I was 100 percent convinced it was a spoof,” says Olechowski. [Click here for Full Story]

Don't be a Typhoid Mary (cnet) 04/12/04
Throughout this latest swarm of Netsky and Bagle computer viruses, I've been trying to dream up a way we can all work together to reduce the number of viruses and worms spread on the Internet. It's not easy. Most of our current computer security strategy is based on after-the-fact mitigation, and we don't focus enough resources on prevention. Sure, good networks are built on trust, but no matter how many firewalls and antivirus scanners you install, it takes only one Typhoid Mary computer to infect a whole network. [Click here for Full Story]

Senators Probe Airline-Passenger Privacy Breaches (Information Week) 04/14/04
A testy U.S. Senate committee has asked the Transportation Security Administration exactly which airlines it has approached for customer information. The request follows an admission by American Airlines last week that one of its vendors gave 1.2 million passenger records to third-party contractors vying for contracts with the TSA.   [Click here for Full Story]

Linux Gets a Security Look (Information Week) 04/13/04
Whichever side you take in the recent flap over an analyst's estimate of Linux security risks, there's comfort to be taken in the questions being raised and debates being raged. They're another sign that Linux is coming of age.   [Click here for Full Story]

Microsoft Releases A Bevy Of Security Updates (Information Week) 04/13/04
Four security bulletins address more than 20 specific software security holes, and three of the four are rated as critical. [Click here for Full Story]

American Latest Airline To Admit To Sharing Paaenger Data (Information Week) 04/12/04
Echoing privacy controversies faced by JetBlue and Northwest Airlines, American Airlines revealed that data on its passengers was given to third-party contractors so they could test aviation-security systems. [Click here for Full Story]

Homeland Security Spending $350M On Secure Network (Information Week) 04/12/04
Department of Homeland Security IT has signed one of its biggest business-technology contracts with Northrop Grumman Corp. to create the department's proposed Homeland Secure Data Network. The contract has been valued at as much as $350 million if all options are exercised by the end of 2005. [Click here for Full Story]

Nasty Security Flaw Found in Cisco's Wireless LAN Products (Information Week) 04/08/04
Cisco Systems is warning customers that certain versions of its wireless-LAN-management software contain a security hole that would let attackers redirect users to a potentially malicious Web site or take complete control of a wireless LAN. [Click here for Full Story]

Microsoft Progress Report: Security (Microsoft) 03/31/04
Malicious software code has been around for decades. But only in the last few years have the Internet, high-speed connections and millions of new computing devices converged to create a truly global computing network in which a virus or worm can circle the world in a matter of minutes. [Click here for Full Story]

Laptop Theft Puts GMAC Customers' Data At Risk (Information Week) 03/25/04
Personal data, including Social Security numbers, for about 200,000 GMAC Financial Services customers may have been compromised due to the theft of two laptop computers from an employee's car. [Click here for Full Story]

Security Watch: Flaws Exploited Faster (Information Week) 03/22/04
The only good news in last week's report from security vendor Symantec Corp. is that the rate at which Internet vulnerabilities were being found leveled off at seven per day in the last six months of 2003. The bad news is that now those flaws are being exploited much more quickly. [Click here for Full Story]

Witty Worm Sneaks Through ISS Firewalls (Information Week)
-Black Ice Software Firewall Compromised - 03/22/04
The worm, which sneaks through a vulnerability in the vendor's BlackIce firewall, has infected 10,000 to 50,000 PCs around the world. [Click here for Full Story]

The Sophisticated Adversary (CIO) 03/19/04
Darl McBride, the embattled CEO of SCO, visited our office recently and when he showed up, his eyes were sagging. They were red-rimmed, glassy and bloodshot and, overall, he looked worn. But it wasn't because of the litigious morass he'd created by suing IBM and others over the alleged plagiarism of Unix code that his company owns—at least not directly. McBride looked haggard because of a virus called Mydoom.  [Click here for Full Story]

Model Hacker Behavior (CIO) 03/19/04
Forget about patches. Researchers at the Florida Institute of Technology are looking for ways to fight hackers by modeling their methods, or "exploits." The research could eventually lead to new types of security tools capable of stopping attacks that hackers haven't even invented yet.  [Click here for Full Story]

Symantec: Boom Times for Hackers (Information Week) 03/15/04
A new report from the security vendor says hackers are having an easier time than ever exploiting vulnerabilities. [Click here for Full Story]

Cisco Makes A Flurry of Security Enhancements (Information Week) 03/09/04
Cisco has added what it calls the IP Source Tracker, which helps users identify and locate where denial-of-service attacks may be entering a network. It also provides a "reserved management channel" to a router, even when that router may be under a denial of service attack, so administrators can take appropriate measures at the device to mitigate the performance disruption of the attack.. [Click here for Full Story]

Microsoft Issues Three Security Patches (Information Week) 03/09/04
Microsoft on Tuesday issued a series of software patches for three security vulnerabilities. The software maker rates two of the vulnerabilities as moderate and one as important. Microsoft's most dangerous, or highest ranking, is critical. [Click here for Full Story]

F-Secure sends virus to customers (NEWS.COM.AU)
Finnish internet security company F-Secure said that due to human error at its London office thousands of its customers in Britain had received emails from the company infected by a virus. [Click here for Full Story]

Why the Microsoft code leak is so dangerous (Information Week)
As I'm sure you've all heard by now, a portion of the source code for the Windows 2000 operating system has been leaked onto the Internet. Microsoft is asking individuals who've posted or downloaded the copyrighted code to stop doing so and to delete any copies they may have. But as I write this, the code is still available online. [Click here for Full Story]

Commerce Department Issues Security Standard (Information Week)
The Commerce Department on Wednesday (02/11/04) issued a new standard to help federal agencies secure their computer networks, introducing significant changes in how the government protects information. [Click here for Full Story]

20,000 University of Georgia Students Face Serious ID-Theft Risk (Information Week)
The University of Georgia is warning that hackers may have accessed credit-card and Social Security numbers for roughly 20,000 students and applicants. Law-enforcement authorities are investigating. [Click here for Full Story]

Net File-Swappers Snap UP Windows Source Code (Reuters)
Internet users on Friday were ferociously downloading pirate versions of Microsoft Corp's Windows source code, stoking concerns hackers and virus writers could use it for a new wave of cyber attacks. [Click here for Full Story]