Copyrighted Material

4127idx.qxd 6/19/02 5:53 PM Page 503

INDEX

Note to the Reader: Throughout this index boldfaced page numbers indicate primary discus- sions of a topic. Italicized page numbers indicate illustrations.

Symbols & Numbers ADfilter, 475 ADinf, 146 @nonymouse.com, 409 Adleman, Len, 7 9/11 Contributions hoax, 456 Adleman, Leonard M., 393 “100% Done! Safe recovery successful!” administrator account, attack using, 228 message, 119 ADP file extension, 26, 57 419 Fraud, 350 AdsGone, 470, 475 666test virus, 70, 110 AdSubtract, 470, 475 777 virus, 70 Advanced Rule Settings dialog box (Sygate 2014 virus, 52 Personal Firewall), 294–295, 295 Advanced Settings dialog box (Internet A Connection Firewall), 287, 287 advertising AAAZAO macro, 62 pop-up windows for, 466–472 AAAZFS macro, 62 removing banner and other from Web page, Aadcom, 368 473–476 ABC Banners, 474 spyware for, 366–368 Achilles’Shield and MailDefense, 146 Advertising Killer, 470, 475 Acoragil virus, 118 adware, 259–260, 366–368, 493 ActiveX, 10, 22, 68–69 companies, 368 configuration to prevent auto-run, 76–78 and P2P file swapping, 367 disabling scripting, 184 AIM (AOL Instant Messenger), 124 McAfee to block, 161 AirSnort, 272 from Web page, 29 algorithm, 493 Activis, 117 AltaVista AV Family Filter, 489 Ad-aware, 372, 373, 373–374 Altnet SecureInstall, 260 Ad Extinguisher, 475 COPYRIGHTED MATERIALuninstalling, 261 Ad Muncher, 475 Amazon.com AdDelete, 475, 476 attack on, 208 AdDesigner.com, 474 privacy policy, 315–316 address book user profiling, 312 digital IDs in, 395 America Online, e-mail blocking, 442–443, 443 virus spread by, 8 American Civil Liberties Union, 334 ADE file extension, 26, 57 Cyber-Liberties, 490 4127idx.qxd 6/19/02 5:53 PM Page 504

504 American Library Association Office of Intellectual Freedom • AVI file extension

American Library Association Office of using, 149–164 Intellectual Freedom, 490 automatically running, 178 American Management Association, 321, 325 McAfee VirusScan, 157–164 “And finally I would like to say…” message, 60 Norton AntiVirus, 149–156 AnnaKournikova (VBS/SST) virus, 67, 75, 111 using multiple, 186 anonymity virus definition updates, 179–180 in communities, 415–416 importance, 167–168 in e-mailing, 411–413 in McAfee VirusScan, 163–164 in instant messaging, 414–415 in Norton AntiVirus, 156 in IRC, 415 AOL Instant Messenger, 251–252, 256 in newsgroups, 414 Apple Learning Interchange, 489 in Web surfing, 406–411 Applebee’s Gift Certificates hoax, 457 Anonymize.net, 409, 412, 414, 415 Ask Jeeves for Kids, 489 Anonymizer.com, 409, 410, 410–411 assault, with Internet-based attacks, 218 anonymizers, 332, 406, 493 Atom virus, 57 how they work, 407, 407 Atomic virus, 57 popular sites, 409–410 attachments to e-mail, 15, 23 as proxy server, 407–408 avoiding unrequested, 174–175 Anonymizers.com, 409 opening in Eudora, 115, 116 Anonymous Newsfeed, 414 risk from, 30, 33, 94, 107 Anonymous.To, 412 scanning by antivirus software, 180 ANT 4 MailChecking, 446 treatment of, 111–112 anti-spam software, 446 attack by virus. See computer viruses AntiCode Archives, 229 auction fraud online, 342–348 Antigen, 170 protection on eBay, 344–348 AntiOnline InfoSec Mailing List, 229 types, 343–344 AntiOnline.com, 222 audio files, 26 AntiPopUp, 470 on Web sites, 479 AntiSniff, 301 Audiogalaxy, 253, 257, 367 antispy software, 372 authentication, 493. See also digital ID antivirus software, 16, 138–164, 493 with biometrics, 403 benefits from virus reports, 37 racing, 231–232 commercial programs, 140–145 Authenticode software, 400 e-mail scanning, 112 Auto-DCC-Get mIRC feature, 118 ease of use, 178 disabling, 94, 122 features to look for, 138–140 auto-execute macros, 56, 493 online services, 147–148 Auto-Protect feature of Norton AntiVirus, problem resolution with, 149 152–153, 153 quarantined file analysis and repair, automatic execution of macros, disabling, 184 155–156 avast!, 146 shareware and freeware, 146–147 AVG Professional Edition, 140, 141 Trojan horses pretending to be, 84 AVI file extension, 26 4127idx.qxd 6/19/02 5:53 PM Page 505

Babylonia virus • BrowseSafe 505

B behavior analysis, 171, 171–172 Bell Labs, 6 Babylonia virus, 71, 110 Better Business Bureau, 341 Back Orifice, 87, 88, 119 BHO (browser helper object), 367, 494 backdoor, 493 BHO Cop, 372 backdoor software, for Internet-based attacks, 215 bidding on eBay, 346–348 BackDoor-Sub7 Trojan, 87 BidPay, 339 backdoor Trojan horses, 85, 86–87, 493 “bill caricature” e-mail subject, 99–100 and data-driven attack, 235 “Bill Gates is guilty of monopoly” message, Netstat addresses for, 93 73–74 Netstat utility to search for, 91–93 biological virus, 5 Background Check Gateway, 329 biometrics, 493 background operation of McAfee VirusScan, 160 for authentication, 403 BackTrace feature, in Sygate Personal blackhole lists, 426, 493 Firewall, 292 BlackICE PC Protection, 281, 282 backtracing software, 221, 303, 493 block lists, 433, 493 backup files, 16, 182, 245 blocking banner ads, 474–476 backdoor programs in, 303 Bloodhound feature in Norton, 153, 167 managing, 271 Blue Mountain Cards hoax, 129 restoring, 199 BMP file extension, 26 Backup Plus, 182 BOClean, 95 Badman Trojan, 87 BoDetect, 146 Badtrans worm, 14, 88–89, 97–98, 110 boot process of computer, 43, 43 banner ads, 493 virus effect on, 44 blocking, 474–476 boot sector, 493 creating, 474 boot sector viruses, 6, 9, 42–47, 493 how they work, 474 common examples, 45–46 types, 473, 473–474 current risk, 46 Banner Zapper, 475 detection, 46 BannerSwap, 474 how they work, 42–45 BAS file extension, 26 protection against, 47 BAT file extension, 25, 26 removal, 46–47 Bat worm, 119 boserve.exe, 88 batch files, 25, 493 Bounce, 486, 486 BBBOnline, 319 Brain virus, 7 BeanHive virus, 71 Break the Chain, 461 BearShare, 260, 367 Brightmail, 447 behavior Brilliant Digital Entertainment, 260, 368 moderately safe, 29–31 uninstalling software, 261 overreaction, 37–39 browser. See Web browser risky, 31–34 browser helper object (BHO), 367, 494 very safe, 28–29 BrowseSafe, 484 4127idx.qxd 6/19/02 5:53 PM Page 506

506 Brunner, John • CNN.com, attack on

Brunner, John, The Schockwave Rider, 97 hoaxes, 456–459 brute-force password crack, 389 scams, 460–461 BubbleBoy virus, 71, 98, 110 urban legends, 459–460 buffer overflow, 229, 494 chat. See instant messaging bulletin board services, 7 chat and instant messaging viruses, 11, 24, bullying and flaming, 355–356 117–122 Buy.com, attack on, 208 risk from, 31, 33–34 chat channel, 494 Chernobyl virus, 50 C Child Abducted from Sam’s Club urban cabinet (CAB) files, 202 legend, 459 cable connection, and risk of attack, 219, 239 children caching Web pages on proxy server, 268 content filtering of Web sites, 482–483 California hoax, 132 as cracker, 212 Canter, Laurence, 431 hoaxes involving, 458 Carey, Allan, 309 online predators, 358–361 Carnivore software, 331–332, 368–371, 494 protection against, 360–362 how it works, 369 risk from, 358–359 case sensitivity in passwords, 390 privacy for, 313–314 cashier’s checks for eBay payment, 346, 347 search sites for, 489 CASPER virus, 50 Web browsers for, 485–486 catching a virus. See computer viruses, Children’s Internet Protection Act, 490 transmission process Children’s Online Privacy Protection Act, 313 CD-ROMs Choke worm, 124 from Microsoft, macro viruses in, 56 Cisco, 285 purchasing for addresses, 438 Class Project hoax, 458 Celent Communications, 339 The Cleaner, 95 censorship, vs. content filtering, 490 cleaning infected files, 196–198 censorware, 494 in McAfee VirusScan, 161 Censorware Project, 490 of specific viruses, 198 Center for Digital Democracy, 334 clear GIFs, 477, 494 Center for Internet Studies, 321 click-through, 474, 494 Center for Media Education, 313 ClickTillUWin program, 260, 368 Cerasale, Jerry, 451 client/server computing, 251 CERT Coordination Center, 222, 303 climateprediction.com, 255 certificate authority, 494 closing files, and virus damage, 62 certificate store, 494 CMD file extension, 26 chain letters, 430–431, 454–455, 494 CMOS settings, 35–36 dealing with, 461 CNET, 32 information about, 461 Download.com, 181 types, 455–461 News.com, 185 classic chain, 455 CNN.com, attack on, 208 4127idx.qxd 6/19/02 5:53 PM Page 507

Coalition Against Unsolicited Commercial Email • computer viruses 507

Coalition Against Unsolicited Commercial Email, minimal measures, 189–190 334, 428 moderate measures, 179–185 code signature of virus, 138, 494 vs. biological virus, 5 CodeRed virus, 98 dangers, 4–5 costs, 5 and data-driven attack, 235 impact, 4 finding new, 167 Colors virus, 57 history, 6–8 COM file extension, 25 vs. hoaxes, 133–134 and virus spread, 20 how they work, 5–6 Comet Cursor, 479 infected file possibilities, 25–28 Command AntiVirus, 140, 142 life cycle, 12 Command on Demand, 147–148 rate of increase, 166 common sense, 246 recognition of infection, 35–37 Communications Decency Act, 490 response to attack, 37–39 communities, anonymity in, 415–416 cleaning system, 196–198 Compact Flash cards, and virus spread, 21 disaster preparation, 192–193 companies. See corporations immediate response, 193–196 companion viruses, 48, 494 restoring system, 198–202 complacency, and Internet-based attacks, 219 risks, 28–34 compressed files assessment, 34–35 content filtering and, 170 moderately safe behavior, 29–31 scanning by antivirus software, 144 risky behavior, 31–34 computer very safe behavior, 28–29 boot process, 43, 43 threat from new, 166 spyware to monitor activity, 364–366 heuristic scanning and, 169–172 surveillance by employer, 323 integrity checking and, 168, 168–169 Computer Associates Virus Information Center, signature scanning and, 166, 166–168 17, 186 today’s top, 12–14 Computer Economics, 4, 5 transmission process, 20–25 Computer Professionals for Social downloading files from Internet, 22 Responsibility, 490 e-mail, 11, 106–117 Computer Security Institute, 222 as e-mail attachments, 23 2002 Computer Crime and Security Survey, in files over network, 21 209, 233 in files through chat or instant Computer Security Resource Center, 222 messaging, 24 Computer Security Resource Center Virus instant messaging, 123–126, 257 Information, 17 IRC (Internet Relay Chat), computer users, and risk of attack, 238 117–122 computer viruses, 494 with macros, 24 attack prevention through commercial software, 25 easy measures, 174–178 through infected media, 21 extreme measures, 185–189 vs. Trojan horses or worms, 95–96 4127idx.qxd 6/19/02 5:53 PM Page 508

508 computers, theft of • cycle sharing

types, 8–11 Coolminer, 369, 494 boot sector, 9, 42–47, 493 copyrighted materials, illegally copying, 253 chat and instant messaging, 11, 24, Core Wars game, 6 117–122 Corel Photo-Paint, 57, 58 file infector, 8–9, 47–54 CorelDRAW, 57, 58 macro, 9–10, 56–64 corporations script, 10, 66–81, 500 antivirus software, 141 Trojan horses, 10, 84–96. See also employee surveillance, 321 Trojan horses employer vs. employee rights, 324–325 worms, 10–11, 96–103 network protection, 116–117, 270–271 what you can do, 15–18 reasons for using spam, 429–432 diagnosis, 16 virus risk, 4 education, 17–18 costs recovery from attack, 17 global estimates for spam, 429 risk reduction, 15–16 of Internet-based attacks, 209 why they exist, 14–15 of spam marketing, 432 computers, theft of, 246 of virus attacks, 4 CompuTrace, 247 Counterexploitation Web site, 372 Concept virus, 56, 57 CPA WebTrust, 319 Content Advisor dialog box (Internet Explorer) Crack Password Web site, 389 Approved Sites tab, 488 crackers, 494 Ratings tab, 487, 487–488 children as, 212 content-blocker software, 212 in China, 210 content filtering, 433, 494 hackers vs., 211 for e-mail viruses, 169–170, 170 and peer-to-peer computing, 258 issues with, 490–491 reasons for attacks, 210–211 for Web sites, 482–483 credit bureaus, 328 browser for, 485–486 credit cards, 246 in Internet Explorer, 487–489 for eBay payment, 346, 347 from searches, 489 identity theft and, 325 software, 483–485 theft of numbers, 339 content rating for Web site content using, 340 filtering, 483 criminal intent of crackers, 211 Control Panel (Windows), Add or Remove CRUNCHER virus, 50 Programs, 202 Cryptobox, 416 CookieCentral.com, 379 cryptography, 494 cookies, 312, 334, 494 CryptoHeaven, 394 e-mail and, 384–385 CSC/CSV-A virus, 58 how they work, 378–379 CSV format, 187 Internet Explorer management, 380–382 Cyber Snoop, 484 managing, 379–384 CyberPatrol, 484 Netscape Navigator management, 382–384 CYBERsitter, 484, 485 Web bugs and, 477 cycle sharing, 254 4127idx.qxd 6/19/02 5:53 PM Page 509

D-link • Don’t Spread That Hoax! 509

D of Trojan horses, 91–93 of worms, 101–102 D-link, 285 detective operations online, 329 daily virus scan, 186 developer IDs, 400 Daniela virus, 45 DH2 virus, 51 data destruction with Internet-based attacks, 217 diagnosis of virus infection, 16 data diddling, 217, 495 dictionary crack, 344, 389 data-driven attacks, 235, 495 dictionary spam, 440, 495 data theft, with Internet-based attacks, 216 Die-Hard 2 virus, 51 Data-Trac, 329 digital certificate, 394, 398, 399, 495 databases, private information in, 309 digital ID, 398–403 daughter window, 495 obtaining recipient’s, 395–396 DCC (Direct Client-to-Client) protocol, 117 personal, 400 deadbeat bidders, 343 types, 399–400 deadbeat sellers, 343 digital signature, 495 Deadly Toilet Spiders urban legend, 459 direct connection. See peer-to-peer computing DEC, 430 Direct Marketing Association, 429, 451 deception. See also social engineering attacks disaster preparation, 192–193 by Trojan horses, 84–85 Discreet Research, 329 decryption, 495 disinfecting files, 197 default settings, macro virus and, 62 Disk Partition Table, 43 default template of applications, macro viruses Disney and Gates hoax, 457 in, 56 distributed computing, 250, 254–255, 495 defragmenting drives, antivirus software and, 149 risks and prevention, 262 deleted files risks to host, 263 recovering, 129–130 Distributed Sender Boycott List, 426 by virus, 6 distributed.net, 255 deleting. See removal Dmsetup worm, 119 demilitarized zone, 269, 495 Dmsetup.Viagra worm, 119 Demonstration Macro Virus (DMV), 57 DMV (Demonstration Macro Virus), 57 denial of service attacks, 216, 218, 233–234, 495 DNS spoofing, 230, 495 Flood to initiate, 119 DOC file extension, 25, 26, 56, 187 Depew, Richard, 431 document files, 25 desktop monitoring program, 323, 495 macro viruses in, 9, 56–64 detection manual cleaning by copying, 63 of boot sector virus, 46 restoring, 199 of file infector virus, 53 sharing, 33 of instant messaging virus, 125 “Does your name add up to 666?” message, 70 of IRC viruses, 121 Dolly worm, 120 of macro virus, 60–62 Dolly_The_Sheep worm, 120 of network intrusion, 270 domain, determining ownership, 449 of script viruses, 76 Don’t Spread That Hoax!, 135, 461 4127idx.qxd 6/19/02 5:53 PM Page 510

510 DOS window, worm to open • encryption

DOS window, worm to open, 119 spamblock on address, 445 DOT file extension, 25, 26, 56 from trusted sender, Trojan horse DoubleClick, 312, 474 attachment, 84–85 Download Accelerator, 367 virus infection, 6, 23, 106–117 download pop-up, 495 common examples, 109–111 downloading files current risk, 111 antivirus software scanning of, 139, 181 myth, 106 avoiding unwanted from Web sites, 477–478 protection against, 111–117 in chat session, 31, 33–34 worms and, 96–97 and McAfee scan, 161 E-mail Chomper, 446 risk reduction, 15, 30 e-mail gateways, 269, 270, 495 virus infection from, 22, 32 e-mail software DragAndView, 188 configuration for protection against script Dragon IDS, 270 virus, 76–78 DragonWare, 331, 369, 495 updates, 183 Dr.Web, 146 eBay, 342 DSL connection, and risk of attack, 219 attack on, 208 dumpster diving, 326 Feedback Forum, 345 Dying Kid hoax, 458 protection on, 344–348 dynamic system monitoring, 139, 495 SafeHarbor Insurance program, 347 Echelon, 371 EchelonWatch, 335 E editing files, with Internet-based attacks, 217 e-mail. See also attachments to e-mail; chain education about viruses, 17–18 letters; spam The Electric Mail Company, 117 anonymous, 411–413 Electronic Frontier Foundation, 335 antivirus software scanning, 139 Internet Blocking & Censorware, 491 enabling in McAfee, 161 Electronic Privacy Information Center, 335, 491 enabling in Norton, 154 Elk Cloner, 7 blocking receipt of executable files, 187 EmailAbuse.org, 428 bombing, 230, 299, 495 Emailias, 447 chain letters, 430–431, 454–455. See also eMarketer, 321, 428 chain letters embedded script virus, 71 and cookies, 384–385 emergency disk employer monitoring, 324 from antivirus software, 192 minimizing address distribution, 441–442 used after virus attack, 194 monitoring outgoing, 161 employer. See corporations multiple addresses, 445–446 EMusic, 181 plain text vs. HTML, 108–109 encryption, 391–398, 496 risk from, 30 how it works, 391–393 secondary address, 342 in Outlook Express, 394–396 signing, 400–401, 402 Pretty Good Privacy, 393 4127idx.qxd 6/19/02 5:53 PM Page 511

entry-point obscuring viruses • files 511

in WiFi wireless protocol, 233 false information in chain letter hoaxes, 456–457 in Windows XP, 397–398 FamilyConnect, 484 entry-point obscuring viruses, 48, 496 FDISK /MBR command, 44 Equifax Credit Information Services, 328 Federal…. See also U.S.… “Error While Analyze DirectX!” message, 125 Federal Computer Incident Response Center, 209 E*Trade, attack on, 208 Federalist Papers, 416 eTrust EZ Antivirus, 140, 142 feedback on eBay, 345 eTrust EZ Firewall, 281, 282 “File data corrupt” message, 97 eTrust Intrusion Detection, 270 file editing, with Internet-based attacks, 217 Eudora file extensions and executable downloads, 187 displaying, 27–28, 94, 111, 176–177 switching to, 188 hiding, 85 virus protection in, 115–116, 116 and virus risk, 26–27 European Union, estimates of global cost of file infector viruses, 5, 8–9, 47–54, 496 spam, 429 common examples, 50–52 evolution@home, 255 current risk, 52 Excel detection, 53 disabling macros, 184 how they work, 47–49, 49 macro viruses in files, 8 protection against, 53–54 passwords for documents, 241 removal, 53 EXE file extension, 25, 26 file Properties dialog box, General tab, 397–398 and virus spread, 20 file sharing .exe service, in Windows Registry, 88 deactivating, 220 executable files, 25, 496 turning off, 243–244 blocking receipt through e-mail, 187 file swapping Exit Killer, 470 adware and, 367 exiting programs, and virus damage, 62 as peer-to-peer computing, 250, 252–254 Experian Information Solutions, 328 risks and prevention, 189, 257–261 Exploit-MIME.gen virus, 71 backdoor attacks, 258–259 exploits attacks, 229, 496 spyware, 259–261 unwanted file access, 257–258 file types. See file extensions F FileMine, 181 F-Prot Antivirus, 140, 142–143 files. See also attachments to e-mail F-Secure Antivirus, 140, 143 new and unusual as attack indicator, F-Secure Computer Virus News, 185 299–300 F-Secure Hoax Warning, 135 recovering accidentally deleted, 129–130 F-Secure Security Information Center, 17 refusing unrequested, 175 Fact Monster, 489 size changes, 36 fake message window pop-up, 468 for file infector virus detection, 53 fake warnings. See virus hoaxes integrity checking and, 167, 167 false alarms, heuristic scanning and, 172 types open to infection, 25–28 4127idx.qxd 6/19/02 5:53 PM Page 512

512 filters • Guidescope

filters shopping fraud, 338–342 for e-mail, 117 victim response to, 351–352 firewalls for, 277 FreeLink virus, 71–72, 110 for packet sniffers, 322 Freenet, 415–416 for spam, 447 Freesites, 416 finding new computer viruses, 167 freeware, 496 Finjan Software, 171 antivirus software, 146–147 firewalls, 220, 245, 267, 267–268, 276, 496 risks, 32 to discover attack, 301 FTP (File Transfer Protocol), 22 hardware selection, 285 FTP bouncing, 230–231, 496 how they work, 276–279 Fun Love virus, 51 Internet Connection Firewall, 285–288 from McAfee VirusScan, 144 personal software options, 281–285 G and port scanning detection, 228 Gala virus, 58 to prevent remote access, 94–95 “Game’s over. I’m outta here” message, 58 software selection, 279–281 Gang Initiations urban legend, 459 and source routing, 231 Gartner Group, 428 Sygate Personal Firewall, 288–295 gateway, 496 flaming, 355–356 gateway for e-mail, 116–117 Flood virus, 119 content filtering at, 170 floppy disks Gator, 368 for backup, 182 Gebhardt, Bruce J., 210 boot sector viruses and, 42 Gel Candles hoax, 458 risk from, 175–176 Genius, 228 and virus spread, 6, 21, 32 GIF file extension, 26 Folder Options dialog box, File Types tab, 81 giveaway hoaxes, 457 folders, disabling file sharing, 244, 244 Global Internet Liberty Campaign, 335 Folding@home, 255 Gnutella, 253 Fono virus, 119 Goner worm, 119, 125 forced frame for Web browser, 478–479, Good Times hoax, 130 479, 496 Google FormatC virus, 58 for personal information, 329 forms, prizes for completing, 313 privacy policy, 316 Forrester Research, 321 Google SafeSearch, 489 frameless pop-up window, 467, 468, 496 Gordon, Philip L., 330 Frankestein virus, 45 graphics files, 26 Fraud Bureau, 341 disabling display in Internet Explorer, 474 fraud online “Green Card Lottery”, 431 auction fraud, 342–348 Grisoft, Inc., 141 cross-continental, 348 Grokster, 367 Nigerian Letter scam, 348–351 Guidescope, 475 4127idx.qxd 6/19/02 5:53 PM Page 513

hackers • ICQ 513

H hoaxes, 38, 456–459, 496. See also virus hoaxes hackers, 496. See also crackers HoaxKill, 135 vs. crackers, 211 Hoaxkill, 461 Hackers.com, 219 hole in software HackerWhacker, 241 exploits use of, 229 Hanoi Jane hoax, 456 in Internet Explorer, 69, 107, 182 harassment online, 354–357 home computers, hackers and, 219 bullying and flaming, 355–356 Home PC Firewall Guide, 281 protection against, 356–357 Homer, The Iliad, 87 stalking, 354–355 hook in chain letter, 454 hard disks host-to-host relationship, exploiting trust activity as attack indicator, 298 in, 228 boot sector viruses and, 42 Hostility Activity Watch Kernel (HAWK), 161 reformatting, 196 Hosts file Hard worm, 72, 110 to block banner ads, 476 hardware editing to stop spyware, 374 for firewalls, 285 Hosts File Information site, 476 for key logging, 322 Hot virus, 58 viruses and, 37 HouseCall (Trend Micro), 148 HavenCo Anonymous Remailer, 412 HTML (Hypertext markup language), 496 HAWK (Hostility Activity Watch Kernel), 161 in e-mail, 30, 106, 496 header information for e-mail messages, 411, 496 disabling scripts, 184 forging, 426–427 vs. plain text, 108–109 for spammer address, 448–449, 449 JavaScript virus in, 73 Hello virus, 125 script viruses, 69 “HELLO! Welcome to…” message, 98 HTML.Internal virus, 72 Help hoax, 130 human analysis for Web site content filtering, “Here is that document you asked for…” e-mail 482–483 message, 58 Hupp, Jon, 97 “Here you have, :o)” subject, 75 HushMail.com, 412 heuristic scanning, 138, 169–172, 496 hybrid viruses, 8, 496 advantages and disadvantages, 172 Hybris virus, 8, 98, 110 enabling in McAfee, 158 enabling in Norton, 153 types, 169–171 I hijacked computers, 215, 218 I Love You virus, 73 history of computer viruses, 6–8 IamBigBrother, 324 HLLW.JibJab@mm virus, 90–91 IBM Antivirus Research Project, 17 HLP files, 70 ICMP (Internet Control Message Protocol), 497 HLP.Demo script, 72 bombing, 231, 497 Hoaxbusters Internet Hoax Information, 135, 461 ICQ, 124, 252 4127idx.qxd 6/19/02 5:53 PM Page 514

514 ICSA Labs • Internet-based attacks

ICSA Labs, 4 for social engineering attacks, 226 Antivirus Product Cleaning Certification, stalking, 354 139–140 virus infection, 11, 24, 117–122, PC Firewall Certification, 280 123–126, 257 identity theft, 325–329, 497 common examples, 124–125 in eBay, 344 detection, 125 how it occurs, 325–326 protection against, 126 preventing, 327 removal, 126 use of personal information from, 326–327 risk, 31, 33–34, 125 victim response to, 328–329 worms and, 97 IDzap, 409 integrity checking, 168, 168–169, 497 illegally copied software, risk from, 178 Integrity Master, 146 image files, 26 Internet iMesh, 367 activity as attack indicator, 298 impersonation attacks, 227, 497 archived postings, 310 “Important Message from” e-mail subject, 58 employee addiction, 321 in the wild, 497 harvesting addresses from, 439 incoming traffic, blocking unrequested, moderately safe behavior when using, 277–278 29–30 The Industry Standard, 4 risks from connecting to, 31 INF file extension, 26 virus infection from file downloading, 22 and virus spread, 70 Internet account, password, 242 infected files Internet-based attacks automatically dealing with in McAfee, crackers’ reasons for, 210–211 162–163 dangers, 208–210 treatment in McAfee VirusScan, 161–162 determining occurrence, 298–302 treatment in Norton, 154–155 new and unusual files, 299–300 infection, 497 symptoms, 298–299 Info Security News, 222 examining real-world, 215–216 Information Security magazine, 222 initiation, 213, 214 information technology, U.S. dependency on, 210 online resources about, 222 InfoSysSec, 222 options to reduce, 218–222 infrastructure attacks, 230–232 recognition of attack, 220–221 “Install error” message, 97 vulnerability recognition, 219 installing software, antivirus software and, 149 precautions, 241–247 instant messaging, 497. See also chat and instant backup files, 245 messaging viruses firewalls, 245 anonymity in, 414–415 passwords, 241–243 avoiding, 189 turning off file sharing, 243–244 as peer-to-peer computing, 251–252 updated software, 245 refusal of files, 175 reporting, 221–222 risks and prevention, 255–257 risk evaluation, 238–241 4127idx.qxd 6/19/02 5:53 PM Page 515

Internet connection • It Takes Guts to Say “Jesus” hoax 515

shut-down and recovery from, 302–303 Internet Relay Chat (IRC), 497. See also IRC stopping and recovering from, 221 viruses and terrorism, 210 worms and, 96 types, 216–218 Internet Safari, 486 data-driven attacks, 235 Internet ScamBusters, 349 denial of service attacks, 216, 218, Internet service provider 233–234, 495 anti-spam actions, 450 exploits, 229, 496 information sharing requirements, 331 impersonation, 227, 497 reporting attack to, 221 infrastructure, 230–232 spam-blocking, 442–443 session hijacking, 234, 500 Internet Tax hoax, 459 social engineering, 85, 226–227, 256, 501 Internet Watcher 2000, 475 transitive trust, 228–229, 502 Interscan VirusWall, 117 Internet connection interstitials, 466, 497 for LiveUpdate Wizard, 156 intrusion detection systems, 302, 497 Properties dialog box, Advanced tab, 286, InVircible, 146 286–287 Invisible KeyKey Monitor, 321 and risk of attack, 189, 239 Invisible Secrets, 394 Internet Connection Firewall (Windows XP), Iomega zip disks, 21 268, 281, 284, 285–288 iOpus STARR, 323 Advanced Settings dialog box, 287, 287 iOpus STARR Pro, 365 Internet Content Rating Association, 483 IP address Internet Explorer and anonymous Web surfing, 406 configuration for anonymous proxy server, attacker knowledge of, 87 407–408 Netstat list for listening, 92, 93 content filtering, 487–489 IP half scan, 497 cookie management, 379, 380–382 iPrive.com, 409, 412 disabling graphics display, 474 IRC (Internet Relay Chat), 497 disabling scripting, 184, 472 anonymity in, 415 vs. Opera browser, 472 avoiding, 189 security configuration, 77 for social engineering attacks, 226 security holes, 69, 107, 182 IRC script, 118 updates, 183 IRC viruses, 117–122 Internet filter, in McAfee, 161 common examples, 118–120 “An Internet Flower for You” subject, 131 current risk, 120 Internet Fraud Complaint Center, detection, 121 341, 342–343, 347 help online, 121 Internet Junkbuster Proxy, 475 how they work, 118 Internet Options dialog box (Internet protection against, 122 Explorer) removal, 121 Content tab, 487 ISP. See Internet service provider Privacy tab, 381 iSpyNOW, 365 Security tab, 77, 184 It Takes Guts to Say “Jesus” hoax, 130 4127idx.qxd 6/19/02 5:53 PM Page 516

516 Jammer • LoveLetter virus

J KidsPrivacy.org, 313 Kidz Privacy site, 314 Jammer, 146 KillAd, 471 Java, 69 KILROY-B virus, 45 Java applets, 10 “Kindly check the attached LOVELETTER McAfee to block, 161 coming from me” message, 73 JavaScript, 10, 22, 69 Klez virus, 14, 99, 110 configuration to prevent auto-run, 76–78 kROWSER, 486 disabling, 184, 471–472 embedding in e-mail, 108 for pop-up window, 469 L and Web browser changes, 479 laptop computer theft, 246–247 from Web page, 29 layered security architecture, 266, 266–267 Jerusalem virus, 47, 51 LIB viruses, 49, 497 JPG file extension, 26 life cycle of computer viruses, 12 JS file extension, 26 Life Stages worm, 120 JS/Kak worm, 72–73 LimeWire, 260, 367 JSE file extension, 26 link viruses, 48–49, 498 Jumbo, 181 Links worm, 73, 110, 119 junk e-mail, 497. See also spam Linksys, 285 junk fax law, 450 Linux operating system, virus infection, 8 Junkbusters, 335, 428 list merchants, 439, 498 Junkie virus, 51 LiveUpdate for Norton, 156 Jupiter Media Metrix, 428, 485 Local Area Connection Properties dialog box, General tab, 243, 243 K Local Area Network (LAN) Settings dialog box (Internet Explorer), 408 “Kagou-Anti-Kro$oft says not today!” message, locked systems, from virus, 194 72–73 locking device, for laptop, 247 KakWorm, 72–73, 110 log, 498 Kaspersky Anti-Virus, 140, 143 for employee surveillance, 323 Kaspersky Lab, 11 examining for attack indicators, 300 for current virus lists, 14 from Internet Connection Firewall, 288, 288 KaZaA, 253, 257, 260, 367 from Sygate Personal Firewall, Kerio Personal Firewall, 281, 283 290, 290–291, 291 key for digital encryption, 391, 497 login, racing to complete, 231–232 KeyGhost, 322 Lord of the Rings, 58 keyhook.dll, 91 Lotus Ami Pro, 57 keylogger software, 233, 497 Lovebug virus, 73 KeyLogger Stealth, 321 LoveLetter virus, 8, 73, 85, 89–90, 96, 110 keystroke loggers, 87, 321–322, 497 costs, 5 KFC Mutant Chickens urban legend, 459 impact, 4 kidney stealing urban legend, 460 4127idx.qxd 6/19/02 5:53 PM Page 517

LQT file extension • messages 517

variant creation, 68 Personal Firewall, 281, 282, 283 as worm, 99 sending infected file for analysis, 162 LQT file extension, 26 McAfee VirusScan, 140, 141, 143–144, LUCIFER.BOOT virus, 45 157–164 Lucky virus, 73 full-system scan, 158 infected file possibilities, 161–162 main window, 157 M Online service, 147, 148 macro viruses, 9–10, 24, 56–64, 498 real-time protection configuration, 160–161 antivirus software scanning for, 139 scheduling scans, 159 common examples, 58–60 Summary window, 158 current risk, 60 trial version, 157 detection, 60–62 updating virus definitions, 163–164 document types susceptible, 57–58 McAfee.com, 4 how they work, 56–57, 57 McNabb, Paul, 219 protection against, 16, 63 MDB file extension, 26, 57 removal, 62–63 MDE file extension, 26, 57 spread of, 20 MegaView, 188 macros, 498. See also scripts Melissa virus, 8, 58, 110 turning off in Word and Excel, 184 message boards, archived postings, 310 Macros dialog box, 61 Message Rules dialog box (Outlook Express), Madster, 254 Blocked Senders tab, 444 Magistr virus, 51, 131 MessageLabs, 117 Mail Abuse Prevention System, 428 messages, 6, 36 Mail Abuse Prevention System (MAPS), 433 “100% Done! Safe recovery successful!”, 119 MailGuard, 324 “And finally I would like to say…”, 60 MailMarshal, 324 from attackers, 256 MailMonitor, 117 “Bill Gates is guilty of monopoly”, 73–74 MailScanner, 117 “Does your name add up to 666?”, 70 Mailshell, 447 “Error While Analyze DirectX!”, 125 MAILsweeper for SMTP, 117 “File data corrupt”, 97 MailWasher, 146, 446 “Game’s over. I’m outta here”, 58 Make-a-Wish hoax, 458 “HELLO! Welcome to…”, 98 Maldal worm, 125 “Here is that document you asked for…” malware, 8, 84, 498 e-mail, 58 manual scanning, 139 “Important from” e-mail subject, 58 MAPS (Mail Abuse Prevention System), 433 “Install error”, 97 MAPS Realtime Blackhole List, 426 “Kagou-Anti-Kro$oft says not today!”, 72–73 Master Boot Record, 9, 42, 43, 498 “Kindly check the attached LOVELETTER Matthew virus, 45 coming from me”, 73 McAfee “President bush shooter…”, 124 AVERT, 17, 186 “Press any key”, 119 4127idx.qxd 6/19/02 5:53 PM Page 518

518 Michelangelo virus • NearDark virus

“Snowhite and the Seven Dwarfs”, 98 mirc.ini file, 118 “Some shocking news…”, 72 Missing Kids Web site, 359 “START UP ERROR”, 119 modem, automatic dialing as attack indicator, 298 “This program needs Flash 6.5 to Run!”, 124 money orders for eBay payment, 346, 347 “This will add a shortcut to free XXX Monopoly virus, 73–74, 110 links…”, 71 movie files, as virus risk, 26 “Twenty-two points…”, 58 MP3 file extension, 26, 27 “You have been infected by the Vbs.Shakira risk from, 181 virus”, 73 sharing files, 33 Michelangelo virus, 7, 45 swapping files, 252 news reports, 134 MPEG file extension, 26 Microsoft MPG file extension, 27 Hotfixes infection with Fun Love, 51 MSN Messenger, 124, 252 Security site, 245 Choke worm, 124 viewer programs for applications, 188 msrexe.exe, 87 Web browser patches, 30 mueexe.exe, 87 Microsoft Internet Information Server, CodeRed multilevel marketing scams, 461, 498 virus and, 98 multipartite viruses, 50, 498 Microsoft Office and Windows 95 Business Multipurpose Internet Mail Extensions Guide, 56 (MIME), 498 Microsoft Office, virus spread by macros, 24, 56. MusicCity Morpheus, 254, 367 See also macro viruses MusicPanel hoax, 130 Microsoft Outlook My-Newsgroups.com, 414 e-mail scanning by McAfee, 161 MyLife virus, 85, 99–100, 110 virus protection in, 112–113 Microsoft Security, 222 Microsoft Virus Protection Tool (ScanProt), 63 N Microsoft Windows 95 Software Compatibility Naked Wife virus, 85, 90, 111, 134 Test, 56 nanny cams, 320 Microsoft Word, macro alert configuration, 63 Napster, 33, 252, 254 MID file extension, 26, 27 Natas virus, 51 Millenium worm, 120 National Center of Missing and Exploited MIME (Multipurpose Internet Mail Extensions), Children, 359 69, 107–108, 229, 498 National Consumers League, 341 Klez virus and, 99 National Fraud Information Center, 341 MIMEsweeper, 170, 324 for online scam information, 349 Mindset Interactive, 368 National Infrastructure Protection Center, Mirabilis, 252 222, 303 mIRC program National Security Agency, 371 disabling “autoDCC get” feature, 94 national security, and privacy, 330–332 Options dialog box, 122 National Spam Mail Abuse Association, 428 worms and, 96 NearDark virus, 46 4127idx.qxd 6/19/02 5:53 PM Page 519

Neiman Marcus Cookie Recipe hoax • online activities 519

Neiman Marcus Cookie Recipe hoax, 457 News Service, 414 Net-Commando, 146 newsgroups. See Usenet newsgroups Net Nanny, 484 NewWorld virus, 74 NetBus virus, 87, 91, 120 NFR Security, 270 Netgear, 285 Nigerian Letter scam, 348–351, 461 NetMangler, 394 Nimda virus, 5, 52, 100, 111 NETObserve, 365 Nitrous Anti-Spy, 322 Netscape Navigator 6 NOD32 Antivirus System, 140, 144 configuration for anonymous proxy server, 408 Noha, Rob, 430 cookie management, 382–384 noise, from virus, 6, 36 Cookie Manager, 379 normal template in Microsoft Word, macro vs. Opera browser, 472 viruses in, 56 Netstat utility, 91–93 Norman Virus Control, 141 NetStumbler, 272 Norton AntiVirus, 140, 141, 144, 149–156 Network Abuse Clearinghouse, 428 full-system scan, 150, 151 network, activity as attack indicator, 299 heuristic scanning enablement, 153 Network Associates, PGP commercial infected file possibilities, 154–155 version, 393 real-time protection configuration, 152–154 network intrusion detection systems, 270, 302 Scan Summary screen, 150, 151 network protection, 266–272 scheduling scans, 152 for corporate networks, 116–117, 270–271 and Security Check, 148 demilitarized zone, 269 Status screen, 150 e-mail gateways, 269, 270 updating virus definitions, 156 firewalls, 267, 267–268 Norton Internet Security, 484 layered security architecture, 266, 266–267 Norton Personal Firewall, 280, 281, 282, 283 network intrusion detection systems, 270 Nostradamus and Terrorist attacks hoax, 456 proxy servers, 268 NoWarn virus, 74 for wireless network, 272 NTI Backup NOW!, 182 network worms, 97 Nuclear virus, 59 networks Nuke Nabber, 228, 301 connections, 31 initiating attack on, 214 risk from, 189, 240 O virus infection over, 21 OBJ viruses, 49, 498 New Ice Age hoax, 130–131 Okena StormWatch, 172 New Pictures of Family hoax, 130 one-to-one marketing, 312 new viruses, heuristic scanning and, 172 OneHalf virus, 52 New York Times, privacy policy, 316 OneKey, 489 New York World Trade Center terrorist Onflow Corporation, 368 attack, 209 online activities New Zealand virus, 46 and risk of attack, 239–240 news reports of virus attacks, 133–134, 185 tracking, 311–312 4127idx.qxd 6/19/02 5:53 PM Page 520

520 online services, antivirus • Pew Internet and American Life Project

online services, antivirus, 147–148 Panda Antivirus Platinum, 140, 145 open mail relay, 426, 498 Pando virus, 74 Open Relay Database, 426 panic, 193 openrbl.org web site, 449 parasitic viruses, 47–48, 499 Opera browser, 472 PARITY virus, 45 Options dialog box (Eudora), Viewing Mail password cracker, 499 option, 116 passwords, 220, 241–243, 388–390, 499 Options dialog box (Outlook Express), Security in corporate networks, 271 tab, 77–78, 78 creating stronger, 390 Options dialog box (Outlook), Security tab, 112, for laptop, 246 112–113, 114 requests to verify, 226 Options dialog box (Sygate Personal Firewall), software to crack, 242, 389 293, 293–294 theft of, 227 OptOut, 372 patches to web browsers, 30 outbound traffic, blocking, 280 pattern matching, 166. See also signature outgoing e-mail monitoring, 161 scanning Outlook payload, 499 alternative to, 188 PayLoad macro, 62 security configuration, 78 PayPal, 339 turning off scripts, 184 PC-cillin, 140, 145 viewing header information, 411 PC PhoneHome, 247 virus protection in, 112–113 Peacefire, 491 virus spread by, 8 Pearl Echo, 365 Outlook Express peeker pop-up window, 468, 499 alternative to, 188 peer-to-peer computing, 250–255, 251, blocking e-mail, 444–445 498, 499 blocking file receipt through e-mail, 187 distributed computing, 254–255 configuration for digital certificates, 401 file swapping, 252–254, 499 encryption in, 394–396 instant messaging, 251–252 removing blocked senders, 445 Pelican Security, 171 security configuration, 77–78 Pentagon terrorist attack, 209 turning off scripts, 184 PeopleFind.com, 329 viewing header information, 411 Per Site Privacy Actions dialog box, 382, 382 virus protection in, 114–115 Perforin, 146 overwriting viruses, 48, 498 personal checks for eBay payment, 346, 347 personal digital IDs, 400 for signing e-mail, 400–401 P personal firewall, 499 P2P. See peer-to-peer computing personal information, protecting, 256 Packet Log, from Sygate Personal Firewall, 291 personalized marketing, 312 packet sniffers, 312, 322, 498 PestPatrol, 95, 322 Packeteer, 369, 498 Pew Internet and American Life Project, 428 4127idx.qxd 6/19/02 5:53 PM Page 521

pfirewall.log file • program virus 521

pfirewall.log file, 288, 288 ports, 277 PGP (Pretty Good Privacy), 393, 499 PowerPoint, macros in, 188 PHP (Hypertext Preprocessor scripting PowerPoint.Attach virus, 60 language), 70 PPoint.Attach virus, 60 phreaker, 211, 499 PPT file extension, 25, 27, 57 physical attacks, protection against, 246–247 Prank virus, 57 physical breakdown, network protection Preferences dialog box (Netscape), Cookies against, 267 settings, 382–383, 383 PIF file extension, 25, 27 “President bush shooter…” message, 124 pings, 215 “Press any key” message, 119 pirated software, 32 pressplay, 181 risk from, 178 Pretty Good Privacy (PGP), 393, 499 Pirch, worms and, 96 Pretty Park hoax, 131 pIRCH.Events worm, 120 preview pane of e-mail program, 23 Pirus virus, 74 disabling in Eudora, 116, 116 Plagiarist virus, 52 disabling in Outlook, 113 plain text e-mail, 499 privacy, 308–320. See also anonymity vs. HTML, 108–109 assurance of, 319 Platform for Internet Content Selection, 483 for children, 313–314 Platform for Privacy Preferences (W3C), 319 and conflicting issues, 330–333 Pluma virus, 74 convenience, 332–333 PNG file extension, 27 national security, 330–332, 371 polymorphic virus, 50, 499 Internet Explorer levels, 380 Pop OFF, 471 potential abuses, 310–313 pop-under window, 468, 499 protecting online, 333–334 Pop-Up Stopper, 471 public access to private information, pop-up windows in Web browser, 308–309 466–472, 499 resources, 334–335 blocking, 471–472 security cameras, 320 closing manually, 470 Web site policies, 314–318 killer software, 470–471 in workplace, 321–325 making, 469 Privacy Coalition, 335 types, 467–468 Privacy Foundation, 330 POP3Now, 412 Privacy International, 335 PopNot, 471 Privacy Rights Clearinghouse, 335 Popup Ad Filter, 471 Privacy.net, 335 Popup Eliminator, 471 Privacy.org, 335 PopUpCop, 471 PrivacyX, 412 port, 499 private key for encryption, 392, 499 blocking by firewall, 279–280 Procter & Gamble Satanism urban legend, 460 port scanner, 215, 228, 499 program files, 25 port scans, as attack indicator, 301 program virus. See file infector viruses 4127idx.qxd 6/19/02 5:53 PM Page 522

522 programmers • risks

programmers. See also crackers Recycle Bin, recovering files from, 129–130 of viruses, 14–15 Reeezak worm, 125 proof of concept, 499 reformatting hard disks, 196 ProtectKids.com, 359 need for, 202 Protector Plus, 146 REG file extension, 27, 70 protocols, attacks exploiting weakness, 230 Regbomb virus, 74 proxy servers, 268, 500 Registry for Windows, 70 anonymizers as, 407–408 RegRun Security Suite, 146 public key, 500 relationships, moving from online to real public-key encryption, 392, 392–393, 500 world, 357 Publius, 416 remailers, 411–412, 500 pyramid scheme, 460, 500 remote access Trojans, 85, 86–87. See also in chain letters, 431 firewalls remote users, access to network resources, 269 RemoteComputer, 365 Q removal QT file extension, 26, 27 of boot sector viruses, 46–47 quarantined file, 197–198 of file infector virus, 53 analysis and repair, 155–156 of infected file, 198 in McAfee VirusScan, 161–162 in McAfee VirusScan, 161 in Norton AntiVirus, 155 in Norton AntiVirus, 155 reason for, 180 of instant messaging virus, 126 Quick Heal, 146 of IRC viruses, 121 of macro virus, 62–63 of script viruses, 76 R of Trojan horses, 93–94 Rabbit virus, 74 of worms, 102 racing authentication, 231–232, 500 repairing infected files, 197 Rainbow virus, 57 in Norton AntiVirus, 155 RAV AntiVirus Desktop, 146 replication of viruses, 6 reading encrypted message, 396 request in chain letter, 455 Real Secure, 270 research analysis of new viruses, 167 real-time scanning, 139, 500 restore point, 200 Really Nasty Virus, 129 restoring files from backup, 182, 199 RealOne, 181 restoring system after virus infection, 198–202 receiving signed e-mail, 401, 402 Retrospect Backup, 182 recordable/rewritable CDs Rewebber, 409 for backup, 182 Rhodes, Dave, 431 and virus spread, 21, 176 Rich Text Format (RTF), 187 recovery Riptech, 208–209 from Internet-based attack, 302–303 risks, 28–34 from virus attack, 17 assessment, 34–35 4127idx.qxd 6/19/02 5:53 PM Page 523

Rivest, Ronald L. • September 11th, impact on privacy 523

formal evaluation, 241 script language, 500 of Internet-based attacks, 238–241 script viruses, 10, 66–81, 500. See also macro Rivest, Ronald L., 393 viruses RoadBlock, 446 antivirus software scanning for, 139 robbery. See theft common examples, 70–75 router, firewall in, 279 current risk, 75–76 RSA cryptography, 393 detection, 76 RTF (Rich Text Format), 187 how they work, 66–67 rule-based password crack, 389 protection against, 76–81 rule sets for firewalls, 277, 280 with browser and e-mail configuration, creating in Sygate Personal Firewall, 76–78 294–295 by disabling Windows Scripting Host, rundll.vbs file, 71 78–81 run.exe, 87 removal, 76 Russian Password Crackers Web site, 389 types, 68–70 Script.Inf virus, 74–75 script.ini file, 118 S Script.ini worm, 120 Safer-Hex, 186 disabling, 121 Safeshopping.org, 340 scripts SafeSurf, 483 disabling to stop pop-ups, 471–472 SAM file extension, 57 turning off in Internet Explorer, 184 Sam’s Club urban legend, 459 turning off in Outlook/Outlook Express, 184 sandboxing, 170–171, 171, 500 Search Companion (Windows XP), 299, 300 saving files, and virus spread, 20 Secure-Me, 241 ScamBusters.org, 428, 461 secure server, 500 scams, 460–461 Secure Sockets Layer (SSL), 340, 500 Scan My Computer dialog box (Norton), 152 secure transactions, 340 scanning by antivirus software, 138–139 SecureNym, 412 scheduling daily, 186 Security dialog box (Word), 63, 64 scheduling weekly, 180 security holes, in Internet Explorer, 69, 107, 182 ScanProt (Microsoft Virus Protection Tool), 63 Security News Portal, 222 scheduling scans security patch, 229 daily, 186 SecurityFocus, 222 in McAfee VirusScan, 159 Select Your Background Scanning Settings in Norton AntiVirus, 152 window, 160 weekly, 180 selling on eBay, 346 scheduling virus definition updates, 156 selling private information, 310 SCR file extension, 27 Send Fake Mail, 412 screen messages from virus, 6, 36. See also sending encrypted message, 396 messages sending signed e-mail, 401 “script kiddies”, 219, 500 September 11th, impact on privacy, 330–331 4127idx.qxd 6/19/02 5:53 PM Page 524

524 Serialz.hlp file • spam

Serialz.hlp file, 71 Snopes.com Urban legends Reference Pages, server IDs, 399 135, 461 ServerWare, Snap-On Tools for Windows NT Snort, 270 CD, 56 “Snowhite and the Seven Dwarfs” message, 98 service agreement, 260 social engineering attacks, 85, 226–227, 256, 501 service set identifier (SSID), 272 and chat attacks, 123 session hijacking attacks, 234, 500 and password sharing, 390 session key, 501 Social Security number, 311 for PGP, 393 software, 29 SETI@home, 255 anti-spam, 446 Shamir, Adi, 393 Authenticode validation, 400 shareware, 501 content-blocker, 212 antivirus software, 146–147 to crack passwords, 242 risks, 32 and distributed computing project, 254 Shareware Place, 181 for port scanning detection, 228 Sheep worm, 120 reinstalling, 199, 202 Shergold, Craig, 430, 458 risk from pirated, 178 Shields UP!, 241 switching to earlier versions to avoid Shoch, John, 97 macros, 188 shopping fraud online, 338–342 updates, 183, 245 how to avoid, 341–342 virus creation kits, 67–68 risks, 338–339 virus impact on, 36 shopping online, complaint process, 341 virus infection, 5, 25. See also file infector shut-down, from Internet-based attack, 302–303 viruses ShyFile, 394 for Web site content filtering, 482 sick children, hoaxes involving, 458 Sohoware, 285 Siegel, Martha, 431 “Some shocking news…” message, 72 signature scanning, 138, 166, 166–168, 501 Somebody, 409, 412, 414, 415 problem with, 167–168 Sophos, 141 Silent Watch, 323 Virus Analyses, 17 SIMILE virus, 52 Virus Info Email Notification, 185 SimplyQuick, 318 sound files, 26 Simpsalapim worm, 120 on Web sites, 479 SirCam virus, 100–101, 111 source code viruses, 49, 501 impact, 4 source routing, 231 sleeper, 501 spam, 309, 422–428, 501 SmartMedia cards, and virus spread, 21 addresses for, 438–440 SMASHER, 471 blocking, 432–434 SMC, 285 easy measures, 440–442 sniffers, 228, 301, 501 extreme measures, 448–449 sniffing packet contents, 278 minimal measures, 452 moderate measures, 442–447 4127idx.qxd 6/19/02 5:53 PM Page 525

Spam Buster • swapping files 525

costs of marketing, 432 Spybot Search & Destroy, 372 defining, 429 SpyBuddy, 323 examples, 423–424, 424 SpyShield, 415 finding names for, 426 SpyStopper, 322 forging headers and spoofing addresses, Spytech NetArmor, 146 426–427 spyware, 259–261, 364–366, 440, 501 FTP bouncing to send flood, 230 for advertisers, 366–368 history, 430–432 blocking domains, 374 how it works, 425, 425–426 defeating, 371–374 issues and challenges, 433–434 identifying, 372 legal remedies, 450–451 users of, 366 misleading subject heading, 427 SSID (service set identifier), 272 Nigerian Letter scam, 348–350 SSL (Secure Sockets Layer), 340, 500 reasons for, 429–432 Stages worm, 120 reply to, 424 stalking, 354–355 Web sites about, 428 “START UP ERROR” message, 119 why it is a problem, 428–429 startup problems from virus, 194 Spam Buster, 446 options, 195–196 Spam Recycling Center, 428 stateful packet inspection, 277–278, 278, 280, 501 Spam.abuse.net, 428 in Internet Connection Firewall, 286 Spambam, 446 static virus, 50, 501 spamblock, 333–334, 445, 501 Stay Safe Online, 222 spambots, 439, 501 Stealth Activity Reporter, 323 SpamCon Foundation, 428 stealth virus, 501 SpamCop, 428, 447 Stealther, 409 SpamEater Pro, 446 stolen items. See theft Spamhaus, 428 Stoned virus, 46 SpamKiller, 446, 447 Stoned.Daniela virus, 45 SpamMotel, 447 Stoned.Michelangelo virus, 45 spamouflage, 427, 501 Stoned.NearDark virus, 46 SpamScan, 446 StormWatch (Okena), 172 spare-time processing, 254 Strange Brew virus, 75 Spector, 321 subscriptions to virus alerts, 185–186 spider software, for new virus search, 167 SubSeven Trojan, 87 spoofing addresses in spam, 426–427 Sulfnbk.exe hoax, 131 spread of computer virus. See computer viruses, Surf In Peace, 471 transmission process SurfMonkey, 486 Spy Chaser, 372 Surfola.com, 409 Spy Cop, 146, 322 swapping files, 33 SpyAgent, 323 adware and, 367 SpyAnywhere, 365 as peer-to-peer computing, 250, 252–254 4127idx.qxd 6/19/02 5:53 PM Page 526

526 Sygate Personal Firewall • Trojan horses

Sygate Personal Firewall, 280, 281, 282, “This program needs Flash 6.5 to Run!” 283–284, 288–295 message, 124 BackTrace feature in, 292 “This will add a shortcut to free XXX links…” configuration, 293–294 message, 71 response to attack, 291–292 threat from new computer viruses rules creation, 294–295 heuristic scanning and, 169–172 viewing firewall data, 289, 289–291 integrity checking and, 168, 168–169 Symantec signature scanning and, 166, 166–168 AntiVirus Enterprise Edition, 117 threat in chain letter, 454 information about virus hoaxes, 135 TIF file extension, 26, 27 Intruder Alert, 270 timing of virus scan Security Check, 148, 241 daily virus scan, 186 Security Response, 17, 186 weekly virus scan, 180 Security Response Newsletter, 185 Tiny Personal Firewall, 280, 281, 284 Security Response team, 155 TomCat Spyware List, 372 utility for managing WSH, 79 Top Secret Crypto, 394 symmetric-key encryption, 391, 391–392, 501 Top Secret Messenger, 415 SYS file extension, 25, 27 tracing spam, 448–449 sysedit.exe, 91 tracking online activities, 311–312 system files, 25, 501 tracking program, 502 restoring, 199, 201–202 tracking stolen computers, 247 System log, from Sygate Personal Firewall, 291 Traffic Log, from Sygate Personal Firewall, 291 systempatch.exe, 87 transitive trust attacks, 228–229, 502 transmission of computer virus. See computer viruses, transmission process T TransUnion, 328 Task Properties dialog box (McAfee), Schedule Trend Micro HouseCall, 148 tab, 159 Trend Micro Virus Information Center, 18 Tauscan, 95, 147 Trojan Defense Suite, 95, 147 TCP sequence guessing, 232, 502 Trojan horses, 10, 84–96, 502 TCP splicing, 232, 502 backdoor, 86–87 TechTV, 185 common examples, 87–91 terrorism current risk, 91 Internet-based attacks and, 210 and data-driven attack, 235 prevention vs. privacy, 330–332 detection, 91–93 Terrorists Stealing Trucks hoax, 459 as e-mail attachments, 107 text editor, for script creation, 67 first, 7, 86 theft. See also identity theft how they work, 84–86 of computers, 246 and peer-to-peer computing, 258 with Internet-based attacks, 216 protection against, 94–95 of personal information, 311 removal, 93–94 4127idx.qxd 6/19/02 5:53 PM Page 527

Trojan Remover • virus creation kits 527

spyware as, 364 Dot Cons site, 349 vs. viruses or worms, 95–96 on online privacy for children, 314 wrapping tools to hide, 259 and spam, 450–451 Trojan Remover, 147 U.S. Locator, 329 TrojanHunter, 95 U.S. Space Command Computer Network trust Operations Center, 209 in distributed computing project, 262 U.S. Supreme Court, 490 in host-to-host relationship, 228 USA PATRIOT Act, 331, 371 TRUSTe, 319 Usenet, 502 trusted authority, 399 Usenet newsgroups, 333 Tucows, 32, 181 anonymity in, 414 Turret’s Virus hoax, 131 archived postings, 310 TWA Flight 800 hoax, 456 software from, 178 “Twenty-two points…” message, 58 Usenet.com, 414 TXT file extension, 27 user profiling, 312–313 user reports of new viruses, 167 USSEARCH, 329 U Ultimate Anonymity, 409, 412, 414, 415 undeleting files from Recycle Bin, 129–130 V United Devices, 255 V-Buster AntiVirus, 147 United States government, Carnivore software, vandalism, 216–218 331–332, 368–371, 494 VB file extension, 27 United States, information technology VBE file extension, 27 dependency, 210 VBS file extension, 25, 27 University of Magdeburg, Business-Information VBS Love Generator, 68 Workgroup, 139 VBS/SST (AnnaKournikova) virus, 67, 75, 111 unsubscribe to spam, 441 VBS Worm Generator 2, 67 Update.hta script file, 98 VBS.AmericanHistoryX-II@mm virus, 72 updating antivirus software VBSWG virus, 75 costs, 139 VeriSign, 394 virus definitions, 179–180 VeriSign Secure Site Seal, 341 importance, 167–168 Very Bad Virus hoax, 131 in McAfee VirusScan, 163–164 Vexira Antivirus, 140, 145 in Norton AntiVirus, 156 videogames scam, 460 urban legends, 459–460, 502 Vienna virus, 52 Urban Legends Archive, 461 viewer program, for files, 188 U.S. Congress, and spam, 450 virus. See computer viruses U.S. Federal Bureau of Investigation, Carnivore Virus Alerts Mailing List, 185 software, 331–332, 368–371 virus alerts, subscriptions to, 185–186 U.S. Federal Trade Commission, 335 Virus Bulletin, 18, 139, 185 Consumer Response Center, 348 virus creation kits, 67–68 4127idx.qxd 6/19/02 5:53 PM Page 528

528 virus definition updates • Web sites

virus definition updates, 179–180 switching to Opera, 472 importance, 167–168 taking control, 478–479 in McAfee VirusScan, 163–164 updating, 182–183 in Norton AntiVirus, 156 Web bugs, 477, 502 virus hoaxes, 128–136 Web content zones in Outlook, 112–113 common examples, 130–133 Web pages costs, 129–130 caching on proxy server, 268 determining, 134–135 script viruses in, 69 how they work, 128–129 web searching for new viruses, 167 vs. real viruses, 133–134 Web sites resources, 135 anonymity when browsing, 406–411 stopping, 135 for anonymous e-mail services, 412 virus scanner, 502 on anti-spam software, 446 VirusList.com, 18, 186 avoiding unwanted downloads, 477–478 VisiNetic Firewall, 281, 284 for banner ad blocking, 475 Visual Basic for Applications (VBA), 9, 24 on chain letters and hoaxes, 461 Visual Basic Script, 68 changes as attack indicator, 299 viruses from, 66–67 content filtering, 482–483 Vmyths.com web site, 134, 135 from searches, 489 von Neumann, John, 6 on content filtering vs. censorship, 490–491 Vonnegut Speech hoax, 457 cookies from, 378–379 VShield background scanner, 160 defacement with Internet-based attacks, VX2 Corporation, 368 217–218 Vxer virus, 74–75 downloading files from, 32 risk from, 181 for encryption programs, 394 W hacking/cracking-oriented, 210, 219 W3 Anonymous Remailer, 412, 413, 413 on hoaxes, 135 W32/Hello virus, 125 initiating attack on, 214 W32/Naked@MM virus, 90 on Internet-based attacks, 222 W95/CIH virus, 50 for pop-up killer software, 470–471 war driving, 502 privacy policies, 314–318 warez, 32, 502 changes, 317–318 warnings as hoaxes, 458–459 removing banner and other ads, 473–476 WAV file extension, 26, 27 and risk of attack, 240 WBMV (Word Basic Macro Virus), 57 software from, 178 Web beacons, 477 on spam, 428 Web browser for spam filtering services, 447 blocking pop-up windows, 466–472 for spyware software, 365 configuration for protection against script tracking visits, 367 virus, 76–78 virus infection from, 22 for content filtering, 485–486 on viruses, 17–18 4127idx.qxd 6/19/02 5:53 PM Page 529

Web Window Killer • World Wide Web Consortium, Platform for Privacy Preferences 529

Web Window Killer, 471 displaying file extensions, 176 Webcam, 320 emergency startup, 195 WebShield SMTP, 117 encryption in, 397–398 WebWasher, 471, 475 installation CD, 202 We.C-IT, 324 Internet Connection Firewall, 268, 281, 284, weekly virus scan, 180 285–288 WEP (Wired Equivalent Privacy), 233, 272, 502 Outlook Express, virus protection in, 114–115 West Dakota Research Corp., 131 passwords, 241 WHOIS lookup, 449, 502 Pretty Good Privacy and, 393 WiFi wireless protocol, 233, 502 restore feature, 198, 200 WildList Organization International, 18 shared or private files and folders, 258 Win95.SK virus, 75 WindowSmasher, 471 windll.dll, 88 Winhelper virus, 120 windos.exe, 87 WinREG virus, 75 window.open command (JavaScript), 469 WinSpy, 323 Windows 95 WinWord.Concept virus, 57 disabling scripting, 79 Winword.Nuclear virus, 59 virus infection, 8 Wired Equivalent Privacy (WEP), 233, 272, 502 Windows 98, disabling scripting, 80 WiredPatrol, 359 Windows 2000, disabling scripting, 80–81 wireless cameras, 320 Windows (Microsoft), hiding file type wireless networks information, 176 impersonation attack on, 229 Windows Help, and virus spread, 70 network protection for, 272 Windows Me vulnerabilities, 233 disabling scripting, 80–81 WMA file extension, 26, 27 restore feature, 198 WMV file extension, 26, 27 Windows Messenger, 124, 252 WOBBLER hoax, 132 Windows NT 4, disabling scripting, 80 Word Basic Macro Virus (WBMV), 57 Windows Registry, 70 Word Macro 9508 virus, 57 HKEY_LOCAL_MACHINE\SOFTWARE\ Word (Microsoft) Microsoft\Windows\CurrentVersion\ disabling macros, 184 Run, 91 DOC file extension, 187 HKEY_LOCAL_MACHINE\SOFTWARE\ macro viruses in files, 8 Microsoft\Windows\CurrentVersion\ passwords for documents, 241 RunServices, 88 Wordmacro-Alert virus, 59 Trojan horses and, 87 Wordmacro-Nuclear virus, 59 Windows Scripting Host, 66, 67, 68 WordMacro.Colors virus, 57 disabling, 78–81, 188 working conditions. See corporations Windows System Restore, 200–201 workplace, privacy in, 321–325 Windows XP World Trade Center (N.Y.) terrorist attack, 209 disabling file sharing, 243 World Wide Web Consortium, Platform for disabling scripting, 80–81 Privacy Preferences, 319 4127idx.qxd 6/19/02 5:53 PM Page 530

530 Worldwide Lexicon • ZoneAlarm

Worldwide Lexicon, 255 Y WormGuard, 147 Yahoo! worms, 6, 10–11, 48, 84, 96–103, 502 attack on, 208 common examples, 97–101 privacy policy, 317, 318 current risk, 101 Yahoo! Messenger, 124, 252 detection, 101–102 Yahooligans!, 489 how they work, 96–97 IRC script to send, 118 “You have been infected by the Vbs.Shakira virus” message, 73 origins, 97 protection against, 102–103 YourOwnPrivateEye.com, 329 removal, 102 vs. Trojan horses or viruses, 95–96 wrapping tools, 259 Z Zacker worm, 125 WTC Survivor virus hoax, 132 WTC Tourist hoax, 457 ZDNet, 32, 181, 185 WW6Macro virus, 57 attack on, 208 www.symantec.com.vbs file, 72 Zero Popup, 471 Zip disks for backup, 182 X and virus spread, 21, 175 X-Cleaner, 322 ZIP files Xerox Palo Alto Research Center, 97 risk from, 177 XLS file extension, 25, 27, 56 scanning by antivirus software, 144 preventing use, 187 zombies, 215, 502 XLW file extension, 25, 27, 56 ZoneAlarm, 280, 281, 282, 285