NIU Department of Mathematical SciencesVirus and Security Alerts
NIU Department of Mathematical SciencesPlease see below for other sources of information.
12/2/2001 EJB
Big hole in all versions of Internet Explorer, potentially allowing
remote access to all local files. Disable ActiveX in Explorer.
11/20/2001 EJB
BADTRANS virus, really bad.
9/18/2001 EJB
"Nimda" worm; spreads in many ways. Disable Scripting/Active Scripting
for all security zones in Internet Explorer. If running Windows 2000 Pro
or XP, patch the IIS server software. Do not open letters with unknown
attachments. See the
NIU ITS page
for more details.
9/4/2001 EJB
"Readme worm": arrives in a letter with "Subject: As per your request!"
and an attachment named README.EXE.
8/10/2001 EJB
SirCam mail virus, arrives as a letter with the phrase
"I send you this file in order to have your advice" (or its
equivalent in Spanish), and an attachment whose name has a
double extension such as .xls.pif, .doc.exe, etc.
4/18/2001 EJB
W32.Matcher (W95/HLLW.Matcher.A, Matcher) mail virus, affects Outlook.
4/2001 EJB
Several Linux worms which exploit holes in some implementations
of BIND, lprng, etc. Also holes in several Unix ntpd and ftpd
versions. See the SANS and CERT Web sites for
details.
2/12/2001 EJB
An "Anna Kournikova" virus is spreading fast, infecting MS Outlook
and mailing itself out to all recipients in an addressbook.
Please do not open unknown attachments.
1/18/2001 EJB
A new variant of Melissa is making rounds. The Mac version of Office 2001
(not just the Windows one) is reportedly vulnerable to it.
12/1/2000 EJB
The e-mail MATRIX trojan infections are on the rise. It affects Windows
PCs if the attachment containing it is opened. It is difficult to remove.
11/14/2000 EJB
The e-mail TROJ_NAVIDAD.A trojan is circulating. It affects Windows PCs
running Outlook.
7/19/2000 EJB
More serious problems with some versions of the Microsoft Office
suite and Windows have been found. Please see
the SANS
Institute page and the
Microsoft bulletin for details.
7/11/2000 EJB
network.vbs, yet another Visual Basic worm, was detected on campus. If
you use Windows file sharing, see
this link
for more information.
6/19/2000 EJB
CERT advisory
about new vulnerabilities in Windows (potentially affecting users of
Internet Explorer/Outlook)
"Life Stages" e-mail worm spreading; see one of the links
below for details. Do NOT open unknown attachments!
6/6/2000 EJB
Some glitches in the way digital certificates are handled by
MS Internet Explorer were found; see the
Microsoft bulletin.
The impact is somewhat similar to that of an earlier problem
discovered in Netscape (see below).
5/27/2000 EJB
Another Outlook-related e-mail worm, with "Resume - Janet Simons" in
the subject. Do NOT open unknown attachments!
5/19/2000 EJB
New more dangerous variants of the ILOVEYOU virus are propagating.
See this page provided
by NIU for more information.
5/13/2000 EJB
The
"KAKworm"
e-mail virus is spreading fast with potentially more serious
consequences than the "ILOVEYOU" virus. If you use MS Internet
Explorer v.4 or v.5, and/or Office 2000, please download and run
the fix
from
Microsoft or our local copy.
The MD5
checksum of the program is
f7bd9c364aff093228c42fd8546ee4d1.
5/12/2000 EJB
A problem with SSL verification and encryption in Netscape has
been found. To check which version of Netscape you are running,
choose the "About Communicator" in the "Help" menu on the right.
If the version is 4.72 or below, and you intend to transmit
confidential information (banking, passwords, credit cards) via
the browser, please see a separate
page for details.
Keep in mind that you are more likely to get a copy of the worm from someone you know well rather than from an unknown source, because most of the worms use data in a personal addressbook to propagate themselves after infecting someone's computer.
A virus hoax is a false alarm about a non-existent threat. Such alarms would appear harmless, but the avalanche effect of people passing them on to others can have serious consequences in terms of mail traffic and disk storage. Always consult one of the links listed below to make sure a warning is real before passing it on.
In addition to the potential for damage to data or software, newer viruses and trojans (as well as Java or JavaScript code embedded in Web pages) can attempt to intercept confidential information stored on the user's system, or to trick the user into revealing such data.
Workstations running Unix are comparatively safe from viruses and worms. Unix software tends to disallow automatic execution of code coming from the outside. In addition, thanks to the idea of file permissions any damage would be limited to a single user's files, and those files are likely to be backed up. Still, if you receive an attachment with a shell script containing "rm -rf ." and then tell the system to run it, the consequences will not be pleasant. Make sure that you only execute identifiable programs received from trusted sources.
PCs under Windows
The tight integration of programs that communicate with the outside world (e-mail, browsers) with the system and application software makes Windows PCs particularly vulnerable. The inclusion of features such as automatic decoding of attachments or execution of Visual Basic macros embedded in documents increases the risk greatly. The default settings that enable these features are typically unsafe.
Opening unknown attachments by hand is a very bad idea to begin with. Allowing such actions to take place automatically is asking for disaster. Please go through the settings in Internet Explorer, Outlook Express and the Microsoft Office suite (Word, Excel) and make sure that the options are set to reasonably safe values. Programs such as Netscape, Word Perfect or Eudora tend to be much less vulnerable because they are less closely integrated with the system and they lack the ability to execute Visual Basic.
Macs
For various reasons there have been far fewer virus-related problems with Macs than with PCs, although they also lack system-level file protections of Unix and have a powerful scripting facilities built into the OS. But the current Mac version of the Microsoft browser and Office suite cannot run Visual Basic code, making it much safer; and MacOS accounts for only a few percent of installed systems, meaning that few virus writers are likely to focus the effort on it. Still, Mac viruses do exist, so please use good judgement when executing unknown software of any type. In particular the CD "AutoStart" feature has been used to infect Macs; this is especially risky these days, when home-made CDs are becoming commonplace. You can turn off AutoStart in the CD panel in the Control Strip.
Browsers
In addition to problems mentioned above, both Internet Explorer and Netscape implement JavaScript, Java and SSL (the cryptographic mechanism for encoding traffic and verifying the authenticity of the server being accessed). There have been problems with all three.
JavaScript, created by Netscape, is a simple language designed to allow building "neat tricks" into pages. It is useful and fun to use, but not very safe. I suggest leaving it disabled in the browser unless a specific page which you want to access requires it. Remember to turn it off again later.
Java is quite secure by design, but in practice there have been bugs in its implementations. In addition, many versions of the browsers have problems running it, or gracefully recovering from errors in Java code. Enabling it also tends to consume a lot of memory and CPU. As with JavaScript, I recommend keeping it disabled except for the rare cases when it's needed.
SSL is used when a browser accesses a "secure document". This allows safe transmission of important secret information such as passwords or credit card numbers. You typically get a warning dialog before the page appears. There have been some problems with implementations of this mechanism. In particular, if you are using Netscape 4.72 or earlier, please see also the alert notice above.
CERT (Computer Emergency Response
Team)
The SANS Institute
DataFellows (F-Secure)
Corp. virus database and a list of
known
virus hoaxes
NIU ITS page
about current viruses
Back to the NIU Math Department Web page