Brought to you each week by the PC Gurus, a loose collection of volunteers from around the Kentuckiana region.
You can interact with the team via chat room or BBS at www.thepcgurus.com. There are usually members present in the chat room after 8:00 PM every evening and you can post computer questions, comments, rants etc. on the bulletin board 24/7.
If you’re new to the Newsletter you can read back issues at Team member JP Durbin’s website at http://www.jpdurbin.net. There are links to all the old 84 Online issues as well as the new GuruNews missives.
The WHAS Crusade for Children provides year round support for needy children throughout the Kentuckiana region. Visit http://www.whascrusade.org to make donations online.
4-21-05
We speak often about viruses in this newsletter but I don’t think we’ve ever explained exactly how new viruses are found, analyzed and added into the definition list that you get from your antivirus software manufacturer. My own adventure with a new virus yesterday seemed like an excellent tool for explaining exactly how the antivirus industry works and how you can help.
This little tale actually starts Tuesday evening, when I received an email “from” a team member. The email message had no subject and the body of the message was blank. It was just a compressed attachment called “Be_not_jealous.zip”. I was of course suspicious since there was no information from the “sender” about what this was and I had no prior knowledge that it was coming.
I use “from” and “sender” because most modern viruses will spoof the address of the sender, preventing a savvy recipient from advising the actual source of the virus that they are infected.
My antivirus program (Panda Titanium 2005) didn’t warn me that the attachment was infected so I saved it. Using FreeZip I determined that the compressed file contained one file called “be_not_jealous.exe” and I became even more suspicious. No IT professional would ever send an executable file as an attachment with no warning or explanation. At that point it was late and I hit the sheets.
Since my work and Guru mail settings save messages on the servers for a couple of days I received the same message at work Wednesday morning and decided to pursue it further.
I again scanned the email, the zipped attachment and the file after uncompressing it and again no virus was found. This is where end users like us can help. Antivirus firms depend on computer users to send them samples of suspicious files for analysis, and then they can classify them, figure out what exactly they do and a way to undo it and add the name and usually a small snippet of the virus code to their database. The next time you get an update you are protected from that virus.
In my case I could do this through the antivirus program itself. In the Panda console click the Services link and then click the option to send suspicious files. The instructions are easy to follow and take just a minute or two. You supply your email address and a description of the file and why you find it suspicious, add the file to the message and send it.
About 20 minutes after I submitted my suspicious file I received two emails from Panda, one acknowledging that they had received it and another identifying the family and variant that included a link to a temporary signature file for me to use to disinfect the virus.
Initially they classified the virus as W32/Bagle.CK.worm. The temporary sig file did indeed detect and delete the suspicious attachment, but yesterday evening when I got home I scanned the file and it was identified as being infected with Bagle.CM. That got me curious so I checked Panda’s website and discovered that 5 new variants of this particular virus strain had been added yesterday, labeled .CJ through .CN. Not that it really matters but I’m assuming the got a later submission of a file with an earlier time stamp. Who knows?
The method of reporting varies among antivirus firms but all of them depend upon the practice, as well as an agreement that once an individual company classifies a new virus and updates their own definitions they immediately share their information with other companies. It’s all about safety after all ;)
As examples Norton uses a web interface for reporting at https://submit.symantec.com/gold/. AVG prefers you zip and password protect the file and email it to virus@grisoft.com along with a description of why you’re submitting and the password for the compression and Kaspersky just wants the raw file through http://www.kaspersky.com/scanforvirus.
Check your antivirus program’s help files or read through the FAQs on the manufacturer’s website to find out how you can do this yourself. Before you submit a file make certain that you have the latest virus definitions, that you have saved the attachment to your hard drive and scanned it, that the email delivering it was out of whack somehow and that the file can actually be executed (.exe, .bat, .com, .pif etc.).
Happy hunting ;)
Kevin Mefford, Editor
Following
Intel's release of dual-core Pentiums last week, AMD has
announced their own
solution, coming to a really, really fast computer
near you soon:
http://www.internetnews.com/ent-news/article.php/3499366
Google
is trying out a new service that allows you to store all your
past search
requests and the resultant results. As the headline asks,
what could go
wrong? Well...:
http://www.theinquirer.net/?article=22688
If
you've ever received an e-mail telling you to update your bank
information or
else then you've seen a phishing scam in action. Now
AOL is stepping up
to the plate with some defense:
http://www.businessweek.com/ap/financialnews/D89JEQ4O0.htm?campaign_id=apn_tech_down
Finally
now that science has cured cancer, AIDS and alleviated world
hunger, it
has turned its attention to why some kernels remain
unpopped. Thank
goodness we've worked that out:
http://abcnews.go.com/Technology/wireStory?id=689898
Copy
us on the good stuff ;-)
Matthew Dattilo
thepcgurus@gmail.com
www.opaquelucidity.com
If you want help with your Derby picks send an email to Guru Daniel Williams. Last week’s email answer included his opinion that a new release of the Firefox web browser should be available soon and four days later Mozilla posts 1.0.3 for download. You can get it from www.mozilla.org.
On second thought, forget the emails. He’ll be too busy picking my horses!
Q: I unfortunately have lost my favorites
menu much to my distress. In
this menu was a website that I had gotten from
the "old days" of your
radio broadcast. The site listed what the various
start up junk is and
what the value of keeping it there. Please tell me again
where I can
obtain it. Also, PC World sent me an email referring to Start
Up
Mechanic software that is freeware. Have you heard of it or
had
experience with the value of it?
A: I believe you are talking about the Pacs
Portal website. Here's the
link to it.
http://www.pacs-portal.co.uk/startup_content.php
I
have no experience with Startup Mechanic, but generally tend to shy
away from
programs that load on startup, to monitor, prevent and
control programs that
load on startup - If you get my drift. Others on
the team may chime
in.
Hash
hash@ucanweb.com
If you have tech support
questions or ideas and/or submissions for our newsletter please submit them by
visiting www.thepcgurus.com and click
on the “Email the Team” icon.
Copyright 2005, The PC
Gurus. All rights reserved.
Publication, rebroadcast or storage is prohibited without prior consent,
however you may freely forward this publication to friends as long as A) it is
forwarded in its entirety and B) no fee is charged.
Information provided in this
publication is provided "as is" without warranty of any kind, either expressed
or implied. Although the
information provided is known to work on most systems, it may not work on ALL
systems. Make use of any
information supplied at your own risk.
The PC Gurus are a group of
volunteers who provide support for the PC, Mac and Linux users in the
Kentuckiana region.
To unsubscribe from this newsletter send an email to microdome@seidata.com with the words “unsubscribe newsletter” (without the quotes) at the top of the body of the message.