Security Roundup

The National Infrastructure Protection Center (NIPC) and the FBI have been investigating the activities of organized hackers they believe originated in Eastern Europe and Russia. The hackers have been able to obtain American credit card numbers through e-commerce sites, then attempt to ransom the numbers back to their owners or credit card companies or threaten to publish the numbers on the Internet.

The hackers penetrated holes in Microsoft Windows NT systems, and the vulnerabilities have been known since as early as 1998. Many users, however, did not patch their systems and thus became victims.

The virus of the week is the W32/[email protected], or Naked Wife virus. The Naked Wife virus consists of a file attached to an e-mail message with the subject “Fw: Naked Wife” and the message “My wife never look like that! ;-)”. When run, NakedWife.exe copies itself to a Temp directory and displays a window entitled “Flash” and purports to be a property of JibJab Media. After attempting to delete all .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the Windows and Windows\System directories, the “Flash” window informs the user that they’ve been the victim of a ruse.

It would seem obvious that this is a virus – after all, how many strangers send pictures of their naked wives to their entire address books?

Another recent virus uses an open mail relay to deliver a .EXE file. CERT, Carnegie Mellon University’s network security clearinghouse, reports on the Hybris Worm. The worm is a piece of malicious code that propagates through e-mail messages and newsgroup postings and targets Windows machines. The user must execute an attachment in order to become infected.

The worm infects the Windows networking library WSOCK32.DLL file, subverting normal e-mail behavior, and sends a copy of itself any time an infected user sends an e-mail message. The e-mail message containing the virus masquerades as a pornographic story.

As Sophos Anti-Virus’ Graham Cluley said, “Think with your head, not your groin.”

Finally, a bug in Microsoft Internet Explorer. A newly divulged IE vulnerability could allow a hacker to run code of his choice, if a user visits the hacker’s Web site or opens an HTML e-mail from the hacker.

The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user’s local machine. A vulnerability exists because it is possible for a Web page or HTML e-mail to learn the physical location of cached content. With this information, a hacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.

A patch for IE 5.01 SP1 is available at, and for IE 5.5 SP1 at - Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus