Security Roundup

The National Infrastructure Protection Center (NIPC) and the FBI have been investigating the activities of organized hackers they believe originated in Eastern Europe and Russia. The hackers have been able to obtain American credit card numbers through e-commerce sites, then attempt to ransom the numbers back to their owners or credit card companies or threaten to publish the numbers on the Internet.

The hackers penetrated holes in Microsoft Windows NT systems, and the vulnerabilities have been known since as early as 1998. Many users, however, did not patch their systems and thus became victims.

The virus of the week is the W32/[email protected], or Naked Wife virus. The Naked Wife virus consists of a file attached to an e-mail message with the subject “Fw: Naked Wife” and the message “My wife never look like that! ;-)”. When run, NakedWife.exe copies itself to a Temp directory and displays a window entitled “Flash” and purports to be a property of JibJab Media. After attempting to delete all .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the Windows and Windows\System directories, the “Flash” window informs the user that they’ve been the victim of a ruse.

It would seem obvious that this is a virus – after all, how many strangers send pictures of their naked wives to their entire address books?

Another recent virus uses an open mail relay to deliver a .EXE file. CERT, Carnegie Mellon University’s network security clearinghouse, reports on the Hybris Worm. The worm is a piece of malicious code that propagates through e-mail messages and newsgroup postings and targets Windows machines. The user must execute an attachment in order to become infected.

The worm infects the Windows networking library WSOCK32.DLL file, subverting normal e-mail behavior, and sends a copy of itself any time an infected user sends an e-mail message. The e-mail message containing the virus masquerades as a pornographic story.

As Sophos Anti-Virus’ Graham Cluley said, “Think with your head, not your groin.”

Finally, a bug in Microsoft Internet Explorer. A newly divulged IE vulnerability could allow a hacker to run code of his choice, if a user visits the hacker’s Web site or opens an HTML e-mail from the hacker.

The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user’s local machine. A vulnerability exists because it is possible for a Web page or HTML e-mail to learn the physical location of cached content. With this information, a hacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.

A patch for IE 5.01 SP1 is available at, and for IE 5.5 SP1 at - Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • The Case for In-Application Backups

    Application-integrated backup tools should never replace conventional backups, but they have their place.

  • Microsoft Uniting OneDrive and SharePoint Admin Portals Next Month

    Microsoft is converging its OneDrive and SharePoint Admin Center management portals, with a consolidated portal expected to arrive for Microsoft 365 subscribers "through February."

  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

comments powered by Disqus