This newsletter has been produced to help you get the
most out of the Internet,
and to keep you, as an Actrix customer, informed of developments and services within the
company.
Past newsletters may be viewed at http://editor.actrix.co.nz/
Newsletters are now archived by article at http://editor.actrix.co.nz/byarticle/
Questions and comments about the newsletter can be e-mailed to editor@actrix.co.nz
Other inquiries should be e-mailed to support@actrix.co.nz
I've been plagued lately by dozens of bounces dumped suddenly in my inbox telling me that e-mails I have sent to all sorts of strange people were unable to be delivered or were rejected because they contained viruses. I've had a few customers inquire about the problem too. We don't recognise the addresses we're supposed to have sent the e-mails too, and the subjects and contents of the bounced e-mails are totally unfamiliar. Many of the bounce messages also contain attachments, and nowadays, when viruses seem to be lurking around every corner, these are also a concern. Just what is going on? Did my computer really send out those e-mails or viruses without my knowledge? Is my computer infected even though I run Nortons? What nefarious mischief is about to happen next?
This article will address these concerns. While this type of thing is becoming a nuisance of rising prevalence, the good news is that the person receiving all the sudden bounce messages probably isn't infected by the virus in question. This is all part of normal virus behaviour, and most will find that these unwieldy gluts of annoying bounces will come and go in groups. Keep reading to find out why.
Now imagine that Fred Blobbybottom, who's e-mail address is fred@blobbybottom.co.nz gets a virus on his computer. This virus is programmed to send itself on to every e-mail address it can find. But in order to send itself, it needs to include a "from" address. It could use the e-mail address on the machine it has hijacked, but that would be no good. If it did that, then everyone would be able to tell right away that Fred Blobbybottom's computer was infected. Lots of people would tell him and he would get his machine fixed. That would be the end of the virus on Fred's machine.
|
| Mandy was sure something very odd was starting to happen... |
A virus is programmed to hide itself so that it can carry on doing its mischief. So, rather than let everyone know where it lives, it forges the sending address when it sends itself out, and puts another e-mail address into the "from" field. Let's imagine Fred's girlfriend's e-mail address is mandy@mudapple.co.nz. Of course Fred has her in his address book. When the virus on Fred's machine sends itself out, it might send the first 100 versions of itself out and use Mandy's address in its from field. Ninety-five of these first 100 e-mails it sends itself through will probably be delivered successfully to other people. Five or so might bounce, but where will the bounces go? They won't go back to Fred because the virus didn't use fred@blobbybottom.co.nz as its sending address. Instead, the bounces will go to Mandy's inbox. Poor old Mandy gets all these bounces, and she wasn't even the one who sent out the virus.
There will also be plenty of cases, too, where people with up-to-date virus scanners will receive the disguised e-mails sent from Fred's machine. Their virus scanners, such as Norton or AVG, will send the message back saying that it couldn't be delivered because it had a virus attached. Poor old Mandy gets these returns, and it looks to her like she's the one who has been sending out the virus. Even if she's savvy enough about e-mail to know all about what I'm writing here, she isn't able to be of much help to Fred. There is nothing in the bounces or reject messages that makes it immediately obvious that they came from her boyfriend's machine. It's a pickle!
It gets more complicated because, as we noted already, the virus is pretty sophisticated at hiding its tracks. It may use Mandy's address for a while to send itself out, but then it will change and use another address it has pilfered from Fred's address book, say the e-mail address from one of his other girlfriends. This way, there aren't too many clues pointing in any one direction that might alert people to the virus's whereabouts. This is why you (or Mandy) might suddenly get inundated with a whole lot of bounce messages for e-mails that you (or she) didn't send, and then they will stop just as suddenly. The virus has finished with using the first address in its "from" field, and is now using someone else's. Don't feel slighted though. You or Mandy probably get a turn again sometime soon.
Viruses are developed enough these days not to just rely on the address book of their host machine. Many lurk until they have the opportunity to connect to somewhere else online so that they can download a new set of e-mail addresses they can use to masquerade as coming from. This helps explain why many of the bogus bounces you receive appear so strangely to be from overseas, or why the bounce message is sometimes in another language.
Many ISPs, Actrix included, will turn the bounce function off on its virus scanners when the virus is known to fake its sending address (which is the case with just about all of them). Unfortunately, not all do this, and it just contributes to the problem. In most cases, they'll get around to it eventually, and the barrage of falsities will cease, but it can take time, and there's not a whole lot you can do about it.
And, unfortunately, there's just not a whole lot any individual can do to stop this occurring for them. The purpose of this article has not been to help you stop it happening, but rather to reassure you that if this happens, you're probably not the one who's infected or to blame. The best thing you can do is to make sure you don't get infected yourself and so become a part of the problem for others. To do this, you need to run up-to-date anti-virus software, and you need to keep your operating system up-to-date by installing all the security patches available free at http://windowsupdate.microsoft.com.
Printer friendly version of this article...
If you'd like to ask a question or request some help on any Actrix
or Internet-related matter. Simply send me an e-mail
with the word "Forum" in the subject line. I'll try and answer your question by
return e-mail, and will also post the answer here for the benefit of others who may have a
similar question or problem. By the same token, if you read something here and think you
may have something to suggest, please feel more than free. Please also note that questions
and answers may turn up under the Helpful Tips section on the Actrix home page (www.actrix.co.nz).
Gilbert writes: Hi Rob, I have the problem of having to pay some four dollars a month to Telecom for a toll bar on my phone. This came about when I clicked on a item on the e-mail lists titled "Fun-Fun -Fun, and that sender got control of my modem and made toll calls to overseas addresses. Telecom agreed that If I got the toll bar, then the toll charges would be dropped this time. I am finding the toll bar a real nuisance as I keep forgetting it when making personal toll calls . The question is do I have to have this toll bar on forever, or can I stop it and be very careful in future what I click on? Yours Gilbert.
Hi Gilbert, I shouldn't think you would need to have this tollbar there permanently, especially now that you know to be very careful what you are clicking on. My suggestion would be to have Telecom remove it, but only after you are double-sure that you have removed the spyware/auto-dialler in question.
The first step (if you haven't done so already) would be to identify exactly what the spyware/auto-dialler is, and then look on the web for ways to remove it. Google may be a great help here. You should also run either Ad-Aware or SpyBot Search and Destroy as these programs should help you locate and destroy the spyware/autodialler.
After that, remove the toll bar and watch your Internet connection very carefully every time you turn the computer on. If it starts to dial up without your consent, then you haven't gotten rid of it and you had better unplug your modem and seek some professional help. Spyware/auto-diallers can be hard to remove, but not impossible.
Please have a look at some recent articles I've written for the newsletter on this sort of thing. They will give you a few tips, and the links you need for the free anti-spyware programs, etc.
Along
Came a Spyware (June 2003)
Another
Day, Another Dialler (April 2004)
Frances writes: Hi there Rob Can you please tell me how to stop a new entry being automatically put into my address book when I click reply to an email of someone who is not in my address book. I know it can be done but cannot remember how to do it. Many thanks, Frances
Hi Frances, Sure. This one is pretty easy. With Outlook Express open, click Tools (menu at the top) and then "Options" in the drop down box. Click on the Send tab, and then untick the box that says "Automatically put people I reply to into my Address Book." Click the Apply button and then the OK button.
Terry writes: Hi Rob, I am currently trailing "Systweaks programme Advanced Windows Cleaner". It has a function to search for duplicate files and it turned up a surprising number of duplicate "Windows System" files on the hard drive. I always down load Windows patches. Would patches account for so much duplication? Thanks Terry.
Hi Terry, I would tend to doubt that it is Windows Updates or patches which would cause the duplicate files to exist on your hard drive. I would expect these would put new files, or revamped versions of old files where they were originally designed to be when Windows came off the production line.
These duplicate files are more likely to be placed in different locations by new programs that you have installed over time. In order to work on the Windows operating system, many programs depend on some of the same basic Windows files (mainly .dll files), but they may put their copies of them in different places on your hard drive depending on where they want to go to find them when they need to be used. It's possible they are left behind, too, when these other programs are uninstalled.
Sometimes these files can be safely deleted. Other times, they may cause your other programs not to work. If Systweak finds these duplicates for you, I hope it can distinguish between the two before it deletes them. if you're not sure about this, then you'd be best to check the software's documentation about deleting duplicate files, or contact them directly.
Dianna writes: Dear Editor, I’m not sure if you have dealt with this problem in the past, but I have had quite a few syn port attacks in the past few weeks, (I use McAfee Firewall if this makes any difference). What is a syn port attack and what should I do about it when one occurs? Thanks Dianna
Mike Cooper from the Actrix Help Desk replies: Hi Dianna, Software firewalls are very much the in thing on the internet at the moment, and the manufacturers tend to configure them to pop alerts up at the slightest movement to provide reassurance that it is doing something.
In reality, whilst firewalls are a nice security measure, they do tend to be quite problematic. The messages they pop-up are often quite confusing and as you've experienced can be quite concerning.
The "syn attack" your firewall is reporting is most likely just internet noise. At any time whilst on the internet your computer will be making connections to other computers all over the world to get web-sites, make chat conversations and download e-mails. These computers at times may try to connect back to you to see if you're still online and using their service, or other computers on the net may accidentally bump into yours on their way somewhere else. Any of this kind of activity, whilst completely benign is likely to register some kind of alert on your firewall.
As the firewall should be protecting you against any intrusion, it should be safe to disregard any alerts it pops up that purport attacks or intrusion attempts etc. It may even be worthwhile disabling the notifications so you can browse without being disturbed by this.
Printer friendly version of this article...
To complement our free anti-virus service for all customers, we had
hoped to have free anti-spam measures in place by now. All of the work has been completed
to implement this service, but we have been delayed by a failure on the part of our
suppliers to provide all the equipment we need. We still expect to have spam filters
running on our mail servers in the very near future. In the meantime, here are anti-virus
statistics for June 2004.
--------------------------------------------
| Emails scanned: | 4,434,077 |
| Viruses found: | 378,967 |
| Percentage of emails containing viruses: | 8.54 |
| Top 10 Viruses for June 2004 | |
| Worm.Zafi.B | 115,566 |
| Worm.SomeFool.P | 79,381 |
| Worm.SomeFool.Gen-1 | 58,827 |
| Worm.SomeFool.Z | 42,249 |
| Worm.Sober.G | 18,893 |
| Worm.Lovegate.X | 15,656 |
| Worm.SomeFool.Gen-2 | 15,653 |
| Worm.SomeFool.Q | 8,660 |
| Worm.Bagle.Z | 5,504 |
| Worm.SomeFool.I | 2,463 |
--------------------------------------------
Please note: Actrix supplies links to these sites for your interest and possible use. We cannot endorse or take any responsibility for their contents.
 McAfee AVERT Stingerhttp://vil.nai.com/vil/stinger/ - "Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations." |
 Double-Tongued Word Wresterwww.doubletongued.org/ - English has an open-door policy for other languages, gladly accepting foreign words and slang into its ranks. This tends to create a real mélange of cross-cultural zingers. This site tracks borrowed, niche, hybrid, and jargon words as they land on our linguistic shores. We learn, for example, that Aussies are accepting of mollydookers, Yanks are not necessarily Japan's puroburemu. So, chillax and enjoy browsing words by country of use and or various other categories. |
 Back to Iraq 3.0www.back-to-iraq.com/ - Former AP and New York Daily News reporter Christopher Allbritton is currently in Baghdad as an independent journalist "looking for stories." He regularly updates his site with detailed, firsthand accounts of the action in Iraq. It's a gripping read from the archives to the most recent post. |
 Led Zeppelin - The Satanic Messageshttp://j1media.com/misc/sth/ - I remember, whilst growing up in the 70s that Led Zepp's Stairway to Heaven was supposed contain "backward masking" or satanic messages that could only be heard if you played the song backwards. That was hard to achieve with the day's technology. I remember taping it from vinyl to a reel-to-reel through the air and then twisting the tape around for playback. All to no avail. Everything backwards sounds satanic, and no messages were evident. Let's be thankful for the Internet. A couple of mouse-clicks and "Robert Plant's your uncle!" Play it forward, play it backwards. Don't forget to turn your speakers on. |
 X-plosive JigSaw Puzzles
Onlinewww.Crea-Soft.com/online-jigsaw-puzzle/ - Here's a neat page full of jigsaw puzzles you can do online. There are lots of categories and pictures to choose from. What I especially like is how configurable they are. Once you've chosen Easy, Average or Hard, you can toggle other options as you go such as the background and whether or not it would help to work to a ghosted or small image when the going gets tough. Lots more. |
 Have You Got PSI?www.gotpsi.org/bi/teststart.htm - ESP experts have created this slick set of online tests of extra-sensory perception. There are various things you have to see if you can work out using your third eye or special gift. If you can pass the muster, you could go on to fame and fortune! You have to register first and fill out a reasonably brief and non-intrusive questionnaire for their research purposes. I gave up after one test where my results were less than the average you'd get from random choices. Oh well, perhaps you'll do better. |
 Weight-Watchers
Recipe Cards from 1974www.candyboots.com/wwcards.html - Someone found these cards whilst helping his parents clean out their basement a few years ago. The food looks remarkably un-appetising, but what are really funny are the brief commentaries supplied with each photo. Jellied bean and mushroom salad anyone? Guaranteed not to have any calories if you don't eat it. |
 Anything For Youwww.anythingforyou.co.nz/ - We don't usually make it a priority to feature commercial sites in this section of the newsletter, but these guys seem to be onto a pretty cool idea. More power to them! "Anything for you is a site designed to help you get anything you need from, or want done in New Zealand." That pretty much sums it up. |
 Name Our Babywww.nameourbaby.net - These people need help naming their baby boy. Enter as many suggestions as you want with or without a comment. It's fun to see suggestions and comments made so far. A picture of the developing baby is provided if you need inspiration. You can even sign up to be notified when the final five possible names are decided upon. At the stage of publishing, no comments left were particularly offensive. We can't be sure this won't change, however. |
 Anecdotagewww.anecdotage.com/ - This is an interesting site full of anecdotes about famous people. There are tons of them arranged by category (though the links across the top curtain are hard to see at first). You can search for anecdotes about people you're particularly interested in. You can also click for random anecdotes if you just want to stop by briefly. Thanks again to Doug Bowker for this site suggestion. |
 ClamWin Free Ant-Viruswww.clamwin.net - ClamWin is a Free Antivirus program for Microsoft Windows NT/98/Me/2000/XP/2003. It provides a graphical user interface to the Clam AntiVirus |
 All About Ghostshttp://www.allaboutghosts.com/ - This interesting site has everything for the ghost lover. There are sections on ghost-hunting tips, interviews with famous people, well known ghost sites, photos, and even haunted stuff you can buy on eBay! |
Police closing in on net phishers: Police believe they may be on to the gang responsible for online banking scams which ripped off New Zealand banks to the tune of $100,000 earlier this year. Click here for more.
Advertisers slow to click to online ads: New Zealand's online advertising market was worth $8 million in 2003, according to the Advertising Standards Authority. Click here for more.
Online credit-card fraudster jailed: An Auckland fraudster who used credit-card numbers harvested illegally on the Internet to buy computer equipment has been jailed in one of the first convictions under new computer provisions of the Crimes Act. Click here for more.
Car pooling given boost by internet: Onewa Rd's controversial transit lane may have inspired a new car pooling scheme that could see Aucklanders use the internet to coordinate shared rides to work. Click here for more.
Wanted: Computer detectives: The police are on the hunt for employees who will enjoy catching criminals using their computer skills. Click here for more.
Minnesota woman caught in crackdown on music downloaders: A Minnesota woman who says she doesn't even know how to use her home computer has been caught up in the music industry's crackdown on people who download copyrighted music illegally. Click here for more.
Is the Netscape Browser Being Reborn or Just Stabilized?: Written off for dead about a year ago, the forefather of Web browsers, Netscape Navigator, is being resuscitated in the coming months with an updated version. Click here for more.
Bitter pill for 'cyberchondriacs': There are also thousands of websites claiming to be able to diagnose and cure illnesses online, but there are concerns about how much the information provided can be trusted. Click here for more.
Meeting your online gaming pals: Coming face-to-face with your online gaming team-mates is a different game to traditional bonding, argues Daniel Etherington of BBC Collective in his weekly games column. Click here for more.
Do web standards have a future?: In the last few months Microsoft has made a couple of very significant announcements with possibly quite negative implications for the future of a standards-based web - which has me thinking about that future, and wondering whether there even is such a future. Click here for more.
When death locks words in computers: When Tomm Purnell's uncle, Keith Cochran, died last year, Purnell's mother received two of Cochran's computers. One of them, a laptop, is password- protected, and even though... Click here for more.
Beatles in online music talks: Representatives of the Beatles are in discussions with various online music services about licensing their songs for distribution on the Internet, people familiar with the discussions said Tuesday. Click here for more.
The funny odds of online dating: Rick, a Web site developer from Columbus, Ohio, remembers his divorce nearly four years ago with an extra tinge of bitterness: His ex-wife remarried the same day, to a man she met via the Internet. Click here for more.
Syrian jailed for internet usage: Abdel Rahman al-Shaghouri, 32, received a two-and-a-half year sentence for "publishing false news that saps the morale of the nation". Click here for more.
Free was the key, says Web founder: "If I had tried to demand fees ... there would be no World Wide Web," Berners-Lee, 49, said Tuesday at a ceremony for winning the first Millennium Technology Prize. "There would be lots of small webs." Click here for more.
Surfin' 'Stead of Workin' is Common: Three-fourths of respondents to a recent Cerberian, Inc./SonicWALL survey say they spend at least 10% of their time at work surfing the Web for non-work related reasons, and quite a few may be looking at porn. Click here for more.
Windows worms tax ISPs: Computer worms will cost European ISPs an estimated €123m this year, according to a study by Sandvine. Click here for more.
Potter-mania fuels pesky virus: A pesky computer virus is taking advantage of the excitement surrounding the latest Harry Potter film. Click here for more.
German hate mail spam attack stuns experts: Mailboxes in Germany and the Netherlands were flooded yesterday with spam containing German right-wing propaganda. Spammers used the Sober.G virus... Click here for more.
Simple passwords no longer suffice: To access her bank account online, Marie Jubran opens a Web browser and types in her Swedish national ID number along with a four-digit password. For additional security, she then pulls out a card that has 50 scratch-off codes. Click here for more.
Mother's winning chatroom device: A British mother's chatroom safety device has helped win her the title of the world's top female inventor. Click here for more.
Can Utah's new anti-spyware law work?: In March of this year, Utah became the first state to enact new legislation addressing certain types of "spyware" -- with its Spyware Control Act. Click here for more.
Hard drive secrets sold cheaply: A hard drive containing sensitive information on one of Europe's largest financial services groups has been purchased on an internet auction site for just a fiver. Click here for more.
Microsoft races to deter hackers: Microsoft, the world's largest software maker, is racing to solve a flaw in its internet browser that may allow hackers access to computer systems. Click here for more.
Online Crime Engenders a New Hero: Cybersleuth: But what has become the Wild West for savvy cybercriminals has also developed into a major business opportunity for cybersleuths. Click here for more.
US moves to rein in spyware: US law-makers have taken steps towards imposing controls on hidden software that can secretly spy on online habits. Click here for more.
Web browser flaw prompts warning: Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it. Click here for more.
Microsoft slows to support customers' pace: Customers are increasingly reluctant to update major software components every few years just to keep up with Microsoft's shipment schedules. Click here for more.
Microsoft's Sacred Cash Cow: A former Microsoftie says addiction to Windows revenue, mediocre products, and missed opportunities could doom Seattle’s most successful company. Click here for more.
Microsoft challenged: Many tech-savvy users are abandoning Microsoft in favour of more reliable and secure operating systems from the open source community. Click here for more.
Gates' money-pile now bigger than galaxy: When looking at the total sum of Bill Gates' wealth we are reminded of the old Abba song. No, not Money, Money, Money, but rather SOS... Click here for more.
Dick Smith signs on for Linux: Dick Smith Electronics is the first retailer to join a Linux certification scheme launched by New Zealand's Open Source Society. Click here for more.
When users come first: The strength of the free software movement is collective focus. Michael Herman looks at the open-source philosophy in part one of a three-part series. Click here for more.
Microsoft creating Windows for supercomputers: Microsoft has launched an effort to produce a version of Windows for high-performance computing, a move seen as a direct attack on a Linux stronghold. Click here for more.
Microsoft: Linux threat is rising: More companies are using the threat of Linux when negotiating deals with Microsoft, one of the company's senior executives has admitted. Click here for more.
NSW government signs open source desktop deal: Sun Microsystems has scored a publicity coup ahead of the much-heralded arrival of Microsoft chairman Bill Gates in Australia, with a NSW government minister announcing today Sun would replace Microsoft in providing an e-mail and calendar system across 1,500 users Click here for more.
Alarms for the paranoid: It was as if a Klingon had penetrated the defences of the Starship fleet exuding evil intent and a breath made of garlic soup and diesel fumes. Click here for more.
Porn spammers ignore new rule: Spammers flooding the Internet with pornographic solicitations apparently are not abiding by a new federal rule that took effect last week. Click here for more.
Spammer Sent To Slammer: The seven-year jail term handed down to spammer Howard Carmack is a victory for everyone weary of the flood of junk mails clogging our in-boxes and challenging our mail filters. Click here for more.
Nine out of 10 U.S. Emails Now Spam: Around the globe, spam grew in May to account for 76 percent of all email traveling the Internet, according to statistics just released by MessageLabs, Inc. Click here for more.
Zombie PCs spew out 80% of spam: Four-fifths of spam now emanates from computers contaminated with Trojan horse infections, according to a study by network management firm Sandvine out this week. Click here for more.
All hail to the bards of cyberspace: I've become mesmerised by the unintentional elegance of the language of spam. It's as if some marketing matrix has been disseminating pure but encoded poetry... Click here for more.
E-mail scammers face dose of vigilante justice: On the face of it, everyone on the Internet should be rich by now. After all, you've almost surely received e-mail from at least one intriguing stranger in a far-off land offering fabulous riches... Click here for more.
Blind Get Earful of Spam Daily: Think looking at spam is offensive? Try listening to it. For the millions of blind and visually impaired Internet users around the world, using text-to-speech software is often the only way to check e-mail. But as the spam problem gets worse... Click here for more.
Spam-sending PCs could be kicked offline: "What they are doing is, spammers are becoming more like traditional marketers," Czarny said. "They are adding personalization into the spam messages they send. ... Adding your daughter's name to the subject line is likely to get you to open up the message." Click here for more.
AOL customer list stolen, sold to spammer: A former AOL employee was charged Wednesday with stealing the Internet provider's entire subscriber list -- over 30 million consumers, and their 90 million screen names -- and selling it to a spammer. Click here for more.
Web-cheat student to sue university: A student who was booted off his degree course for plagiarism is to sue the university. He says tutors at the University of Kent should have spotted what he was doing and stopped him sooner. Click here for more.
Net games lure 'bored housewives': While hardcore online gaming remains the preserve of young men, research firm Screen Digest found that "bored housewives" are fuelling the growth of other games offered on the net. Click here for more.
From the Microsoft Rumour Mill: Error messages reputed to be included in the next version of Windows...
Thanks again
for reading the Actrix newsletter. Feedback can be sent to me via the e-mail address
listed below. Please limit this to comments/suggestions regarding the newsletter. Requests
for support should go to the Actrix Help Desk (support@actrix.co.nz)
or to the Accounts Department (accounts@actrix.co.nz).
Take care through July,
Rob Zorn
editor@actrix.co.nz
http://editor.actrix.co.nz