News Archives from 2001 (December 01 - December 31, 2001)
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
26 December 2001 - New Safe v17.6 Available
Zbigniew `Zeeball` Trzcionkowski released his latest freeware virus
dicovering system. Safe informs about attack and removes virus from
memory if possible. This latest update can be found by following the
above link.
New in v17.6
- nothing
WatchDog v1.5:
- Harrier generic memory removal
- Vaginitis clones generic memory detection
Integrity v1.0:
- first working GUI-based version of integrity checker
21 December 2001 - VHT-DK: Antivirus Programmer Poll Has 10 Days Left
The poll for the Amiga antivirus programmer that has done the most for
the Amiga scene in 2001, was started Oct 21st. Since it only runs to the
end of this month, please head over to vht-dk and place your vote. Once
per day voting is allowed.
17 December 2001 - VHT-Denmark Latest News
Virus Help Denmark announced that new virus translations have been
added to the Amiga Virus Encyclopedia.
16 December 2001 - Holiday Giving Idea From VHT-Canada
How about sending a little something, to some of the Amiga programmers
that have supported you through the years. Even if you just choose your
two or three favorite or most useful programs. Over the years a number of
our Amiga programs have gone from sharware to freeware. Maybe it it time
to say 'thanks for a job well done.' You will surely be blessed !!
... Jesus is the reason for the season, but Amiga users are the reason
Amiga programmers hammer away at their keybords getting stuff out to us.
16 December 2001 - XAD Unpacks ZIP Archives For VirusChecker To Test
For quite some time, VirusChecker has been unable to unpack and virustest
any ZIP archives. I have now managed to unpack .zip archives quite nicely
with Dirks XAD shareware package. Please remember to support all our
excellent Amiga programmers, even if their particular program has gone
from shareware to freeware. You may not realize what a God-send they
are, until something goes wrong. Thanks !!
These directions will always be available on the VirusChecker links page
a) get the XAD package (remember this is shareware)
b) install xadmaster.library and accompaning files
c) place the c: directory files in c:
there will be a file called 'c:xadunfile'
d) start VirusChecker-II and go to the prefs
e) add/edit for ZIP:
Name: ZIP
Offset: 0
Data: PK
Command: c:xadunfile "%s" "%s"
f) save your settings, and you will be finished
16 December 2001 - XAD Unpacks ZIP Archives For VirusZ To Test
For quite some time, VirusZ has been unable to unpack and virustest any
ZIP archives. I have now managed to unpack .zip archives quite nicely
with Dirks XAD shareware package. Please remember to support all our
excellent Amiga programmers, even if their particular program has gone
from shareware to freeware. You may not realize what a God-send they
are, until something goes wrong. Thanks !!
These directions will always be available on the VirusZ links page
a) get the XAD package (remember this is shareware)
b) install xadmaster.library and accompaning files
c) place the c: directory files in c:
there will be a file called 'c:xadunfile'
d) start VirusZ and go to the archive options
e) add/edit for ZIP:
Name: ZIP
Offset: 0
Data: 'PK'
Command: c:xadunfile %f %P
f) save your settings, and you will be finished
09 December 2001 - New Xvs.library v33.37 Released
Georg Hörmann and Jan Erik Olausen, have released the latest version of
the antivirus External Virus Scanner Library. This new update of the
xvs.libary can find and remove the new Bobek-3 linkvirus, and also more
stuff added to the xvs.library.
08 December 2001 - Both Virus Test Files Availalble on Links Page
Both of the Virus Test files, that can be used to test the usefullness
of your anti-virus software, are now available on the Links Page.
W A R N I N G: These testfiles are not for the faint of heart
Virus Test Files available are:
* EICAR Virus Test File at Virus Help Denmark
* TestVirus Test File at Dirk Stoecker's Anti-Virus Site
08 December 2001 - EICAR Virus Test File at Virus Help Denmark
The EICAR test file is designed for users and administrators who want
to check the proper operation of their anti-virus software without
using actual viruses. This file is very much like what the TestVirus
file does. It works with our Amiga Anti-Virus software, as well at the
PC. This file is only available from the Virus Help Denmark site.
There is now permanent link to this file on our Links Page.
08 December 2001 - VHT-DK Warning: New 'Bobek-3 linkvirus' Found
Virus Help Demark says a new linkvirus has been found a few days ago,
we are not sure if this virus is in the wild. It was send to directly
to Zbigniew Trzcionkowski (The programmer of Safe). Zbigniew received
one infected file. This new virus, is a clone of the "Bobek-2" linkvirus,
and is named "Bobek-3". This is able to disable the antivirus programs,
We do not know if this virus was released in any way, so if you get a
requester poping up, telling you that something is trying to disable
the xvs.library, please let us know.
This is what we know of the virus:
Virus name: Bobek-3
Virus Type: Linkvirus
Virus size: about 2.000 bytes (Uses polmorphic engine)
Follow the above link for viruswarning - file is named vht-dk112.lha.
* Click here for VHT-DK Virus Warning vht-dk112 Readme
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
08 December 2001 - VHT-DK Warning: Two Trojan's Found On Aminet
This is an update to the December 6th warning from Aminets MOTD.
Virus Help Demark says two archives found on Aminet contains a new
trojan. It is said to be AGA demos, but if you run these demo's on a PC
using 'WinUAE', your system will be deleted. These 'trojan demos' comes
from a Polish demo group. Why they would program something like this, I
don't know.
This is some info about the two archives:
Trojan name... : AME-DSD Trojan (Name might be changed later)
Trojan name... : PSL-KMJ Trojan (Name might be change later)
------------ Code start -----------------------
Warning!!! UAE System for lamers detected!!!
- System will reboot after mouse button...
run c:delete s:startup-sequence force quiet >NIL:
------------ Code end -------------------------
Follow the above link for viruswarning - file is named vht-dk113.lha.
* Click here for VHT-DK Virus Warning vht-dk113 Readme
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
07 December 2001 - Virus Checking Testfile Released And Online
W A R N I N G !!!
[ These testfiles are not for the faint of heart ]
Zeeball (Anti-virus programmer of Safe), and Dirk Stoecker (Anti-virus
programmer of CheckX and other Amiga programs), have released a VirusTest
file. This archive includes a set of testfiles for virus checkers. These
files will be reported as virus infected if your anti-virus system is
properly installed. As Zeeball and Dirk says, if your software does not
report back that the files are virus infected, you should update or
change your system. If you are ready to test how well your anti-virus
stacks up, follow the subject link above. Be sure to read everything.
02 December 2001 - Safe v17.5 Released
Zbigniew `Zeeball` Trzcionkowski released his latest freeware virus
dicovering system. Safe informs about attack and removes virus from
memory if possible. The archive is named Safe175.lha, and can be found
on the downloads page, by following the above link.
New in v17.5
- fixed stealth warning - now it is switched off by default, type 'SAFE
SW' to check for stealth engines in memory (AFAIR someone asked for it,
but I had some trouble with modem and mailbox, so sorry)
WatchDog v1.4:
- small fixes
There might still be bug with 060 caches - please report if WatchDog
crashes on any 060 boards. (as above, someone has reported)
Integrity:
In one sentence:
I had no time to do anything in that topic, however in the bonus
directory you can find beta version, but I take no responsibility for it,
but, of course, please report all possible bugs you get in muForce and so
on...
* French and Polish Documentaion for Safe
* Click here for SafeDocs-Extras v1.0
* Click here for SimpleHTML to read Safe Docs
02 December 2001 - VHT-DK: Antivirus Programmer Poll In The Last Month
The poll for the Amiga antivirus programmer that has done the most for
the Amiga scene in 2001, was started Oct 21st. Since it only runs to the
end of this month, please head over to vht-dk and place your vote. Once
per day voting is allowed.
Top of Page
Windows
21 December 2001 - F-PROT and F-PROT for Windows v3.11b Released
Frisk Software International has a new F-Prot Antivirus version 3.11b
available now. There is also a trial version online.
* Read more about FP-WIN Anti-virus Program here
* See Download page for details on how to get your own copy of F-PROT
* Get the Trial Version here
* F-Prot Antivirus for DOS
* FTP site for F-Prot Antivirus Software
20 December 2001 - DAT / SDAT 4177 McAfee Total Virus Defense Update
The DAT File for weekly v4x 4177, and SuperDat File for v4x 4160/4177
are now available on Network Associates website.
Dr Solomon's VirusScan customers download here.
For more information on the use of the dat files, please see the
NAI's readme.txt. or download VirusScan v4.5 Admin Guide.
* Click here for VirusScan Emergency DATS
* Click here for NAI FTP Site
20 December 2001 - Updated .def Files Available for F-PROT
Frisk Software International has new Sign.def file available. Also there
is the Sign2.zip file which contains only the sign2.def without the
sign.def file and, as a result, it is quite a bit smaller than both def
files together. These updates have been available since Dec 19, 2001
* The updates are available now at ftp://ftp.complex.is/pub/
fp-def.zip 885Kb plus fp-def.asc
sign2.zip 228Kb
20 December 2001 - Latest Macro.def for F-PROT Released
Frisk Software International has a new Macro.def for F-PROT. This version
of Macro.def was last modified/changed on: December 16, 2001
* See ftp://ftp.complex.is/pub/ for:
macrdef2.zip 208Kb
20 December 2001 - CERT Advisory CA-2001-36
Microsoft Internet Explorer Does Not Respect Content-Disposition and
Content-Type MIME Headers. The CERT Coordination Center says Microsoft
Internet Explorer contains a vulnerability in its handling of certain
MIME headers in web pages and HTML email messages. This vulnerability
may allow an attacker to execute arbitrary code on the victim's system
when the victim visits a web page or views an HTML email message.
The CERT/CC is tracking this vulnerability as VU#443699, which
corresponds directly to the "File Execution" vulnerability described
in Microsoft Security Bulletin MS01-058.
* Click here for CIAC Bulletin Number M-027
* Click here for Microsoft Security Bulletin MS01-058
Microsoft TechNet Security's latest bulletin outlines "Cumulative Patch
for IE". This is a cumulative patch that, when installed, eliminates all
previously discussed security vulnerabilities affecting IE 5.5 and IE 6.
In addition, it eliminates three newly discovered vulnerabilities.
13 December 2001 - AVP Virus Alert: I-Worm.Gokar
Kaspersky Lab has detected a new Internet-worm : I-Worm.Gokar. At the
moment, there are already several reported cases of infection by this
program. The worm spreads by e-mail and Internet Relay Chat (IRC)
channels.
* Click here for F-Secure Gokar Report
* Click here for NAI W32/Gokar@MM Report
Aliases: I-Worm/Gokar (Prognet), W32.Gokar.A@mm (NAV),W32/Gokar.htm
Win32.ar (CA), Wn32.HLLW.Karen (DrWeb), WORM_GOKAR.A (Trend)
13 December 2001 - DAT / SDAT 4176 McAfee Total Virus Defense Update
This 4176 DAT has been released due to improved detection of W32/Gokar@MM
DAT File for weekly v4x 4176, and SuperDat File for v4x 4160/4176
are now available on Network Associates website.
Dr Solomon's VirusScan customers download here.
For more information on the use of the dat files, please see the
NAI's readme.txt. or download VirusScan v4.5 Admin Guide.
* Click here for VirusScan Emergency DATS
* Click here for NAI FTP Site
13 December 2001 - Updated .def Files Available for F-PROT
F-Prot's signature files have been updated to recognize the new
W32/Gokar.A@mm worm.
Frisk Software International has new Sign.def file available. Also there
is the Sign2.zip file which contains only the sign2.def without the
sign.def file and, as a result, it is quite a bit smaller than both def
files together. These updates have been available since Dec 04, 2001
* The updates are available now at ftp://ftp.complex.is/pub/
fp-def.zip 849Kb plus fp-def.asc
sign2.zip 193Kb
08 December 2001 - EICAR Virus Test File at Virus Help Denmark
The EICAR test file is designed for users and administrators who want
to check the proper operation of their anti-virus software without
using actual viruses. This file is very much like what the TestVirus
file does. It works with our Amiga Anti-Virus software, as well at the
PC. This file is only available from the Virus Help Denmark site.
There is now permanent link to this file on our Links Page.
06 December 2001 - DAT / SDAT 4175 McAfee Total Virus Defense Update
This 4175 DAT has been released due to improved detection of W32/Goner@MM
DAT File for weekly v4x 4175, and SuperDat File for v4x 4160/4175
are now available on Network Associates website.
Dr Solomon's VirusScan customers download here.
For more information on the use of the dat files, please see the
NAI's readme.txt. or download VirusScan v4.5 Admin Guide.
* Click here for VirusScan Emergency DATS
* Click here for NAI FTP Site
06 December 2001 - Kaspersky Labs Red Alert: I-Worm.Updater
Kaspersky Labs reports the detection of the latest Internet worm,
I-Worm.Updater. At this time, several reports of infection by this
malicious code have been reported. Updater is written in Visual Basic
Script (VBS), and the worm itself is an EXE file about 12Kb in length,
compressed in a UPX utility. The worm spreads via e-mail by gaining
access to the Outlook address book.
06 December 2001 - Free Treatment CLRAV Utility for thwarting Goner
In response to the wide-spreading infections caused by the Internet
worm Goner, Kaspersky Labs has developed a utility for the detection
and deletion of the malicious code contained in Goner. They are
offering this utility to users free of charge. In addition to
effectively fighting the Goner Internet Worm, the utility also thwarts
the network worms SirCam, Navidad, BleBla. CLRAV is also useful for
users of other anti-virus programs that may not be able to properly
detect and delete Goner.
06 December 2001 - Goner Worm Is Not A Goner Yet
Experts said there were signs that Goner's infestation was slowing,
but that it was likely to persist into next week. An antivirus
consultant for Sophos Anti-Virus in the UK said it was likely that the
number of Goner victims would be in the hundreds of thousands before
it disappeared from view. (ZDNet)
* Click here for Help & HowTo: Goner
Most of the antivirus software companies have updated their signature
files to include this worm. For more information on removing this
Goner from your system, see Central Command, F-Secure, Kaspersky,
Sophos, Symantec, and Trend Micro. (ZDNet)
05 December 2001 - Updated .def Files Available for F-PROT
F-Prot's signature files have been updated to recognize the new
W32/Goner.A@mm worm.
Frisk Software International has new Sign.def file available. Also there
is the Sign2.zip file which contains only the sign2.def without the
sign.def file and, as a result, it is quite a bit smaller than both def
files together. These updates have been available since Dec 04, 2001
* The updates are available now at ftp://ftp.complex.is/pub/
fp-def.zip 834Kb plus fp-def.asc
sign2.zip 182Kb
05 December 2001 - Goner: ICQ-loving Internet-Worm
Kaspersky Lab, and many more sources, announce the detection of a new
mass mailing Internet-worm I-Worm.Goner. Reports of infection by this
malicious program already have been reported in many countries
throughout the world.
* Goner proves social viruses still a threat
The Goner worm, which relies on the inquisitive computer user to spread,
shows that gullible users are still their own worst enemy (ZDNet)
* Goner virus/worm (December 2001 hysteria)
Article at Vmyths.com, says that panicky users may overwhelm antivirus
websites as they try to update their software. Antivirus vendors will
do everything in their power to support customers, but they still can't
provide updates all at once to the entire planet. (VMyths.com)
* Things you should remember when virus hysteria strikes
Don't ask why the virus attacked so quickly -- ask why it attacked at
all. Didn't the experts learn anything when Melissa and Chernobyl burned
the Internet to the ground in 1999? Didn't they learn their lessons when
ILoveYou completely re-destroyed the Internet in 2000? If a virus expert
says "we learned enough to react in minutes instead of hours," then you
should ask why we still respond to viruses after the fact. (VMyths.com)
05 December 2001 - DAT / SDAT 4174 McAfee Total Virus Defense Update
DAT File for weekly v4x 4174, and SuperDat File for v4x 4160/4174
are now available on Network Associates website.
Dr Solomon's VirusScan customers download here.
For more information on the use of the dat files, please see the
NAI's readme.txt. or download VirusScan v4.5 Admin Guide.
* Click here for VirusScan Emergency DATS
* Click here for NAI FTP Site
05 December 2001 - VirusScan 4.5.1 SP1 Is Now Available
Arizona State University says McAfee VirusScan 4.5.1 Anti-Virus Software
Service Pack 1 has been released. This Service Pack adds compatibility
with Microsoft Windows XP operating system, increased protection of the
VirusScan program files from potential security risks and resolution of
issues that became apparent in the field. Note: VirusScan 4.5.1 must be
installed before you can install Service Pack 1!
Top of Page
Macintosh
21 December 2001 - Updated Virex 6.x DAT For Scan Engine Available
Networks Associates Technology, Inc. has the current Macintosh anti-virus
software Virex Scan Engine Version: 4131, which includes this updated
Virus Definition file: 4176. Further information in Virex Release Notes
for this Virus Update. Please note that these updates do not work with
Virex v7.0.
* Virex FTP Site at ftp://ftp.nai.com/pub/antivirus/datfiles/mac/virex
13 December 2001 - DAT File Update for Virex 7 Available
Networks Associates Technology,Inc. has updated the McAfee Virex 7 Update
to DAT Version: 4174. This software can only be used to update Virex 7.
Further information in Virex 7 Release Notes for this DAT Update.
05 December 2001 - Virex Update To Virus DAT For Scan Engine Available
Networks Associates Technology, Inc. has the current Macintosh anti-virus
software Virex Scan Engine Version: 4131, which includes this updated
Virus Definition file: 4171. Further information in Virex Release Notes
for this Virus Update.
* Virex FTP Site at ftp://ftp.nai.com/pub/antivirus/datfiles/mac/virex
Top of Page
Linux
21 December 2001 - F-Prot Antivirus v3.11b For Linux Now Available
Frisk Software International has a new v3.11b of F-PROT Linux x86. Read
more about F-Prot Linux Anti-virus Program here.
* Click here to download Linux version for FREE
The update has been available since December 21st, 2001 at
ftp://ftp.complex.is/pub/
* December 21 2001 releases
GNU Compr. Tar fp-linux_311b_beta_x86.tar.gz 1473Kb
20 December 2001 - Latest Embedded Linux Newsletter
LWN.net Daily news announced that the LinuxDevices.com Embedded Linux
Newsletter for December 20 is out, with the usual gathering of news
from the embedded Linux community. Responses to Microsoft's attack on
embedded Linux are the main topic this week.
20 December 2001 - Latest Linux Weekly News Released
LWN.net Weekly Edition for December 20th, 2001 has been published. Some
of the security items are: Closed source rumor vulnerability; the FBI
at work, security resources, reports and updates
13 December 2001 - Latest Linux Weekly News Released
LWN.net Weekly Edition for December 13th, 2001 has been published. Some
of the security items are: Governments choose Linux, security reports &
updates, AES standard published
13 December 2001 - Embedded Linux Newsletter
LWN.net Daily says the LinuxDevices.com Embedded Linux Newsletter for
December 13 is out, with the usual roundup of news from the embedded
Linux community.
13 December 2001 - Debian Weekly News for December 12
LWN.net Daily says here's the Debian Weekly News for December 12. Covered
topics include Debian at FOSDEM, the best way to contact bug submitters,
the Debian menus policy, and more.
13 December 2001 - Mandrake Linux Community Newsletter
LWN.net Daily says the Mandrake Linux Community Newsletter for December
12 is available. Covered topics include a review of the Mandrake 8.1
Gaming Edition, OpenOffice, the business case of the week, and more.
06 December 2001 - Latest Linux Weekly News Released
LWN.net Weekly Edition for December 6th, 2001 has been published. Some
of the security items are: Fun with wu-ftpd; OpenSSH updates.
06 December 2001 - Embedded Linux Newsletter for December 6
The LinuxDevices.com Embedded Linux Newsletter for December 6 is out,
with the usual comprehensive collection of news from the embedded
Linux community. (LWN daily)
06 December 2001 - Debian Weekly News for December 5
The Debian Weekly News for December 5 is out. Covered topics include
Ximian's Debian packages, the Woody freeze, LDP documents, and more.
(LWN daily)
Top of Page
Miscellaneous
13 December 2001 - The FBIs Magic Lantern Shines Bright
Kaspersky Lab says the FBIs latest cloak-and-dagger tool has attracted
the attention of virus writers. The rumors surrounding the US Federal
Bureau of Investigations developing of its own Trojan program, Magic
Lantern, has drawn interest from the computer underground. On December
11, it was discovered that a seventeen-year-old Argentinean hacker, going
by the pseudonym of Agentlinux, has developed a Trojan that poses as the
widely advertised Magic Lantern.
06 December 2001 - AV Vendors Split Over FBI Trojan
Security Focus has an article by The Register writer, that says in part,
"Antivirus vendors are at loggerheads over whether they should include in
their software packages detection for a Trojan horse program reportedly
under development by the FBI. Magic Lantern, which would be an extension
of the Carnivore Internet surveillance program, takes the idea one step
further by enabling agents to place a Trojan on a target's computer
without having to gain physical access."
* Click here for additional story 'Magic Lantern Rubs the Wrong Way'
Anti-virus products could detect the FBI's new spyware. But should
they? As first reported by MSNBC, Magic Lantern is a program under
development by the FBI that watches and records end-users' keystrokes.
The goal is to catch the passphrase of an otherwise uncrackable cipher
from a bad guy's system.
05 December 2001 - Hackers Get Into Instant Messaging
Instant messaging programs are proving to be as vulnerable to hacking
attacks as email - and the security problem is set to grow. The most
popular providers are America Online, which has a stand-alone program
that works outside the AOL network, Microsoft Corp's MSN Messenger, and
Yahoo! Inc's messenger service. (ZDNet)
Top of Page
Back to the News Archives page