WINS Email Lists - The Opt-in email lists seem to be functioning, but I'm not certain all enrolled members are receiving list mail. If you are enrolled on the WINS Talk list and NOT receiving list mail, please let me know.

IMPORTANT NOTE: When you enroll on the email lists the system sends you a welcome email. Please do not delete this email because it contains links and information you will need. One of the Mailman list software features is that each user has their own control panel (CP) and they can modify several things that effect their list participation. The user can even stop list mail while they are on vacation or a business trip without unsubscribing from the lists, and restart it again when they return. Another feature is the monthly reminder sent by the system, which contains their CP access data and necessary links. Opting not to receive the monthly reminder means you had better have a great memory, because it's the only source for that data. I haven't found any way to access it so it's a real good idea to keep that welcome email.

IT News - A few August alerts from Panda Software that you should know about:

1. Zotob and IRCBot worms continue to spread and proof of the threat posed by these new malware specimens is that companies and media like DaimlerChrysler, Kraft Foods, UPS, General Electric or the Financial Times, have joined those initially affected, like CNN, ABC, The New York Times, Caterpillar and the US Congress. The fact that the ABC TV network had to use electric typewriters to finish their World News Tonight news program shows the seriousness of these attacks.

In order to protect yourself against these new malware specimens, it is highly advisable to download and install the update released by Microsoft.

2. Mitglieder.EK is a Trojan whose main aim is to end process related to antivirus or firewall applications, as well as their update routines, by deleting, modifying or creating keys in the Registry. It also creates a Registry key to ensure that it is run whenever the affected computer is started up. What's more, it tries to download a file called OSA4.GIF, which passes itself as an image, but is actually an executable file. Like all Trojans, it cannot spread through its own means and therefore must be distributed manually, via email, P2P programs or other means.

3. Zotob.A and Zotob.B are two worms that work in the same way, which exploit a buffer overflow vulnerability in the Windows Plug and Play service, reported by Microsoft in its bulletin MS05-039, and affects Windows 2000, Windows XP, and Windows 2003 Server. These worms spread by exploiting this vulnerability; generating random IP addresses which they try to connect to through port 445 and checking if the computer is vulnerable. If they find the vulnerability, they install an FTP server on the affected computer and try to download of copy of themselves through TCP port 33333. When they reach affected computers, they carry out two actions: they block access to the websites of antivirus companies and open a backdoor in the affected computer and wait to receive commands through IRC, which include downloading, running or deleting files.

4. Zotob.D, IRCBot.KC and IRCBot.KD are three other worms with very similar functioning, and like the previous worms, they also try to spread by exploiting the vulnerability in the Plug and Play service. These worms also generate random IP addresses to which they try to connect through port 445, searching vulnerable systems. If found, they will send instructions to download a copy of the worm by TFTP. The actions carried out vary depending on the worm: Zotob.D deletes different adware or spyware programs as well as the previous variants A, B and C. IRCBot.KD tries to end the processes related to previous versions of both Zotob and IRCBot, as well as other malware. The characteristic they share is that they open a backdoor through which they receive commands via a connection to certain IRC channels.

These three worms have hit a significant number of US corporations, generating an orange alert. To avoid infection, users are advised to keep antivirus software updated and apply the patch that fixes the Plug and Play vulnerability.

5. ModemSpy is a hacking tool. Although it is actually a legitimate application, it can be mal-used in the hands of hackers. This software allows a hacker to record phone conversations and play them back or send them out via email, identify callers or even record messages, using a microphone. What's more, it has a function that allows it to go unnoticed by the user, thanks to its stealth mode.

6. Hupigon.BS is a backdoor Trojan designed to receive remote commands. The actions this malicious code can carry out on affected computers include intercepting keystrokes, as well as stealing, downloading and running files. What's more, it can capture screenshots or check the processes that are running. To do this, it injects its own dynamic link library (DLL). Another backdoor Trojan, Fuetel.T, is closely related to Hupigon.BS, as it installs this malicious code on the system.

Like other malicious code of this kind, both Hupigon.BS and Fuetel.T cannot spread through their own means, but need to be manually distributed by a malicious user. The means of distribution used vary and include floppy disks, CD-ROMs, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.

7. KGBSpy is a hacking tool. These programs, which are legitimate tools and useful when used correctly, can be used by hackers for malicious purposes. KGBSpy logs the keystrokes entered by the user and filters them so that only the characters typed are logged. One of the main dangers of this malicious code is that it can be run in stealth mode and therefore, the user will not know that it is installed. KGBSpy can automatically send out the information it collects via email or FTP.

8. Another hacking tool is Cmdow.A, a command-line utility that does not need to be installed on the computer to carry out its actions. Cmdow.A affects the windows that are opened on the system so that it can move them, change their size or rename them, for example. Even though Cmdow.A is not dangerous in itself, it can be used to prevent the user from noticing the windows that are opened by the programs being run or installed.

9. Processor is another command-line application that can be executed locally or remotely. It is programmed to collect information about the processes running on the affected computer and can end them, close them or even open them again later on.

10. Updates are available for Adobe Version Cue, Acrobat and Reader (08/25/05). Over the last few weeks, two updates for Adobe products have been released that fix two security flaws. The first affects Adobe Version Cue for Mac OS X, whereas the second update resolves a critical vulnerability in Adobe Acrobat and Adobe Reader for Windows, Mac OS, Linux and Solaris.

Lastly, I have been receiving variations of eBay "phishing" email with subjects like, "eBay Change Email Notice" and "Notification of Limited Account Access". If you receive either these email don not respond or use the hyperlink they provide, delete them. They are only trying to get you to provide them with your access information. Don't be one of the 400 million that respond daily and get taken to the cleaners.

Auction Update - Auction 31 is scheduled for October 1 - 8. Lots are now being accepted.

Christmas Auction Scheduled - If you'll remember back to Auction 25, I opened the auction up to the handiwork of members and other sort of related collectibles as long as each lot contained a hobby-related item. I promised I'd do it again and I think the Christmas auction is the perfect time so get your special coins, handiwork and collectibles together and let's have a great Christmas auction. If you're wondering if an item will be acceptable, let me know what it is and I'll let you know. Auction 32, the Christmas Auction is scheduled for November 19 - December 3. If anyone is interested, here's one of the items I'm thinking of offering (with a coin of course) - "Sailor's Dream".

Thanks for readin' and "See ya' at the auction".