WINS Member Passes - In early March, a dear friend of WINS' body gave up on him and he passed away after a long and valiant fight. I feel that I was one of the fortunate in that I was able to spend a weekend with Joe and Mel, and attend a show with Joe and friends a couple of years ago. But, Joe was more to many of us than just another collector. Joe had a way of bringing the talk list to life with his various games, contests and stories, and he helped many WINS members behind the scenes making it possible for many of us to continue in the hobby even when times were tough. For those of us that often have difficulties sleeping, Joe kept the early mornings interesting. They will be infinitely quieter now. Joe was my riend and truly "THE" WINS ambassador. Rest peacefully my friend, will miss you.

2008 National Money Show - Phoenix, March 7-9. Doug Prather, WINS#294, drove over a 1,000 miles to stay a couple of days in my neck of the woods before we headed off to the money Show in Phoenix. Whenever I've traveled in the past, like most I'd try to find the most cost effective places to stay and be frugal with what I spend on food. After all, that means more money for coins and stuff, right? Well, it wasn't like that this on trip. Doug treated me to the vacation I've never had - everything first class, accommodations, food and transportation, everything. The show itself was it the largest coin show I've ever attended, I found out when we entered that Doug was even one of the show sponsors. The shear size of the show was almost overwhelming. I heard something about 500 dealer tables and I've never seen so many coins and bills in my life. There was so much to see I never even got around to viewing the goodies that the ANA offered. Actually, there was so much to see I forgot to sit down and rest my legs like I'm suppose to and they are just now starting to recover, but I'd do it again in a heartbeat. Thank you my friend, it was a trip I will never forget. They simply don't come any better than WINS members!

WINS Email Lists - Over the last several weeks it has become apparant that my ISP isn't the only one having some email server issues. Several member's email addresses have suddenly started bouncing posts for days on end, and most of the time I can't even get an email through to them to verify their status. If you suddenly stop receiving List mail, you might ask your ISP if they have made any changes or check your SPAM mail box to see if the List mail has been redirected. If you are experiencing any list problems please let me know. I'll do what I can to help get it fixed.

Web Site Pages Updated - Posts to the wins-talk List in recent months have led me to review and modify the opt-in email list Posting Rules found on the "EMAIL LISTS" page. Primarily, what can be posted needed to be clarified, as well as, a few of the things we don't talk about on the lists. I understand that these updates aren't likely to please everyone, but the Board feels they are less ambiguous now.

After several requests to update the main site page, "HOME", with the WINS token logo, it has finally happened. The token logo has been reworked for clarity and incorporated on the page. Now all we need now is to update the text on the page and it'll be finished.

Please use the links at the top of the page and review these changes.

Infection and Malware Alerts - Below are some new and continuing problems to keep your eye out for. Information source, Panda Software.

Problematic Virus/Worm/Trojan infections causing problems in March/April:
Worm Bagle.RP, Worm Bagle.RC, Worm Bagle.SB, Worm Puce.E, Worm Bagle.HX, Worm Bagle.QV, Worm Archivarius.A, Trogan Rebooter.J & Trogan Downloader.SZW .

Problematic Spyware in March/April:
Virtumonde - designed to log keystrokes entered by users while they surf the Web and sporadically display adverts.

Problematic Adware in March/April:
VideoAddon, NaviPromo, Lop, Zango, SaveNow, SecurityError, Comet, Starware, OneStep & SpyAxe.

New Worm: Winfake.A
Winfake.A is a worm that infects all available drives. It also prevents certain utilities, functions (like regedit) or the Windows console from being run, and hinders the normal use of the clipboard.

The worm appears as a Microsoft Word icon called Love. Once run, it makes several copies of itself on the system and names them after songs to entice users to run them.

New Worm: FakeDeath.A
Distributed in junk emails announcing Fidel Castro's death, the emails contain a link to a video. If the user clicks the link, they will become infected. To trick them, the malicious code displays a false story announcing Castro's death.

The worm downloads multiple copies of itself to P2P application shared folders and creates a key in the Registry Windows to ensure it is run every time the system is started up.

New Worm: Autorun.RS
When run, Autorun.RS releases two files on the computer designed to steal passwords for online games.

New Worm: RenameLoi.A
When run for the first time, the worm displays a beeping Internet screen with a green background and a religious text, which it establishes as the Internet Explorer home and search page, and which it displays every time the PC is restarted.

When the computer is started, it shows another screen, with the text "[Day of judgment]". To spread, this worm copies itself to the removable drives on the computer and to the system. Additionally, it modifies the Internet browser home and search page and carries out annoying and malicious actions like hiding files with system file attributes.

New Worm: Rungbu.D
This worm is designed to copy itself to all system drives. It also modifies certain Windows registry keys in order to carry out malicious action including hiding file extensions, changing Microsoft Word icons for another icon included in the worm's code and executing itself on every system restart.

New Trojan: Keylogger.DB
This trojan exploits a vulnerability in Access, Microsoft's Access database application. This Trojan is designed to capture key strokes so that it can get any information entered by the user on web pages.

New Trojan: EbayRob.B
A Trojan designed to steal data entered in online forms on sites like eBay. This data is later sent to the malware creator by email.

EbayRob.B modifies the Windows Registry in order to register itself as a service, which allows it to run automatically every time Windows is started up. It also edits the hosts file to redirect access to a series of websites to the affected computer. By doing this, the Trojan will be able to monitor access to those addresses. When run by the user, EbayRob.B displays a series of cars photos.

New Trojan: Banker.KTG
This Trojan spreads by using social engineering techniques. In this case, the bait is a link to a video that users receive via email. If the user tries to play the video, a message is displayed informing them that they need to download a video codec to view it. However if they do it, they will actually be downloading a copy of the Nabload.DCH Trojan onto their computer.

To avoid raising suspicion, the Trojan redirects users to a page where they can watch a video while it drops a copy of the Banker.KTG banker Trojan to the computer. Banker.KTG is designed to steal information entered through virtual keyboards, one the security measures implemented by many online banks.

New Trojan: MonaRona.A
This Trojan also uses social engineering techniques to spread, in this case, by offering users the possibility of downloading the Unigray application.

Once it has reached the computer, the Trojan displays a warning message identifying itself as a virus that has been created to protest against human right violations. This malware has been designed to carry out malicious actions like disabling the Task Manager or end processes belonging to certain applications.

New Trojan: Bankolimb.AF
This Trojan drops several libraries on the computer, one of which is registered as a BHO (Browser Helper Object). This allows it to monitor the Internet activity of the user, monitoring when they access online bank pages, and adding fields to forms that users see on these pages, in order to collect additional information.

The Trojan captures keystrokes to steal passwords entered into these pages. It then sends the information to its creator, uploading a file with the data to a server.

New Trojan: Nakuru.A
This Trojan slows down the infected computer's Internet connection. It also modifies the Internet Explorer windows by including the title: "Welcome to Your New Home Page".

New Trojan: Selex.B
This Trojan designed to capture system information and send it to its creator; it steals email addresses from the infected computers to spam them. To fool users, the first time it runs, it displays a page which looks like it's downloading a download manager called: "Fastlane Downloader 3.34b" .

New Trojan: QQHelper.Z
Designed to drop two rootkits on computers in order to hide its processes, thereby making it more difficult to detect. This Trojan connects to a web page and also makes a series of modifications to the system including adding a link in the Favorites folder.

Malicious Adware: AntispywareMaster
This adware simulates an antispyware program to trick users into installing and running it on their computers. This adware also creates shortcuts in the Start menu and on the Desktop. When run, it appears as if it is scanning the computer for malicious code, displaying random 'detection' results.

This malicious code also contains information about the infections to display. So this 'antispyware' already knows the malicious code it will detect before it has even begun to scan the computer. Once the supposed scan has finished, if users try to disinfect their computers, they will be taken to a web page from which they can buy the product.

Auction News - Our Vice President, Doug Prather, WINS#294 has taken on the task of running "Joe's Hat Drawing" and will be accepting the donations (or the data), making the list and performing the actual drawing. If you would like to share part of your collection like Joe did for so many years with fellow members, please send your donation (or data) to Doug. If you would like to donate one or more hobby-related items, but would prefer to remain anonymous you can send those items directly to Doug.

Auction 49 is currently scheduled to run from April 26 until May 3, 2008, and seller data is now being accepted.

2008 Auction Schedule - The tentative auction schedule is posted on the main auction index page (linked at the top of the page). Sellers, data for the next auction may be submitted at any time.

As always, your comments and suggestions are welcome.

Thanks for stoppin' by.  "See ya' at the auction".
JD White
WINS#7, Operations Admin