Common Intrusions and Fixes

CERT Advisories
For the most current and up to date advisories and fixes on intrusions, please visit:

US-Cert Alerts, Cert Current Activity, and Cert Advisories

Common Windows Viruses - What To Do

 * W32/SwenA
 * Klez.H
 * Elkern.C
 * SirCam
 * Homepage / VBSWG.X
 * Funlove / Win32.FLC
 * VBS/SST VBS/OnTheFly AnnaKournikova Worm
 * Shockwave, Creative, ProLin Worm
 * Life Stages Worm; Removal Tool
 * HAHAHA, Hybris, Snow White Worm
 * Groovie Virus
 * W32/Navidad Worm
 * VBS/LoveLetter Worm
 * Pretty Park, "W32Pretty.Worm".
 * Buddy List Trojan Horse
 * Trojan.AOL.Buddy, "Penny Tools Trojan"
 * W32/KRIZ.3862, W32/KRIZ.4092, W32/KRIZ.4050
 * Cool APStrojan.qa, W95 Troan.Cool, AOL.PS.Trojan
 * ColdApe
 * Happy99 Worm
 * Melissa Virus
 * NetBus, Back Orifice Trojan; removal instructons
 * CIH/Chernobyl Virus
 * Windows ExploreZip Worm

Windows - Notices & Patches
Microsoft issued more than 100 security notices and patches in 2000. We will only list those of general business interest.
 * UA Control Vulnerability - Office 2000 - This vulnerability allows viruses to be launched from e-mail without opening attachments . The first useage, Davinia, was designed to be destructive but was clumsy and did not propegate well. Future exploits could be far more effective. You should download and apply the patch available from Microsoft.

Apple Macintosh Vulnerabilities

 * Melissa Virus - Macintosh users of Microsoft Office 2001 now have a beta of Outlook available (formerly just Outlook Express). Outlook is enabling the Melissa virus to spread among Mac users.

Linux Vulnerabilities
While Linux is not subject to the fast spreading e-mail virus problems Windows systems have, Linux computers connected to DSL and cable modems are vulnerable to break-in, worms and trojans if their patch levels are not kept up-to-date.

Important: Do not run your Linux box logged in as root. Yes, it's more of a hassle to set your stuff up to run as a user, but running as root makes your system very vulnerable. If root runs a hostile file, it runs with full system privelages, just like under Windows.
 * Ramen Worm - This worm attacks Red Hat Linux 6.2 and 7.0 systems that have not been patched for wu-ftp, rpc.statd and LPRng. Aside from propegating, it disables the ftp service and defaces Web sites by replacing pages named "index.html" with it's own Web page. Description and removeal instructions are at a href="http://www.linuxsecurity.com/articles/network_security_article-2335.html"> Linuxsecurity.com.
 * Dual Boot (Linux/Windows): reestablishing the Linux boot loader. After using fdisk /MBR to remove a DOS/Windows boot sector virus puters. Instructions at CERN. Their link to their Linux boot disk is broken, but you can use the "rescue disk" you made when you installed Linux.