Full Service Internet & Cutting
Meeting Today's Home, Family and Business Needs!
"Person to Person - Satisfaction and Service are Our Business"
Need To Know Computer Virus Information
This month I want to discuss the computer virus: what it is and how it affects us. Below is a recent headline.
Emails and virus slow Web
04:20 GMT-04:00 Saturday, September 22, 2001
The Nimda computer bug and the reaction to the attacks on the World Trade Center and the Pentagon are creating a traffic jam on the Internet as soaring email volumes slow delivery times, especially for residential users.
Nimda, which first made its mark on Tuesday, is now being billed as the worst computer infestation to date. The computer bug is soaking up as much as 10 per cent of the Internet's capacity, security software firm Network Associates Inc. said yesterday.
"We're beginning to call it a super bug," said Gus Malezis, general manager of the Canadian arm of Network Associates.
Most of Nimda's predecessors have focused their attacks on corporate networks. But this newest computer hybrid bug -- part virus, and part "worm" -- is just as happy to assault consumer networks.
At the same time, the terrorist attacks in the United States last week have sparked a massive surge in email and traffic on news Web sites, according to Internet service providers and traffic measurement firms.
Rick Broadhead, Internet author and consultant, said his own email service has been "completely clogged" for the past two days and that some messages are taking up to a day and a half to be transmitted, instead of seconds. "It slows email to a crawl."
Sympatico, the ISP owned by Bell Canada, has seen its email traffic jump 15 per cent in just one week -- more than 1.5 million additional messages a day -- forcing it to install seven new powerful server computers, boosting its capacity by 50 per cent.
Two of those were installed yesterday, as email traffic continued to grow at an increasing rate. "The email traffic is not plateauing," spokesman Andrew Cole said.
Mr. Cole said Nimda is the most important reason for the increase in Sympatico email traffic, with attack-related communications a second cause, as well as the resurgence of the SirCam virus, which first attacked earlier in 2001. He said Sympatico's own computers have not been infected by the Nimda virus, but that those of its customers have been, creating the additional traffic.
Mr. Malezis said any residential Internet service is vulnerable to the Nimda virus, and that he has had several reports of the virus creating large traffic increases at both cable and telephone line-based services.
Shaw Communications Inc. president Peter Bissonnette said traffic on his firm's network has gone up "quite dramatically," in the neighborhood of Sympatico's 15-per-cent increase. He said Shaw's own systems have not been affected by Nimda.
Mr. Bissonnette said Shaw's new data centre has a large amount of unused capacity, allowing it to cope easily with the increased volume. "We've got lots of head room."
Telus Corp. spokesman Doug Strachan said volume had surged on his firm's network, with some emails not being delivered at all. The problems coincide with the emergence of Nimda, he said.
Rogers Cable Inc. did not comment on traffic patterns on its networks.
In Hong Kong, Nimda and two damaged transpacific telecommunication cables caused widespread disruption to computer networks in Hong Kong, according to a report in the English-language daily South China Morning Post. It affected the productivity of more than 1,000 companies in Hong Kong, as well as government departments and private users, said anti-virus software firm Trend Micro.
Nimda combines some of the most insidious features of its predecessors, using email attachments to propagate itself, like the Melissa virus, and spreading itself through infected Web servers, like the Code Red worm. But there is one hidden blessing from Nimda's creator: the bug is relatively compact, limiting the capacity it gobbles up.
Mr. Malezis said a future Web saboteur could stop the Internet in its tracks if a massive computer file -- a picture or video, for instance -- were appended to the virus.
Copyright © 2001 The Globe and Mail
When you listen to the news, you hear about many different forms of electronic infection. The most common are:
- Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program like a spreadsheet program. Each time the spreadsheet program runs, the virus runs too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
- Email viruses - An email virus moves around in email messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's email address book.
- Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there as well.
- Trojan Horses - A Trojan horse is simply a normal computer program. The program claims to do one thing (e.g. - it claims to be a game) but instead does damage when you run it (e.g. - it erases your hard disk). Trojan horses have no way to replicate automatically.
The infections in the news right now are worms, so let's take a look at worms and then go into the details on all of the different types of infection.
A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt. The Code Red worm attacks Windows NT 4.0 and Windows 2000 servers running Microsoft IIS (Internet Information Server) 4.0 or IIS 5.0. Microsoft has released a simple patch that fixes the security loophole used by the Code Red worm that you can access here.
What's a "Worm"?
A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001.
Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent. The Code Red worm slowed down Internet traffic (but not nearly as badly as predicted) when it began to replicate itself. Each copy of the worm scans the Internet for Windows NT or Windows 2000 servers that do not have the security patch installed. Each time it finds an unsecured server, the worm copies itself to that server. The new copy then scans also for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.
The Code Red worm is designed to do three things:
- Replicate itself for the first 20 days of each month
- Replace Web pages on infected servers with a page that declares Hacked by Chinese
- Launch a concerted attack on the White House Web server in an attempt to overwhelm it.
The most common version of Code Red is a variation, typically referred to as a mutated strain, of the original Ida Code Red that replicated itself on July 19, 2001. According to the National Infrastructure Protection Center: ALERT 01--016:
The Ida Code Red Worm, which was first reported by eEye Digital Security, is taking advantage of known vulnerabilities in the Microsoft IIS Internet Server Application Program Interface (ISAPI) service. Un-patched systems are susceptible to a "buffer overflow" in the Idq.dll, which permit the attacker to run embedded code on the affected system. This memory resident worm, once active on a system, first attempts to spread itself by creating a sequence of random IP addresses to infect unprotected web servers. Each worm thread will then inspect the infected computer's time clock. The NIPC has determined that the trigger time for the DOS execution of the Ida Code Red Worm is at 0:00 hours, GMT on July 20, 2001. This is 8:00 PM, EST.
Upon successful infection, the worm waits for the appointed hour and connects to the http://www.whitehouse.gov domain. This attack consists of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov (188.8.131.52).
The U.S. government changed the IP address of http://www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm advising users of Windows NT or Windows 2000 Web servers to ensure that they have installed the security patch.
The article above was from one of my favorites a site called, "How things work". The URL is http://www.howstuffworks.com/virus1.htm
Founder and CEO FullNet Communications, Inc.
Cyber Tutors And Homework Helpers On The Web
For most, it's almost the start of the second 9 weeks of the school year and that means the nightly hair-pulling over quadratic equations and for some just 2 + 2 = 4.
Then comes the frustration and for many tears over chemistry homework. Well, help is just around your PC down the Internet Highway. Online tutors are readily available; just choose wisely. Of the dozes of sites, some simply give the answers to problems. Others have dubious credentials. But with a trustworthy service, online tutoring can be quite helpful. For younger ones, tutoring over the Internet makes homework seem more like a game (and less like homework).
At Tutor.com, more than 30,000 tutors are on call 24 hours a day for one-on-one cyber sessions. Covering hundreds of subjects in grades K-12 and beyond, the site provides a simple way to communicate via computer. Once you download the necessary plug-ins (available free at the site), you can chat via voice or text, and an interactive "whiteboard" lets student and tutor write or draw diagrams, just as you would on a chalk or dry erase board.
The best part: Tutor.com performs background checks and give extensive information on tutor's qualifications. The tutors set their own rates, so be prepared to pay $20 an hour or more for the service.
Here are additional sites to find an online or offline tutor:
We hope that this article will be helpful to either you or someone you know who has a need for this kind of information. Your comments and questions regarding our articles are important to us so please continue to send those to firstname.lastname@example.org. FullNews is just one other way of providing "added value" to your FullNet membership.
VP Marketing & Authorized Agent Sales