Security UPDATE: Malicious Hackers and Spam

====================

==== This Issue Sponsored By ====

Free Download: Shavlik Security Patch Management

http://www.shavlik.com/pHFNetChkAdmin.aspx

Policy-Based Vulnerability Management White Paper from NetIQ

http://www.netiq.com/f/form/form.asp?id=2421&origin=NS_SecUpdte2_121703

====================

1. In Focus: One Step Closer to Eliminating Junk Mail

2. Announcements

- Attend Black Hat Briefings 2004

- Announcing a New eBook: "Content Security in the Enterprise--Spam and Beyond"

- New--Microsoft Security Strategies Roadshow 2004!

3. Security News and Features

- Recent Security Vulnerabilities

- News: Patch Delivery Snafu Snares No-Patch December

- Feature: Malicious Hackers and Spam, Part 1

4. Security Toolkit

- Virus Center

- FAQ: What actions occur when I click Repair on a network connection in Windows XP and later?

- Featured Thread: OWA and ISA Authentication

5. Event

- Receive a Free Identity Management White Paper!

6. New and Improved

- Turn Your PC into a Premises-Monitoring System

- Attack and Event Correlation Analysis Across Firewalls

- Tell Us About a Hot Product and Get a T-Shirt

7. Contact Us

See this section for a list of ways to contact us.

====================

==== Sponsor: Free Download: Shavlik Security Patch Management ====

Install the latest critical Microsoft security patches today with HFNetChkPro. A free, fully functional, no time-out version of HFNetChkPro is available to help you automate the delivery and testing of these critical patches. HFNetChkPro offers unlimited scanning, a complete GUI and Shavlik's exclusive PatchPush capabilities. Save time on patch deployment, ensure systems are fully protected and safeguard your systems from remote code execution, identity spoofing, arbitrary code execution and other attacks. It's free, and it simplifies patch management without agents. Learn more and download the free version of HFNetChkPro at http://www.shavlik.com/pHFNetChkAdmin.aspx .

====================

==== 1. In Focus: One Step Closer to Eliminating Junk Mail ====

by Mark Joseph Edwards, News Editor, [email protected]

I think just about everybody is tired of junk mail clogging up his or her Inbox. I know I am. These days, I receive somewhere between 250 and 450 messages per day, and the vast majority of it (probably about 75 percent to 90 percent) is junk mail advertising all kinds of things I will most likely never find a use for. My favorite junk mail ad is the one that suggests I buy its antispam product to prevent receiving its spam!

By looking at the recipient address on the messages, I can tell that almost all the spammers sending me email have harvested my address and used it without my permission. And the sender addresses show that almost all the spammers make considerable attempts to disguise or lie about their actual identities. Not knowing who's actually responsible for the junk mail makes the effort to stop it much harder.

Fortunately, some relief is in sight. The Associated Press (AP) reports that the state of Virginia has indicted two North Carolina men, charging them with violations of antispam laws. The indictments represent the first case in America in which people have been criminally charged with felonies for sending unsolicited email.

According to the report, Jeremy Jaynes (aka Jeremy James or Gaven Stubberfield) and Richard Rutowski are accused of sending tens of thousands of unsolicited email messages and Virginia Attorney General Jerry Kilgore said he knows of no legitimate business operated by either of the men. Their spam typically consisted of solicitations for penny stocks, low interest rate loans, and Internet history erasing tools. Because the men falsified their identities, charges against them were elevated to felonies.

Spamhaus, an organization that helps track and minimize spamming and spammers, ranked Jaynes as the eighth worst spam offender as of November 2003. The ranking is based on the number of registered complaints against him. Hopefully, his indictment will cause other spammers and scammers to think more carefully before clogging up the Internet with their ridiculous advertisements.

http://www.spamhaus.org

As far as I know, Virginia is currently the only state in the nation that has laws that allow for criminal prosecution of spammers. However, you might recall that Congress recently passed legislation that proposes new federal laws that allow for federal prosecution. That legislation will become enforceable law when the president signs it.

I have no idea how this legislation will help prevent junk mail that originates from foreign countries. Perhaps we'll see cases of foreign spammers identified and extradited to the United States for prosecution.

Alan Sugano recently wrote about his experiences troubleshooting an Exchange Server that was plagued with noticeable backup failures and poor performance. Sugano eventually found that a spammer in China was using the server to send loads of spam. Be sure to read part 1 of his expose, "Malicious Hackers and Spam"; look for the link in the Security News and Features section below to learn more about his cyber-sleuthing adventure.

====================

==== Sponsor: Policy-Based Vulnerability Management White Paper from NetIQ ====

Are you relying on ineffective approaches as you battle a constant barrage of worms, viruses and attacks? Why not take a holistic policy-based approach to vulnerability management? Register now for NetIQ's free white paper, "From Project to Process: Policy-Based Vulnerability Management" to get the critical, step-by-step methods you need. You'll discover how to leverage policies and standards for vulnerability management and institute them as a routine business process instead of periodic projects.

http://www.netiq.com/f/form/form.asp?id=2421&origin=NS_SecUpdte2_121703

====================

==== 2. Announcements ====

(from Windows & .NET Magazine and its partners)

Attend Black Hat Briefings 2004

Black Hat Windows Security 2004 Briefings & Training is January 27-30, 2004 in Seattle. This is the world's premier Windows IT security event and is fully supported by Microsoft. Discover solutions to all of the current worm, virus and attack threats. Come for six tracks and eight 2-day training sessions. Register today!

http://www.blackhat.com

Announcing a New eBook: "Content Security in the Enterprise--Spam and Beyond"

This eBook explores how to reduce and eliminate the risks from Internet applications such as email, Web browsing, and Instant Messaging by limiting inappropriate use, eliminating spam, protecting corporate information assets, and ensuring that these vital resources are secure and available for authorized business purposes. Download this eBook now free!

http://www.windowsitlibrary.com/ebooks/spam/index.cfm

New--Microsoft Security Strategies Roadshow 2004!

Join industry-guru Mark Minasi on this exciting 20-city tour and learn more about tips and best practices to secure your Windows Server 2003 and Windows 2000 networks. There is no charge for this event, but space is limited, so register today!

http://www.winnetmag.com/roadshows/computersecurity2004

====================

==== Sponsor: Virus Update from Panda Software ====

Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume.

Visit "Panda's GateDefender Stands Guard!" at http://www.pandasecurity.com/gatedefender/ for more information.

====================

==== 3. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.winnetmag.com/departments/departmentid/752/752.html

News: Patch Delivery Snafu Snares No-Patch December

The mysterious delivery of a critical security patch last week, the same week in which Microsoft announced it would have no critical security patch bundles, had the software maker scrambling to find out what happened. It turns out that a glitch in the company's Windows Update patch delivery mechanism caused the late delivery of the erroneous patch, which fixes a problem with Microsoft FrontPage Server Extensions, a software add-on for Microsoft's Web server software.

http://www.winnetmag.com/article/articleid/41143/41143.html

Feature: Malicious Hackers and Spam, Part 1

Alan Sugano's consulting company recently received a call from a client company that was having problems with backup failures and poor server performance when sending and receiving email. When Alan arrived at the client site, he found that the problem was more serious than a failed tape drive and slow server. If you read In Focus above, you know what the problem was. Read Alan's article to find out how he found the spammer that was using the machine as a relay.

http://www.winnetmag.com/article/articleid/41094/41094.html

==== 4. Security Toolkit ====

Virus Center

Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.

http://www.winnetmag.com/windowssecurity/panda

FAQ: What actions occur when I click Repair on a network connection in Windows XP and later?

by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. When you right-click a network connection and select Status, Windows displays information about the connection's speed, duration, and packet activity. For XP and later, a Repair option appears on the Support tab. When you click Repair, Windows attempts to resolve a range of problems. Specifically, the OS does the following:

- Attempts to use a broadcast message to renew the DHCP lease, if the connection obtains its IP address through DHCP

- Uses the command "arp -d" to flush the Address Resolution Protocol (ARP)

- Uses the command "nbtstat -R" to flush the NetBIOS cache

- Uses the command "ipconfig /flushdns" to flush the DNS cache

- Uses the command "nbtstat -RR" to reregister the NetBIOS name and IP address with WINS

- Uses the command "ipconfig /registerdns" to reregister the computer name and IP address with DNS

Featured Thread: OWA and ISA Authentication

(One message in this thread)

Yushi writes that when his users connect to Microsoft Outlook Web Access (OWA) from a remote site, they're asked to enter their username and password three times before OWA opens their mailbox. When they send email, the system prompts them again to enter their credentials. He uses Microsoft Small Business Server (SBS) 2000, Internet Security and Acceleration (ISA) Server, and Exchange Server all on the same system. He has tried publishing OWA within ISA Server and users still experience the same results. Lend a hand or read the responses:

http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=65947

==== 5. Event ====

Receive a Free Identity Management White Paper!

Are your existing identity-management and access-control solutions fragmented, duplicated, and inefficient? Attend this free Web seminar and discover how to automate and simplify identity creation, administration, and access control. Leverage your investment in Microsoft technologies and benefit from greater security, improved productivity, and better manageability. Register now!

http://www.winnetmag.com/seminars/identity

==== 6. New and Improved ====

by Jason Bovberg, [email protected]

Turn Your PC into a Premises-Monitoring System

DeskShare released WebCam Monitor 2.2, software that notifies you when it detects motion or noise in your office or home. WebCam Monitor can support four cameras and microphones simultaneously, letting you keep tabs on a remote location. Whenever WebCam Monitor detects an intrusion or other unusual activity, the software can capture snapshot images, record video and audio images, flash your computer screen, sound an audible alarm, or send an email message. WebCam Monitor 2.2 costs $39.95 for a single-user license. For more information about the product, contact DeskShare on the Web.

http://www.deskshare.com/wcm.aspx

Attack and Event Correlation Analysis Across Firewalls

eIQnetworks announced FirewallAnalyzer Enterprise 3.0, the most recent version of its browser-based firewall/VPN correlation analysis, reporting, and monitoring software. Using patent-pending FScale data-management architecture and advanced log-management technologies, FirewallAnalyzer Enterprise correlates cryptic Syslog messages from all leading firewall appliances and servers into meaningful information that you can easily interpret and act upon. Version 3.0 specifically addresses enterprise and managed service provider customers' need to correlate data across distributed firewalls. FirewallAnalyzer Enterprise, which supports all leading firewall servers and appliances, helps identify attackers, attack sources, requests, event types, and ports of attack. FirewallAnalyzer Enterprise costs $795 and is licensed per physical firewall. For more information about the product, contact eIQnetworks on the Web.

http://www.eiqnetworks.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

===================

==== Sponsored Links ====

NetSupport

Free Trial - Fast and Easy Network Management. - NetSupport DNA http://ad.doubleclick.net/clk;6823752;8214395;q?http://www.netsupport-inc.com/dna/netsupport_dna_overview.htm

===================

==== 7. Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.winnetmag.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today.

https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup

Manage Your Account

You are subscribed as #EmailAddr#.

To unsubscribe from this email newsletter, send an email message to

mailto:#mailing:unsubemail#.

To make other changes to your email account such as change your email address, update your profile, and subscribe or unsubscribe to any of our email newsletters, simply log on to our Email Preference Center.

http://www.winnetmag.com/email

Copyright 2003, Penton Media, Inc.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish