Sun J2SE 2.0 distribution is infected????

[Nicolas]

Hallo Polonus,

Thanks for your nice reply !
The LSP service is effective but not perfect, like any other security system.
What 'stmdk' said above is true and well known. The most vulnerable gate to your system is of course the internet browser, which is also functioning as a virtual machine or interpreter. For this reason, the really vital and high security computer systems are not connected to the internet; they also employ specially designed operating and FAT systems. These machines cannot be hacked, may be the operators can..  It is always advisable to have at least one computer completely isolated from the network.
So, sending droppers with viruses and trojans into the internet only harms you, me, the medium size and small companies - the powerful remain unaffected. Is there much difference with ordinary criminals ?

The little daughter of a friend managed to install MSN to chat with her girlfriends. They sent her a picture, she assumed. At once, Avast and firewall were disabled, the computer froze. All their pictures, the letters and work of her mother were lost. This is poor people and the damage done is irreparable.

Nicolas 

[polonus]

Hi Nicolas,

It is from what you said, as I feared. There are lots of people, who use computers out of the box with the default settings, therefore the default vulnerabilities as well. In Holland the situation is a bit better as in the States, where there are hundreds of thousands so called zombie computers operating like machines for the Spam man, where the Stats man pays the Ad man. On the 15th of May last week a gigantic spam-run was started from the Sober-virus. The spam made use of some 30 different kind of Nazi propaganda messages. Sober O (alias P) was in this case installed on a system and automatically updated to send out spam from the infected site. At the height of the outbreak some dutch filtering firms found 50% of all spam to be this kind of spam.
So building browsers that are part of the OS, like with Internet Explorer and the access it gives Active-X is basically an accident-prone design from the boys in Richmond. On the other hand if a comp never send anything else but RTF (rich text format) there would not be viruses, and no need for this forum either.

Greetings (m.vr.gr.)

polonus

[Nicolas]

Hi Polonus,

Yes, Sober was pretty dominant here - and still is nasty.
But yesterday I got a new warning from the 'Waarschuwingsdienst' (warning service of the government):
WORM_MYTOB
Variant          : Worm.Mytob.CG, Worm/Mytob.EA, Win32/Mytob.CZ,
                        W32/Mytob.gen@MM, Net-Worm.Win32.Mytob.bb,
                        Win32.Mytob.DM

Subject line of email:                   

- *DETECTED* Online User Violation
 - *IMPORTANT* Please Validate Your Email Account
 - *IMPORTANT* Your Account Has Been Locked
 - *WARNING* Your Email Account Will Be Closed
 - Account Alert
 - Email Account Suspension
 - Important Notification
 - Notice of account limitation
 - Notice: Last Warning
 - Notice: Your email account will be suspended
 - Security measures
 - Your email account access is restricted
 - Your Email Account is Suspended For Security Reasons

Content of email:

Once you have completed the form in the attached file , your
   account records will not be interrupted and will continue as
   normal.
 - Please look at attached document.
 - Please read the attached document and follow it's
   instructions.
 - Please see the attachement.
 - The original message has been included as an attachment.
 - To safeguard your email account from possible termination,
   please see the attached file.
 - To unblock your email account acces, please see the
   attachement.
 - We attached some important information regarding your
   account.
 - We have suspended some of your email services, to
   resolve the problem you should read the attached
   document.
 - We regret to inform you that your account has been
   suspended due to the violation of our site policy, more
   info is attached.

Attachment file name:

 - account-details
 - document
 - document_full
 - email-doc
 - email-info
 - info
 - information
 - info-text
 - instructions
 - your_details

Extension:

 - EXE
 - PIF
 - SCR
 - ZIP


In the private sector in Holland the situation may be worse than in the U.S.A. Much more second hand and not updated computers. The networks are infested with all kinds of viruses and trojans, some of these very outdated and easily blocked. When I connect to the cable network, I'm always greeted by "DCOM-Exploit blocked" Then various portscans are tried and the firewall pop-ups appear at about every 15 minutes.

In my opinion, the Microsoft initiative to integrate the browser (in fact the LAN) with the kernel might give better protection. Their .NET is also closely connected with the kernel. The explanation that it harms the competition does not convince me. However, better protection is not full protection.
The fact that the Sober virus distributed this kind of messages, which are thus as virus associated with much damage, may be coincidence or intentional. Many viruses and trojans are quite sophisticated and must originate from real specialists, knowing exactly the weak spots and how to exploit them. It takes many years of hard labour to become so familiar with the Windows operating system and Assembler.

It is undoubtedly much safer to use only RTF in emails. But what about the browser, for the internet is based on a universal binary code? Active-X is an almost general means of control. It has been modified now, in a restricted sense. The .NET system would be more secure. Just like Java it comes with a large library, but as usual with MS most is encrypted. Whether .NET and the associated Csharp programming language is really a breakthrough in security respect ? Rather it is just an improvement.

At this moment my MSTask. engine is being contacted and blocked from using port 1025: Listener, Remote File Sharing ! A known IP from a Taiwanese network. Business as usual.

Met vriendelijke groeten,

Nicolas.