by Marv Dealy

New from the virus writers -- a makeover of an approach tried in the spring of this year: attach a virus to what appears to be a legitimate e-mail from Microsoft and send it to every address you can find.

In March, 2003, the hoax e-mail carried the W32.Gibe.B@mm worm. The newest fraudulent e-mail carries an ".exe" file which Symantec says is actually a file to install the W32.Swen.A@mm worm. All current Windows equipped machines are vulnerable. Of course, Macintosh, UNIX and Linux users are safe.

Today's version comes attached to an official looking e-mail, complete with Microsoft logo and links to real Microsoft web pages to add authenticity to the hoax e-mail.

The e-mail subject, body and "From:" addresses may vary, and may also include delivery failure notices. For example, one of my e-mail addresses has received fraudulent e-mail with the following subject lines:

Latest Security Pack

Net Security Update

Last Microsoft Patch

Current Microsoft Pack

Latest Security Update

internet critical update

New Network Critical Patch

Current Internet Security Upgrade

Failure Notice

abort notice

Abort Announcement

Announcement

Returned Message

The senders of these hoax e-mails has included:

Microsoft Net Email Storage Service

MS Customer Assistance

Email System

Microsoft

Net message delivery service

Microsoft Security Services

Microsoft Corporation Program Security

Microsoft Corporation Public Support

Inet Delivery Service

MS Corporation Technical Support

I've said it before but it bears repeating -- "Microsoft never distributes software directly via e-mail." (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/policy/swdist.asp) You can be 100% sure if you get one of these hoax e-mails that it's not from Microsoft. If you have Norton AntiVirus or McAfee AntiVirus software installed and updated, you won't have any problems. The Toshiba laptop I use is set to automatically delete infected attachments, so I don't have to worry about agreeing each time Norton wants to delete an infected attachment.

Which is a good thing -- in the past few days, one of my e-mail boxes has been flooded with a rash of these hoax e-mails. Microsoft says, "If you receive an e-mail that claims to contain software from Microsoft, do not run the attachment. The safest course of action is to delete the mail altogether." (See, Microsoft website listed above.)

If you're new to e-mail, and just aren't certain how do deal with all those incoming e-mails that promise this and that, you might do well to read a column by Ken Colburn of Data Doctors. Colburn covers such topics as will the government put a 5-cent tax on e-mails, will Microsoft and Disney pay you lots of money for forwarding e-mails, or will the Red Cross donate 10-cents for each e-mail that gets forwarded.

Colburn also disabuses us of the "dangerous Teddy bear virus" and other common e-mail hoaxes and myths. This is a good read for newbies to e-mail and a good refresher for the rest of us, particularly those who have a tendency to breathlessly forward everything that hits their inbox. Read his whole column at http://www.computerproblems.com/kenscolumns/column.cfm?id=9519

Hacker Charged
Tired of viruses, worms and Trojan horses? Then you'll be glad to hear that the long arm of the law caught up with one hacker, a 22-year-old Californian who hacked into the New York Times computer network. Adrian Lamo, charged in a two-count criminal complaint filed by Manhattan federal prosecutors, faces a maximum sentence of 15 years in prison and a $500,000 fine if convicted.

The judge in the case has allowed Lamo to remain free on $250,000 personal recognizance bond as long as he lives with his parents and severely restricts his computer use. One would think they might take his computer away entirely, but no one called me for advice.

An FBI agent said, in a statement included with the complaint, that Lambo has claimed to have entered the networks of other companies, including Microsoft and Yahoo. When he hacked into the New York Times network, Lambo retrieved personal information, including social security numbers and home phone numbers, of some 3,000 folks who had sent letters to the editor. Don't ask my why they had to provide their social security number to write a letter to the editor. Read more at http://www.wired.com/news/technology/0,1282,60429,00.html

Yet another e-mail hoax -- this one is innocent and purports to be a picture of Hurricane Isabel out at sea. The photo, taken from a ship at sea, actually "documents a tropical cyclone sighted in the Pacific Ocean six months ago named 'Graham'." (See, About.Com at http://urbanlegends.about.com/library/bl_isabel_photo.htm?terms=hurricane+isabel+photo) This type of hoax -- a picture either mislabeled or doctored with a photo manipulation program -- may seem harmless at first glance, but it soaks up resources, costs people time while they determine if it's genuine, and therefore causes damage, albeit on a different level, such as an e-mail carrying a real malicious load.

IRS vs. Greenpeace
On a completely different note, word comes of a complaint filed with the IRS charging that Greenpeace, one of the world's best-known non-profits, is systematically and knowingly violating United States tax laws and asks that their non-profit status be revoked. (http://www.publicinterestwatch.org/)

The complaint alleges that "Greenpeace has devised a system for diverting tax-exempt funds into non-exempt organizations within its empire and using the money for improper and illegal purposes. It is plainly a case of money laundering."

The report details how during a three year span, one Greenpeace entity diverted over $24 million in tax-exempt contributions. "Such contributions are supposed to be used for charitable, educational or scientific programs, but instead financed advocacy campaigns." (See, Public Interest Watch web site, above)

Internet Taxes
Last, news from InfoWorld that the U.S. House of Representatives has passed and sent to the Senate a bill that would ban taxes unique to the Internet from being levied. There is currently a moratorium on taxes unique to the Internet -- e-mail taxes, bandwidth taxes, or bit taxes -- that stems from a law passed in 1998 and renewed in 2001. The current moratorium is set to expire November 1st unless Congress acts first.

Supporters point out that the bill doesn't prevent states from collecting sales tax from out-of-state retailers selling products on the Internet. The new law would change what had been a moratorium into a permanent law. For more, read http://www.infoworld.com/article/03/09/17/HNhouseinternet_1.html

Marv Dealy is a lifelong computer enthusiast and businessman in Tuolumne County. Reach him by e-mail at marv.dealy@throck.com