[plans] distributed.net .plan update

plans at nodezero.distributed.net plans at nodezero.distributed.net
Tue Oct 17 21:00:02 EDT 2000


distributed .plan updates in the last 24 hours: 
---

bovine :: 17-Oct-2000 10:00 (Tuesday) ::

I've updated my wormfree utility again to fix a number of other minor
issues.  Previously it required a Win98+ or Win95 with IE4 desktop update
installed (now it should run on all Win95, Win98, Win98 SE, and WinME
systems).  Additionally, there were rare cases where wormfree would perform
an access violation.  It now also attempts to clean a few other no-impact
registry key locations.  If you have used previous versions of my wormfree
utility and are really paranoid, you can try re-running this new one.
You can download this new version from:
http://www1.distributed.net/~bovine/wormfree.zip

A related issue is a recent security vulnerability that has been found in
all Win9x systems that would enable another user to access your file
shares, even if you have assigned a very complex password to it.  Although
there are currently no worms that utilize this vulnerability, this reason
alone is sufficient to warrant not arbitrarily sharing potentially
vulnerable directories that contain things that get executed.  Minimally
this means that you should not share any drive or directory that includes
your WINDOWS directory or your "Program Files".  If you really must use
file-sharing for collaboration, you should create a special folder someplace
on your hard drive, and share ONLY that folder itself (and possibly include
a password, with the understanding that no password or key is truly secure).
You can read about the Microsoft Security Bulletin at the following
location:  http://www.microsoft.com/technet/security/bulletin/MS00-072.asp


bovine :: 17-Oct-2000 10:22 (Tuesday) ::

I'd also like to recommend that all paranoid users consider using a virus
scanning utility and ensuring that their systems are not infected with
any other viruses or worms.  My wormfree utility only attempts to remove
the several worm variants that have been known to deploy our dnetc client.
However, there have been countless other worms and viruses in the past
that all replicate through similar techniques, so if you might have been
vulnerable to them (and potentially infected) as well.  A pretty good free
resident virus scanner is Computer Associates' InoculateIT product, which
is available for free download from http://antivirus.cai.com/

Additionally, it should be noted that there are indeed several new worm
variants that illegally deploy the distributed.net client and include
email addresses different than the bymer at inec.kiev.ua that I mentioned in
my original post.  Some of these others include the email bymer at ukrpost.net
or ogr at gala.net.  There is a more comprehensive list about the known
variants at http://www.distributed.net/trojans.html



--
To unsubscribe, send 'unsubscribe plans' to majordomo at lists.distributed.net



More information about the plans mailing list