Strong Passwords
april 1, 2005 01:55

Strong passwords are your first step in securing your systems. If a password can be easily guessed or compromised using a simple dictionary attack, your systems will be vulnerable to hackers, worms, Trojans, and viruses.

Trojan, virus, and worm authors have had great success attacking systems with weak and/or default passwords. Take IRC/Flood Trojan for example. McAfee’s virus profile states that IRC/Flood has over 120 variants and has infected over 60,000 machines in the last 30 days. IRC/Flood succeeds by checking for 22 different different easy to guess admin passwords (variants vary). Unfortunately, there are a lot more where IRC/Flood came from, W32/Tzet.worm, W32/Random.worm, and W32.HLLW.Gaobot.gen are in the wild just to name three.

Hackers also have no problem compromising systems with weak passwords. Programs like L0pthCrack for example make the process simple and efficient. Creating a password-cracking dictionary is not even a challenge. Type the words "Creating Password Cracking Dictionaries", without the quotes, in to your favorite search engine. A comprehensive dictionary can be downloaded or created from scratch in short order.

Below is a list of commonly used weak passwords that should NEVER be used. If any of these passwords look hauntingly familiar and are being used, you need to change the password immediately.

Alpha< d>
Weak Passwords< d>
< r>

A< d>

a, A.M.I, A52896nG93096a, aaa, aammii, abc, abcd, academia, academic, accept, access, ACCESS,
account, accounting, action, adam, ADAMS, adfexc, adm, admin, ADMIN, Admin, admin2, administrator, Administrator, adminttd, ADMN,
admn, adrian, adrianna, adtran, adult, Advance, ADVMAIL, aerobics, alfarome, ALFAROME, ALLIN1, ALLIN1MAIL, ALLINONE, aLLy, ALLy,
alpha, AM, AMI, AMI!SW, AMI.KEY, AMI.KEZ, AMI?SW, AMI_SW, AMI~, AMIAMI, AMIDECOD, amipswd, AMIPSWD, AMISETUP, anicust, anon, anonymous, any@, ANYCOM, AP2SVP, aPAf, APL2PP, APPLSYS, APPS, AQDEMO, AQUSER, ARCHIVIST, Asante, ascend, Ascend, asdf, asdfgh, at4400, attack, AURORA$ORB$UNAUTHENTICATED, AURORA@ORB@UNAUTHENTICATED, autocad, AUTOLOG1, Award, award, AWARD?SW, AWARD_SW, awkward
< d>
< r>

B< d>

BACKUP, BATCH, BATCH1, BATCH2, bbs, bciim, bciimpw, bcms, bcmspw, bcnas, bcnaspw, bell9, BIGO, bin,
bintec, BIOS, BIOSPASS, biosstar, biostar, Biostar, BIOSTAR, BLAKE, blue, bluepw, boss, BRIDGE, browse, browsepw
< d>
< r>

C< d>

c, cablecom, cable-docsis, CAROLIAN, cascade, CATALOG, cc, CCC, ccrusr, CDEMO82, CDEMOCOR, CDEMORID,
CDEMOUCB, central, CHANGE_ON_INSTALL, changeme, checkfs, checkfsys, checksys, CHEY_ARCHSVR, circ, cisco, Cisco router, CLARK, client, CLOTH,
cmaker, CMSBATCH, CMSUSER, CNAS, COGNOS, Col2ogro2, comcomcom, COMPANY, Compaq, Compleri, computer, CONCAT,
condo, CONDO, Congress, CONV, CPNUC, CPRM, cr0wmt 911, craft, craftpw, Crystal, CSPUSER, CTX_123, CTXDEMO, CTXSYS, cust, custpw, CVIEW
< d>
< r>

D< d>

d.e.b.u.g, d8on, daemon, Daewuu, Database, databse, DATAMOVE, Daytec, DBSNMP,
DCL, DDIC, death, debug, DECMAIL, DECNET, default, DEFAULT, Dell, DEMO, demo, DEMO1, DEMO8, DEMO8, demos, deskalt, deskman,
desknorm, deskres, DESQUETOP, dhs3mt, dhs3pms, diag, diamond, DIGITAL, DISC, disttech, D-Link, dn_04rjc, dni, DS, DSA
< d>
< r>

E< d>
EARLYWATCH, echo, EMP, enable, eng, engineer, enquiry, enquirypw, enter, ESSEX, EVENT, Ezsetup< d>
< r>

F< d>
fal, FAX, fax, FAXUSER, FAXWORKS, FIELD, field, FIELD.SUPPORT, FINANCE, FND, foobar, friend, ftp< d>
< r>

G< d>
g6PJ, games, ganteng, GATEWAY, GEN1, gen1, GEN2, gen2, glftpd, gnumpf, god, godblessyou, gonzo, gopher, GPLD, gropher, guessme, guest, GUEST, Guest, guest1, GUESTGUE, guestgue, GUESTGUEST< d>
< r>

H< d>

h6BB, hacker, halt, HARRIS, hax0r, HELGA-S, HELLO, hello, HELP, help, HELPDESK, HEWITT RAND, hewlpack, HLT, home, Home,
HOST, HP, hp, HPDESK, HPLASER, HPOFFICE, HPOFFICE DATA, HPONLY, HPP187, HPP187 SYS, HPP189, HPP196, HPWORD PUB, hydrasna
< d>
< r>

I< d>

I5rDv2b2JjA8Mm, ibm, IBM, ibmcel, ihavenopass, ILMI, inads, indspw, INFO,
informix, INGRES, init, initpw, install, Internet, IntraStack, IntraSwitch, INTX3, INVALID, IPC, IS_$hostname, ITF3000, iwill
< d>
< r>

J< d>
j09F, j256, j262, j322, j64, JDE, Jetform, JONES< d>
< r>

K< d>
kermit, kiddie, komprie, ksdjfg934t< d>
< r>

L< d>

l2, l3, laflaf, lantronix, LASER, LASERWRITER, last, lesarotl, letacla, letmein, LIBRARY, lineprin, LINK, lkw peter, lkwpeter, LKWPETER,
Lkwpeter, llatsni, locate, locatepw, login, looker, LOTUS, love, lp, lpadm, lpadmin, lucenttech1, lucenttech2, lynx
< d>
< r>

M< d>

MAIL, mail, MAILER, maint, maintain, maintpw, man, manager, Manager, MANAGER, MANAGER.SYS, Master, MASTER, masterkey, MBIU0, MBMANAGER,
MBWATCH, mcp, MDSYS, me, merlin, mfd, MFG, MGR, MGR.SYS, MICRO, MILLER, mirc, mlusr, mMmM,
MMO2, MODTEST, monitor, MOREAU, mountfs, mountfsys, mountsys, MPE, mtch, mtcl, MTYSYS, my_DEMARC, mypass, mypc
< d>
< r>

N< d>

n/a, naadmin, NAMES, ncrm, NETBASE, NETCON, NETFRAME, NetICs, netlink, netman, NETMGR, NETNONPRIV, NETOP, netopia, NETPRIV,
netrangr, netscreen, NETSERVER, NETWORK, NEWINGRES, NEWS, news, NeXT, NF, NFI, NICONEX, nms, nmspw, nobody, noway, NONPRIV, ntacdmax, nuucp
< d>
< r>

O< d>
OCITEST, oem_temp,op, OP.OPERATOR, operator, OPERATOR, OPERVAX, oracle, ORDPLUGINS, ORDSYS, OUTLN, OutOfBox, owner< d>
< r>

P< d>

PAPER, pass, PASS, Pass, passwd, Passwd, PASSWORD, password, Password, pat, patrick, PBX, pc, PCUSER, PDP11, PDP8, PFCUser, PHANTOM, phoenix, piranha,
pmd, PO, PO8, poll, Polrty, POST, Posterie, postmast, POSTMASTER, postmaster, POWERCARTUSER, powerdown, PRIMARY,
prime, primenet, primeos, primos, primos_cs, PRINT, PRINTER, PRIV, private, prost, PSEAdmin, public, PUBSUB, pw, pwd, pwp
< d>
< r>

Q< d>
q, Q54arwms, QDI, qpgmr, qsecofr, qserv, qsrvbas, qsvr, qsysopr, quser, qwer< d>
< r>

R< d>

raidzone, rcust, rcustpw, RE, read, readonly, readwrite, REGO, REMOTE, replicator, REPORT, RJE, rje, RM, RMAIL,
rmnetlm, RMUser1, ro, ROBELLE, ROOT, root, Root, ROOT500, ROUTER, router, RSBCMON, RSX, rw, rwa, rwmaint
< d>
< r>

S< d>

sa, SABRE, SAMPLE, san fran 8, SAP*, satan, SCOTT, script, scriptkiddie, SECDEMO, secoff, secofr, secret, secure, security, SECURITY, SER, sertafu,
server, service, SERVICE, servlet, SETUP, setup, sex, shutdown, signa, SKY_FOX, sldkj754, smile, snake, SnuFG5, software, sp99dd, Spacve, spcl, speedxess, SPOOLMAN, spooml,
star, STEEL, STUDENT, su, Super, super, SUPERVISOR, support, SUPPORT, supportpw, switch, SWITCHES_SW, Sxyz, SY_MB, sybase, sync, synnet, SYS, sys,
sysadm, SYSADM, sysadmin, sysbin, SYSDBA, SYSLIB, syslib, SYSMAINT, SYSMAN, Sysop, system, SYSTEM, system_admin, SYSTEST, SYSTEST_CLIG, syxz, SZYX
< d>
< r>

T< d>

t0ch20x, t0ch88, TCH, teacher, tech, technolgi, tele, TELEDEMO, TELESUP, temp, temp1, TEST, test, testing, teX1, tiara, TIGER, tini, Tiny, tlah,
topicalt, topicnorm, topicres, Toshiba, toshy99, tour, TRACE, TRACESRV, trancell, trouble, TSDEV, TSEUG, TSUSER, TTPTHA, tutor, TzqF
< d>
< r>

U< d>

uClinux, UETP, umountfs, umountfsys, umountsys, unix, User, user, USER, USER_TEMPLATE,
USER0, USER1, USER2, USER3, USER4, USER5, USER6, USER7, USER8, USER9, USERP, uucp, uucpadm, uwontguessme
< d>
< r>

V< d>
VAX, VESOFT, Vextrex, VMS, VNC, VRR1< d>
< r>

W< d>
WANGTEK, web, WebAdmin, WebBoard, webdb, weblogic, webmaster, win, WINDOWS_PASSTHRU, WINSABRE, winterm, wodj, WOOD, WORD, WP, wradmin, write, www< d>
< r>

X< d>
xljlbj, XLSERVER, xo11nE, xp, xxx, xxxx, xxxxx, xxxxxx, xxxxxxx, xxxxxxxx, xxxxxxxxx, xyzall< d>
< r>

Y< d>
YES, youwontguessme, yxcv< d>
< r>

Z< d>
zbaaaca, Zenith, zeosx, zxcv< d>
< r>

Numeric< d>

0, 1, 1.1, 2, 5, 7, 12, 30, 110, 111, 123, 1111, 1234, 2002, 2003, 2222, 2600, 8429, 12345, 54321, 111111, 121212, 123123, 123456, 166816, 256256, 654321, 1234567, 1322222, 7061992, 11111111,
12345678, 19920706, 22222222, 88888888, 123456789, 1. 1, 1234qwer, 123abc, 123asd, 123qwe, 1RRWTTOOI, 240653C9467E45, 24Banc81, 3098z, 3ep5w2u, 4Dgifts, 4getme2, 4tas, 57gbzb
< d>
< r>

Other< d>
!@#$, !@#$%, !@#$%^, !@#$%^&, !@#$%^&*, !root, $ALOC$, $secure$, $system, %username%12, %username%123, %username%1234, (none), ?award, }< d>
< r>
< able>

Additional Information about

The links below contain policies, guidelines, practices, and general protection information about weak and strong passwords.

Password Policy from SANS

Password Security from Red Hat

How to create stronger passwords from Microsoft

Protecting Yourself from Password File Attacks from CERT Coordination Center

Trond
Website Tools
Internet Security
Erase Bad Credit
Target Store Online

Virus prevention and removal
april 4, 2005 03:50

A virus is a piece of code that gets loaded onto your computer without your knowledge and runs against your wishes. The first known occurrence of viruses goes back to 1987 when the ARPANET was infected by one.

One common misnomer among people is that you can infect your computer just by opening an email and reading its text. That is not possible; it is usually the files attached to the email that contain the virus. The most common file types are ".SCR" ".VBS" ", ".PIF"

Prevention is better than a cure: Here are some tips to make sure that your computer does not get infected.

* Get a good Anti-Virus software like Norman, Norton Anti-Virus, MacAfee, PC Cillin etc.
* Keep your anti virus software updated by downloading new virus definitions regularly. Most Anti-Virus software comes with the feature of updating virus definitions.
* Keep your windows operating system updated by regularly downloading new updates from the Internet. Windows O/S's have a lot of security loopholes and bugs that can be easily exploited by worms and viruses.
* Make sure the anti virus scans the file each time before its opened.
* Floppy disks and removable media are a good source of viruses; always scan them before accessing files on them.
* Never open email attachments from sources that are unknown or suspicious.
* Do not open emails that have questionable subject lines.
* When in doubt about a file, don't open it.
* Even with the best of precautions bad things can still happen. Backup all your data and important files.

Even after taking all these precautions if your computer does get infected, then here are a few things that you can do:

Online clearing tools - are a good source of trying to clean out the virus, there are many Anti-Virus websites that offer free online virus detection and removal services.

Removal tools - If you have an Anti-Virus software then you can go to the website of that software and download removal tools designed specifically for the virus. However, you must find out the name of the virus that infects your PC beforehand.

If you have a backup of all your important files, you can also consider formatting your hard disk.

Ashish Jain
M6.Net
http://www.m6.net

Trond
http://www.items4you.biz
http://security.items4you.biz
http://www.erase-bad-credit.com
http://webmaster.items4you.biz

Detect, Protect, Dis-infect
april 6, 2005 20:30

Consumers Online Face Wide Choices in Security Products

With new threats to computer security and data integrity a regular feature of the evening news, a panoply of products that promise to detect, protect, and dis-infect are being marketed to consumers. Intrusion detection systems, firewalls and anti-virus software are critical to online security, but the Federal Trade Commission, the nation’s consumer protection agency, says computer users from grade school kids to grandparents need to know exactly why they need online security products and what they’re buying.

Why the Need
Computers talk to each other over the Internet by sending data through their communications ports. If a port is open, it listens for communications from the Internet. A computer has thousands of ports: which ones are open depends on the software the computer is running. Hackers can eaven drop or scan the ports to determine which are open and vulnerable to unauthorized access.

Detection
An intrusion detection system (IDS) monitors incoming Internet traffic, much like a security camera “watches” your front door to see who might be trying to come in. When the IDS detects a suspicious pattern, it sends an alert (and creates a record) that an intruder may be trying to break in to your computer. Some IDS alerts — but not all — show a pop-up message on your screen. An IDS alone cannot prevent an unauthorized entry into your computer; only a firewall can do that.

Protection
Firewalls block hackers’ access to your computer by creating a barrier like a wall between your ports and the Internet that allows you to control the data that comes and goes through your ports. Your firewall protects your ports even if you don’t have an IDS. Sometimes a firewall is bundled with an IDS. If not, and if you want an IDS, be sure it’s compatible with your firewall.

Dis-infection
Anti-virus software detects and deletes viruses that are in your computer. Viruses often attach themselves to your computer through email attachments and floppy disks. That means a firewall can’t catch them. Similarly, an IDS won’t alert you when a virus is attacking your computer. Look for anti-virus software that recognizes current viruses, as well as older ones; that can effectively reverse the damage; and that updates automatically.

Robert Rogers is a writer in the Washington DC area and specializes in computer security.
For More Information - Visit http://spycollege.com

Trond
Firewalls, Virus Protection, Anti Spyware, go to:
http://security.items4you.biz

http://www.erase-bad-credit.com

The Trip Falls of Internet Shopping
april 9, 2005 03:10

Shopping on the internet can be very convenient but also very disarming. Shoppers should be aware that although they feel anonymous they may not be. Common sense is a very important characteristic to keep in mind when conducting online shopping. To put your mind back into focus, try to follow some of the basic checklist trip falls.

1. Watch your security. Users should always be sure that the site they are using is secure, but how do you know? A secure site should have a security certificate. Usually there is a link somewhere on the site that allows you to view the certificate.

If you cannot find the certificate or you are still unsure about the privacy of the site, Internet Explorer and Netscape Navigator have a built in feature that allows you to quickly check for site security and accuracy. In the lower right hand corner of both browsers is a padlock. When the padlock is opened the site is insecure or the certificate is out of date. When the padlock is closed the certificate is up to date and the site is recognized as secure.

2. Although, not despairing to your security, the issue of shipping is despairing to your wallet. Be aware of shipping costs, which occur 90 percent of the time. For example, on average, a CD cost between 1.80 to 2.00 to send through media mail. If you feel the shipping costs are outweighing the discounted price of the product then your best bet is to shop elsewhere or simply look locally for the product.

3. Comparison shop. You should always look locally first when shopping for expensive items. Some online merchants actually raise their prices hoping that you will not comparison shop and they will get the better price out of you.

So when shopping online, be careful. Not everyone is honest and not all the deals are the best ones. Mostly the online shopping experience is a pleasant one but once and awhile there a few trip falls to beware of.

Ken Austin
http://www.1stdiscountshopping.com http://www.1stinroses.com

Trond
http://security.items4you.biz
http://www.erase-bad-credit.com
http://www.items4you.biz

Burning Bridges is Bad, But Firewalls are Good
april 11, 2005 20:40

When you signed up for that ultra-fast DSL or Cable connection there was probably one very important piece of information that your ISP failed to mention. By accessing the Internet via a high-speed connection, you have tremendously increased your chances of being victimized by a computer hacker.

Dial-up may not have seemed like it could have held any advantages, but it actually did have one upside. It is much less prone to hacking. Every time you dialed-in your computer was assigned a new IP address. That unique IP address made you a moving target that was more difficult for hackers to hit.

With a high-speed connection you are assigned a static IP address (it never changes). So, your computer went from being a moving target to staying still with a bulls-eye pasted on the side. That, coupled with the fact that with a high-speed connection your computer is always online, are ideal conditions for a potential hacker attack. That seemingly beneficial always-on connection gives hackers a 24/7 open invitation to try and hack your system. Once inside they can access personal or financial details, compromise your computer's operating system, or unleash a virus, worm, or spyware.

Which Firewall is Right For You?

Now that you know how vital a firewall is to the protection of your PC you have to decide which firewall is right for you. Software or hardware.

A software firewall is designed to monitor your computers activity at all times. Think of it as a bodyguard who won't let anyone into your computer if he doesn't like the look of them. With a software firewall you may to have to assist in protecting your system. The firewall might alert you to certain activity and ask you if you want to grant or deny permission. It's just like the bodyguard that was mentioned before. He needs the okay before telling someone to scram. After you give either the thumbs up or the thumbs down the firewall will take the appropriate action and remember your reply so that you won't be asked in the future.

If you feel comfortable installing and configuring hardware, then you might want to consider a hardware firewall in the form of a Cable/DSL router. The hardware firewall handles everything on its own without any input from you and you also won't have to read any reports or make any decisions. The firewall handles everything on its own. Installation, however, can be tricky, so this option is definitely more suited to the advanced computer user.

My Firewall is Installed. Now I'm Safe, Right?

With your new firewall in place you are probably thinking that your computer is impenetrable, right? Well, maybe not. As important to the security of your system as a firewall is, some do have their limits. Most software firewalls won't scan your system for viruses that can harm your computer and there aren't any hardware firewalls on the market that offer virus protection. That means that you are still vulnerable to attack.

The best line of defense against viruses that can harm your system is anti-virus protection.You can either buy a seperate anti-virus program or shop around for a software firewall with anti-virus protection built-in. You may never be able to make your computer 100% hacker-proof, but the installation of a firewall coupled with anti-virus protection will greatly reduce your chances of becoming a hacker's next victim.
----------------------------------------------------------
Heather Wallace is a writer whose work has been published in national, regional, and online publications. Additionally, she has written articles as a newspaper correspondent. Visit http://www.fetchingsites.com/FreeFirewall.html to download a free firewall that is easy-to-use and will block hackers and other unknown threats.
----------------------------------------------------------

Trond
http://www.items4you.biz
http://security.items4you.biz

What is a security certificate?
april 18, 2005 14:40

I'll bet one time or another you've surfed the web and suddenly
found a pop-up window in front of you, demanding your approval
for a security certificate. I occasionally see these on shopping
sites, usually the smaller, less-well-funded companies.

The first time I saw one of these windows I had no idea what to
do. What the heck is a security certificate? And whatever it is,
why is the browser asking me about it? I mean, I had enough
questions about ActiveX controls, now I was being asked about
security certificates?

Let's look at security certificates from the perspective of
dating. Let's say you are a woman looking for a date. How do
you know you can trust a person?

Well, you can just decide for yourself or you can ask a trusted
friend about the potential date. So you call up "Sally" and ask
"can I trust Bill on a date?" Sally will tell you yes or no,
and since you trust her if she says "no" the poor guy will not
be going out with you.

That's the way a security certificate works. The certificate is
an electronic document which is highly secure (encrypted) and
stamped with an identifier. That identifier says the web site with
the certificate is whom it claims to be.

The way it works is straightforward. Let's say I want to sell
something on my web site. I might purchase a security
certificate from Verisign (or any number of other companies)
to prove to people visiting my web site that I am who I say I
am.

Before it grants the certificate, I will need to provide
Verisign with proof that I am indeed the person (or company)
that I claim to be. Verisign will ask me for documents,
notarized, such as a birth certificate (for a personal
certificate) or other documents from businesses. Several
documents must be presented in order for Verisign to grant
the certificate.

Okay, now you also have to understand that your browser
automatically comes with a number of security certificates,
including one from Verisign. Thus, when you visit my secure site
my certificate is retrieved. The browser sees that my certificate
was granted by Verisign, and checks it's own certificates and
finds Verisign. The browser then grants access to the secure web
page, since it has "proof" that I am who I say I am. This means
that a secure channel is now set up so the browser can talk to
the web site (and vice versa) without fear of someone listening
in on the conversation.

So in other words, Verisign is simply a trusted organization
which verifies that people (and companies) are who they say
they are.

Remember the purpose of security certificates is merely to
provide a means whereby you can trust entities (companies and
people) on the internet. A security certificate does not in any
way imply a web site is "good", will protect your privacy or
will deliver your products.

Let me stress that again - security certificates so not imply
anything about a web site except that it is what it says it is.
They DO NOT mean the site is trustworthy or valuable.

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets
at http://www.internet-tips.net - Visit our website any time to
read over 1,000 complete FREE articles about how to improve your
internet profits, enjoyment and knowledge.

Trond
http://www.items4you.biz/
http://www.parrotsite.com/

Why Is The Malicious Software Removal Tool Needed..?
april 22, 2005 14:34

It has been estimated that only one third of home users have an up to date anti virus product installed on their PC's.

The many home users without an up to date anti virus program installed, are helping in the spreading of today's viruses, Trojans and worms!

To help remedy this situation, in part, Microsoft have now released the FREE: Malicious Software Removal Tool ...

So What Is the Microsoft Malicious Software Removal Tool..?
-----------------------------------------------------------

January 2005 sees the debut of a FREE security tool from Microsoft. This new tool will be updated on a monthly basis to include information about recent malicious software threats...

Here is what Microsoft have to say in their own words:

Microsoft has released the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000. The Malicious Software Removal Tool supersedes all virus-cleaner tools that were previously released by Microsoft. You can download the Malicious Software Removal Tool from the Microsoft Download Center. You can also run an online version of the tool from the Malicious Software Removal Tool Web site on Microsoft.com.

To run the Malicious Software Removal Tool from either location, you must log on to your computer with an account that is a member of the Administrators group. If you are running Windows XP, you can also run the Malicious Software Removal Tool from the Windows Update Web site or by using Automatic Updates.

...In practice, on the first Tuesday in every month, if you have Automatic Updates switched ON. The new tool will download and run a scan on your computer to see if there is any malicious software running...

The software does not install itself, and runs in "quiet mode" so that you will not actually see it running! When it has finished its scan - the software then removes itself. For those of you concerned about privacy issues, you will be asked to accept an end user licence agreement (EULA) before the scan takes place.

The software also creates a log file, more information on this in the next section.

This tool is updated monthly and contains a list of known threats and any variants.

It is NOT a substitute for having an up to date anti virus product installed, BUT it will help to reduce the amount of infected PC's connected to the Internet.

Far too many folks have "infected" PC's and just are NOT aware of the problems this is causing the rest of us...

As already stated, this tool will be updated to include new malicious threats as they appear. The initial version of the Malicious Software Removal Tool - version January 2005 - includes:

Win32/Berbew - Moderate*
Win32/Doomjuice - Moderate*
Win32/Gaobot - Moderate*
Win32/MSBlast - Critical*
Win32/Mydoom - Moderate*
Win32/Nachi - Critical*
Win32/Sasser - Critical*
Win32/Zindos - Moderate*

* The severity rating refers to the virus alert severity ratings that appear on the following Microsoft Web site:

http://www.microsoft.com/security/incident/virus_severity_ratings.mspx

Only threats that are rated as "Moderate" or "Critical" are considered for inclusion in the removal tool.

Manual Download Of The Removal Tool...
--------------------------------------

If you do NOT have Automatic Updates installed you can always download the removal tool manually!

Visit this URL:

http://go.microsoft.com/fwlink/?LinkId=40587

After downloading the file can be run (it will not install any files) and can then be safely removed afterwards.

A log of the scan, called mrt.log , will be created and stored at:

C:WINDOWSDebug (Windows XP)

The contents of my log file can be seen below:

------------------------------------------------------------------

Microsoft Malicious Software Removal Tool v1.0, January 2005
Started On Tue Jan 11 10:52:24 2005

Removal Tool Results:
No infection found.

Microsoft Malicious Software Removal Tool Finished On Tue Jan 11 10:52:41 2005

-----------------------------------------------------------------

In the next section below, you can see the two screens that are shown when the tool is run manually.

(If you encounter a problem with the tool you may find an answer here: http://support.microsoft.com/?kbid=891717 )

The Online Malicious Software Removal Tool:
-------------------------------------------

There is also a free online version of the malicious software removal tool - visit this link:

http://www.microsoft.com/security/malwareremove/default.mspx

Other Related Info:
-------------------

Supported Operating Systems: (for ALL version of this tool.)

Windows 2000
Windows Server 2003
Windows XP Home and Pro

As well as using this tool I strongly recommend that users follow these four simple steps:

One, use an Internet firewall on all PCs
Two, regularly install the latest security updates on all PCs
Three, use up-to-date anti-virus software
Four, use an anti-spyware solution

More information on Windows XP related topics can be found at:
www.updatexp.com

Marc Liron is Microsoft MVP and runs a popular Windows XP website www.updatexp.com

Trond
http://www.parrotsite.com/
http://www.items4you.biz
http://security.items4you.biz