CGM Systems, Inc

Technology Consulting since 1988

Note: All information here (and on the rest of the site) is provided as-is and without warranty. You will need to decide if the information applies to you and what action, if any, you should take

Beware of Xupiter

1/29/03

Xupiter is a toolbar that can download itself when you visit webages. Often the user is not aware that this is happening. The program is difficult to uninstall. There are numerous stability and security issues.  There is more information about this application at http://www.doxdesk.com/parasite/Xupiter.html . Ad Aware from Lavasoft, with the latest signature file, can kill the app.

If you want to see firsthand how Xupiter is affecting people, check out the Usenet threads at google about Xupiter (sorted by date)

You should also check your browser security settings to prevent the automatic download of active X controls.

• Open your browser
• Choose Tools, Internet Options
• Choose the Security tab
• Choose custom level and make sure that
  • Download Signed Active X controls is at least at prompt
  • Download Unsigned Active X controls is at disable
  • Initialize and script ActiveX controls not marked as safe is set to disable

  Use caution when web pages want to download something when you visit them.

  •  

More problems with file swapping applications  (Beware the worms)

Dec 18, 2002

There was another article at http://www.wired.com/news/technology/0,1282,56924,00.html about worms spread through file swapping programs. If you use any of these applications, you need to make sure that you pay extremely close attention to the security of your system. In addition, you need to make sure that you are backing up your data on a regular basis.

Domain Registration Warning

I  received a call from a" domain support group".  They wanted my fax number because the are ‘ a transfer notification agent’.  The red flags went right up: 

1. The person could not tell me who my domain was registered with
2. They could not explain why they were calling instead of emailing (their server was down--- Think about that – They do business with domain names and their server is down?? Yeah, and my dog ate my homework)

 I did some searching and this appears to be a scam or at least a questionable practice. . (duh!). Apparently, they are trying to get you to transfer your domain to them. Once you do, you have pretty much lost control of it. Things you can do to protect yourself and your domain names: 

1. You should NEVER release information to anyone about your domain name unless you are 100% sure of the circumstances. If in doubt, email support at your registrar.
2. beware of forged emails engineered to look like they came from your registrar.
3. Make sure that you are keeping track of
   1. When your domain expires – renew your registration well ahead of the expiration.
   2. That the company you registered through is in operation
4. Most domain control panels allow you to ‘lock’ your domain against fraudulent transfer. You should do that.
5. consider trademarking your domain name. (About $40 state/maybe more Federal)

The scary part is that what they are doing may not be illegal.  

Virus Alert
W32Klez
Nov 17,2002

We encountered a client's workstation this weekend that was infected with  the W32.Klez virus. This virus is particularly troublesome in that:

• It can mail confidential information from your hard drives
• As it spreads through your computer, it will destroy software requiring
  re-installation
• It can spread over a network
• It will mail itself to email addresses that it finds in various places on
  your computer.
• It will kill antivirus programs that are running if you are not careful.
• It will prevent you from loading an antivirus program on your computer

The reason we are putting out this email is because of the way this variant was transmitted. The client opened an email from a known source with a  subject that was business related. Once he opened the attached file, the virus quickly spread  throughout his computer.  The virus searches computers or email addresses and subject lines that the owner uses. When it transmits to people in the owner's address book, it does so with subject lines that the owner would normally use.

The problem is that all of us often have a need to open attachments from others as part of our business. This particular virus pretended to be business, not porn or a greeting card.

Prevention

There are a few simple steps that you can take that will prevent virus problems:

• Make sure that you are running a current up to date version of an antivirus program. We can't stress "up to date" enough. Many clients do not update their antivirus which renders it almost useless. Usually, there are about 1 to 3 updates per week. We recommend Norton Antivirus
• Make sure that you are backing up critical data. In this case, we were able  to kill the virus and save the data on that machine. There is a good chance that all data can be lost
• Be careful when you are opening your email attachments. Make sure that your antivirus program is installed, updated and is enabled. We often see computers where the antivirus was disabled and never re-enabled
• If your antivirus warns you about an attachment, read the message from the antivirus program carefully and make sure you delete the virus, then delete the message
• make sure that your email programs and Internet explorer have the latest security patches.
• You should be running a full system virus scan at least once a week
• Be alert to any 'weird behavior' from your computer.

If you are infected

• The longer you use your computer, the more damage it does
• When you use your computer, you risk transmitting sensitive data
• If you had passwords on your computer, consider changing them as the virus
• may have compromised them.

Copyright © 2002, 2003, 2004
 CGM Systems, Inc.