T H E B E S T S E C U R I T Y - R E L A T E D S I T E
VISIT WWW.SOFTWARE-PC1.NAROD.RU
| Date |
Hardware & Software Department Updates |
| 21st, August | Great software updates ! Don't miss ! |
| 5th, August | Hardware updates (finally...) ! |
| 2nd, August | Software update. |
| 28th, July | Software updated !!! |
| 25th, July | Important Software updates ! (I do hope you noticed changes in the home page) |
| 22nd, July | New page started with software news... Look for the previous news in the archive (see the bottom of the page) ! |
Although the official release of AMD Athlon 64 processors has already been planned on the 23rd of September (read the previous news...for more) there are still rumors about it.
This time German hardware source reported that together with Athlon64 AMD are to release Athlon 64 FX as well. According to them, FX will be planned as a low-end solution as it will not support the dual-channel DDR SDRAM while the usual Athlon64 will do. Nevertheless another thought has been expressed in the Internet: Athlon64 FX will become a kind of AMD Opteron but with 512 Kb of L2 cache. That's because AMD will need to evaluate 2 sizes of L2 caches - 512 Kb and 1 MB. But because the name of Opteron for the 512 Kb would sound banal Athlon64 will be a kind of AMD Thorton that has also been mentioned in rumors nearly a month ago as a new processor AMD were also going to launch.
We shall see... :-)
Today
AMD Company officially announced the release of their processor destined for use
in mono- or dual-processor servers and workstations - AMD Opteron 246.
AMD Opteron Model 246, as well as its predecessors, is manufactured at Fab30 in Dresden with the 0,13μ technology process compliance. The chip holds 128Kb of L1 cache and 1 MB of L2 cache. The CPU clock is 2 GHz (2000 MHz).
The new AMD Opteron 246 will be supplied at the price
of $794 in wholesale consignments of 1000 samples. These processors will be used
for IBM eServer 325 server systems.
AMD has finally officially confirmed the release date of the most prospective processor of this year - Athlon64 that will use the so far unsettled in this market x86-64 architecture that will allow to work with 64-bit applications and operating system (I think there's no need of describing the architecture because: 1) it has already been described a year ago in my articles; 2) you can always read about it at www.amd.com; 3) you might have already read about it if you are at least a little bit interested in the new processor).
So AMD Athlon64 processor is going to be officially released on the 23rd of September, 2003 in San Francisco. No additional information has been provided except that both, desktop and mobile versions will be presented.
Testing of AMD Athlon XP 3200+ and its market competitors - HERE !!!
Testing of NVIDIA GeForce FX 5900 Ultra (NV35) and its market competitors - HERE !!!
Testing of AMD Athlon XP 3000+ (Barton) and P4 3,06 GHz - HERE !!!
Testing of 10 Main boards on the chipset VIA KT400 - HERE !!!
Testing of 5 Low-End processors on different hardware systems - HERE !!!
Testing of Athlon XP 2200+ Thoroughbred and Intel Pentium 4 - HERE !!!
LogiTech MX700 Cordless Optical Mouse (13.02.2003) - HERE !!!
I've decided to unite all the news appearing about recent viruses into this article...(Thanx to Kaspersky Labs)
1) I-Worm.Sobig.f
Although I-Worm.Sobig itself appeared in the world of viruses only relatively recently (several months ago) it already has 6 modifications of itself. The last one - "f" - is what I'm going to describe. Sobig.f spreads via the Internet in the attachments to messages. It activates as soon as you open the attachment. Sobig.f has broken all the records set by previous mail viruses and nearly reached the level of computers infected by almost "legendary" I-Worm.Klez (still in the top 20 of the most "influential" viruses although it first appeared as long ago as in October 2001). On the 7th of August the level of infection by this virus reached 92% !
During installation the worm copies itself into the Windows directory under the name winppr32.exe and registers itself in the system registry autorun keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run TrayX = %WindowsDir%\winppr32.exe/sinc HKLM\Software\Microsoft\Windows\CurrentVersion\Run TrayX = %WindowsDir%\winppr32.exe/sincTo get victim emails the worm looks for .TXT, .EML, .HTML, .HTM, .DBX, WAB, MHT and HLP files in all directories on all available local drives, scans for e-mail like text strings and sends infected e-mails to these addresses. To send infected messages the worm uses the SMTP engine specified in the system properties.
The worm scans all accessible network resources (other computers in a network) and copies itself to the auto-start directories (if there are such subdirectories) of each resource (computer) found.
The worm sends UDP packets at random IP addresses to port 8998 and awaits commands from the 'master' machine. The commands contain URLs from which Sobig.f downloads and executes files. Thus, the worm is able to upgrade itself and/or install other applications (Trojans for instance).
2) Worm.Win32.Lovesan
This is currently the most dangerous network worm. It exploits so "famous" now DCROM RPC hole in Microsoft Windows described in the MS Security Bulletin MS03-026 (I was writing about this update...you will soon know why it's so important). The vulnerability exploited by this worm has previously been found and fixed by Microsoft as they provided a patch I was writing about. The update filters the port TCP 135 thus protecting you from this virus. If the virus is already in the computer, it's too late...
Symptoms of Infection: MSBLAST.Exe in the Windows system32 folder and Error message: RPC service failure. This causes the system to reboot.
Lovesan registers itself in the autorun key when the system reboots and launches itself every time the computer reboots in the future:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run windows auto update="msblast.exe"The worm then scans IP addresses, attempting to connect to 20 random IP addresses and infect any vulnerable machines. Lovesan sleeps for 1.8 seconds and scans the next 20 IP addresses.
Lovesan scans IP addresses following one of the patterns below:
- In 3 out of 5 cases Lovesan selects random base IP addresses (A.B.C.D) where D is equal to 0, while A, B and C are random numbers between 0 and 255.
- In the remaining 2 out of 5 cases Lovesan scans the subnet and gets the local IP address of the infected machine, extracts values A and B from it and sets D to 0. Then the worm extracts the C value. If C is less than or equal to 20, then Lovesan does not modify C. Thus, if the local IP address is 207.46.14.1 the worm will scan IP addresses starting from 207.46.14.0 If C is greater than 20, than Lovesan selects a random value between C and C-19. Thus, if the IP address of the infected machine is 207.46.134.191 the worm will scan IP addresses 207.46.{115-134}.0
The worm sends a buffer-overrun request to vulnerable machines via TCP port 135. The newly infected machine then initiates the command shell on TCP port 4444.
Lovesan runs the thread that opens the connection on port 4444 and waits for FTP 'get' request from the victim machine. The worm then forces the victim machine to sends the 'FTP get' request. Thus the victim machine downloads the worm from the infected machine and runs it. The victim machine is now also infected.
As of August 16, 2003 Lovesan will launch DDoS attacks on the Windowsupdate.com server with the objective of flooding the server so that it becomes unavailable.
This time the Internet was saved by the 1,8 second delay used by the virus between attempts of infecting machines. The delay of 1.8 second is programmed in the virus and that is what makes it less dangerous the the worldwide-known and the most dangerous ever network virus - Helkern aka Slammer which simply caused the de-segmentation and slowing down of the net by nearly 25% in January this year (Slammer didn't have the delay !):
20.40.50.0
20.40.50.1
20.40.50.2
...
20.40.50.19
----------- 1.8 second pause
20.40.50.20
...
20.40.50.39
----------- 1.8 second pause
...
...
20.40.51.0
20.40.51.1
...
20.41.0.0
20.41.0.13) Worm.Win32.Welchia
This is an anti-virus virus ! It's amazing, that Welchia fully removes Lovesan but installs itself and and starts using two holes (first - the same as Lovesan uses; second - WebDav in Microsoft IIS 5.0; it's described in Microsoft Security Bulletin MS03-007).
During installation the worm first copies itself to %System%\Wins\ folder under the dllhost.exe name and creates the service named WINS Client. Then the worm copies the tftpd.exe file from the %System%\dllcache folder naming it svchost.exe and creating an additional service - Network Connections Sharing.
As a result, Welchia will obtain control over the machine and execute itself every time the computer is re-booted.
The worm creates two different requests for sending to remote computers. The first request exploits the WebDAV vulnerability, the second request exploits the DCOM RPC vulnerability almost like Lovesan.
The worm finds an IP address, sends an ICMP request to it and waits for a response. If the remote machine responds, then the worm connects to it via port 135 (like Lovesan) or port 80 (if the machine uses IIS) and sends a ready-made package which loads Welchia from the host machine (via tftp).
The worm then scans the infected machine for the TFTPD.EXE file. If the TFTPD.EXE file does not exists, Welchia will download it (naming it svchost.exe) into the folder %System%\Wins\.
Once the current year becomes 2004, Welchia ceases to function and deletes itself from the system.
4) How to protect yourself !
The answer is simple: update your antivirus or install one if you haven't got any. My choice has always been (and I think always will be) Kaspersky AntiVirus Personal Pro (you can read all about it in the PC Helper Laboratory here).
But in case of Lovesan or Welchia infection, something has to be done emergently ! That's why Kaspersky Labs has updated their free utility (known as clrav) adding the ability to clean Lovesan as well. You can download it straight from my site:
clrav utility v10.0.5.2 (208 Kb)
To scan all your drives, run the utility with the key (without quotes) " /s[n]" ([n] extension also performs a check of mapped network drives).
A number of security issues have been identified in Microsoft Internet Explorer that could allow an attacker to compromise your Microsoft Windows-based systems and then take a variety of actions. For example, an attacker could run programs on a computer used to view the attacker's Web site. This vulnerability affects computers that have Microsoft Internet Explorer installed. (You do not have to be using Internet Explorer as your Web browser to be affected by this issue.)
Internet Explorer 6 Service Pack 1 August 2003 Cumulative Update 822925 (2,1
MB, English, All Windows 98/ME/2000/XP)
Internet Explorer 6 Service Pack 1 August 2003 Cumulative Update 822925 (2,1
MB, Russian, All Windows 98/ME/2000/XP)
Macromedia Flash Player v7.0.0.249 Beta (13.08.2003)
The new beta version of the popular free Flash Player provided by the Macromedia Inc. has recently been released, thus reaching the version 7 !
Macromedia Flash Player is an ActiveX control destined to enable the viewing of vector graphics and motion created and programmed using the Macromedia Flash technology. Flash is the most popular kind of animated vector graphics in the Internet.
Range of major improvements was applied. This includes the higher viewing quality and much more.
Macromedia Flash Player v7.0.0.249 Beta (647 Kb, Internet Explorer and AOL
Browsers)
Macromedia Flash Player v7.0.0.249 Beta (640 Kb, Netscape, Mozilla and Opera
Browsers)
MagicTweak v2.60 (07.08.2003)
MagicTweak is a special program designed to optimize and personalize Microsoft Windows. It provides one-stop, instant access to a variety of Windows settings that can be altered for a friendlier Windows environment. This unique software makes it easy to tweak hundreds of hidden settings in Windows operating systems.
Some new options of tweaking the Windows Control Panel were added in the new version.
MagicTweak v2.60 (1 MB, Shareware, Windows 98/Me/2000/XP)
If you want to localize MagicTweak, visit the Language Files Page.
The software solution is still the same. www.software-pc1.narod.ru .
ReGet Deluxe v3.3 build 186 (02.08.2003)
The new version of ReGet Deluxe has been released by the ReGet Software.
ReGet Deluxe is a powerful download manager (the best, I reckon) - utility destined to make it more comfortable for you to download files from the Internet on your computer by using advanced methods and technologies for optimizing the speed and other options of downloading.
Some macros and date problems were fixed and optimized.
ReGet
Deluxe v3.3 build 186 (1,5 MB, Shareware, Windows 98/Me/2000/XP)
The software solution is new. www.software-pc1.narod.ru.
Reg Organizer v1.4 Final (28.07.2003)
The final version 1.4 of Reg Organizer has recently been released by Chemtable Software.
Reg Organizer is a system registry tweaker that offers a variety of tools required for effective System Registry and configuration files management. This software lets you view, edit and clean the Registry and preview the registry files you want to import (including the ability to preview files directly from Windows Explorer).
The new version of Reg Organizer has a huge amount of changes - improvements and bug fixes:
This and future versions of Reg Organizer support plugins.
The new
"Advanced Cleanup" feature. It allows to find and fix broken
Windows shortcuts.
The new "Unregister
the Registry File..." command added to the "File" menu.
With it you can easily remove the contents of any previously imported
REG-file from the Registry.
Some
improvements in the Search and Replace mode. You can now easily edit
the list of search results and remove any of the found items from the
Registry.
The 10 new
settings (tweaks) were added to the Shell Settings window.
Ability to
temporary disable any autostarted application by pressing the
"Disable" button that added to the toolbar of "StartUp Processes" tab.
Registry
Cleanup Mode of the program now supports age system.
The
password.log file added to the Ignore List of Advance Cleanup by
default. This file caused problems on some systems.
The results
table in the automatic registry cleanup now allows
selection of the multiple items by using the standard combination of
the Shift and Control keys.
Some fixes in
the Files Cleanup.
Fixed "Access
Violation..." on some systems under Windows 9x when using
the "Software" tab of the Registry Cleanup Mode.
The new
"Ignore List" tad added to the Advanced Cleanup window.
Ability to
remove multiple matches found using the Search & Replace Mode
from the Registry.
More safely
automatic registry cleanup.
Some bugfixes
in the "Software" tab of the Registry Cleanup Mode.
The progress
bar now used to show how much of the Registry update is
completed in the repair references window.
The new
"Default" button in the Ignore List window. It allows to set the
Ignore List back to its original state.
Ability to
find and delete useless zero-length files added to the File
Cleanup.
The new design
of the splash window.
Bugs in the
Search and Replace mode fixed:
Something when trying
to replace the error message "Unable to change
the
registry data" appeared.
Reg Organizer does
not properly replace registry data values located
in the
root keys of the Registry (HKEY_CURRENT_USER,
HKEY_LOCAL_MACHINE etc.)
Ability to
find and delete useless temporary files added to the File
Cleanup.
Ability to add
(or remove) several entries at once to (from) Ignore List.
The Windows
version in the About Box does not displayed correctly.
Some Ignore
List improvements.
Ability to
remove to Recycle Bin broken files found using the Advanced
Cleanup feature.
Bugs fixed:
System reboot on some
systems during the automatic registry cleanup
in the
HKEY_LOCAL_MACHINE key under Windows 2000/XP.
Error message when
more then trying to load more then one copy of
Reg
Organizer.
"Create Backups"
setting was always on, there was no ability to
turn this
setting off.
Reg Organizer
no longer uses the "cfgcheck.ini" file located in the Windows'
folder to store some of its settings. You may safely delete this needless
file.
Other changes
and fixes.
Reg Organizer v1.4 Final
(1,3 MB, Shareware, Windows 98/Me/2000/XP)
Russian localization
(275 Kb)
The software solution is the
same. Visit www.software-pc1.narod.ru.
All the firmware and drivers of the past week ! (28.07.2003)
I decided to launch a new service: once a week you will be reported about all the drivers and firmware updates.
This week (21.07.2003-28.07.2003) Firmware:
Fujitsu Mobile HDD
Firmware v.A01 (Dell)
CoolPix E700
Firmware v.1.1
CoolPix E800
Firmware v.1.1
CoolPix E950
Firmware v.1.3
SM-352B/EXT
Firmware v.T806
SM-348B/COM
Firmware v.T507
This week (21.07.2003-28.07.2003) drivers:
Integrated
Driver v.2.05
Windows 9x/ME
Driver v.44.69A
Windows 2000/XP
Driver v.44.71A
Windows XP/2000 Omega
Driver v.2.4.74
Windows 9x/Me Omega
Driver v.2.6.16
Windows 9x/ME
Driver Pack v.9113 (non
official)
Windows 2000/XP
Driver Pack v.6368 (non
official)
Windows XP 802.11
Driver v.1.0 (non
official/Compaq)
Windows XP 802.11
Interface v.1.0 (Compaq)
Windows 9x/ME
RocketRAID 1520
Driver v.2.35s
Windows 2000/XP RocketRAID 1520
Driver v.2.35s
Windows NT RocketRAID 1520
Driver v.2.35s
Windows
98/ME/NT/2000/XP Pro/100, Pro/1000 Gigabit
Driver v.8.1.4 (non
official/IBM)
DirectX 9.0b
Redistributable (31,8 MB, Multilanguage)
DirectX 9.0b
Web Setup (292 Kb)
Windows 2000/XP
Detonator v.45.20 (Beta)
Windows 2000/XP
Detonator v.44.71 (WHQL)
Windows 2000/XP
Detonator v.45.00 (non
official/Dell)
Microsoft DirectX is a group of technologies designed to make Windows-based computers an ideal platform for running and displaying applications rich in multimedia elements such as full-color graphics, video, 3D animation, and rich audio. DirectX 9.0 includes security and performance updates, along with many new features across all technologies, which can be accessed by applications using the DirectX 9.0 APIs.
After several sources reported the beta-release of DirectX 9.0b "pinched" from Microsoft which I decided to dismiss, Microsoft has officially released DirectX 9.0b !
DirectX 9.0b is an updated version of the DirectX 9.0 runtime which includes bug fixes and improves performance in the graphics and networking components.
NOTE: Microsoft has recently released an update for Microsoft DirectX 9.0a on all Windows OSs - Unchecked Buffer in DirectX Could Enable System Compromise (819696) described in the Microsoft Security Bulletin MS03-030. This update is already included in the new DirectX 9.0b so DON'T spend extra time downloading it (948 Kb).
Microsoft DirectX 9.0b Redistributable (31 MB, Windows 98/Me/2000/XP)
The new version of BadCopy Pro has been recently released by the JufSoft.
BadCopy Pro is a leading data recovery tool for floppy disk, CD-ROM, CD-R/W, Digital Media, ZIP Disk and other storage media. It can effectively recover and rescue corrupted or lost data from damaged, unreadable or defective disks. Various damage situations and all file types are supported.
BadCopy Pro v3.71 (845 Kb, Shareware, Windows 98/Me/2000/XP)
The software solution is new ! Visit www.software-pc1.narod.ru .
K-Lite Codec Pack is a package of all the required encoders/decoders that may be needed for playing DivX and XviD format files. The following codecs were included in the new version of the package (full kit contents displayed below):
BSplayer
v.0.86.500
DivX Pro Decoding v.5.0.5
DivX Pro Encoding v.5.0.5
DivX ;) MPEG-4 Low and Fast motion
v.4.1.0.3927
XviD Decoding Koepi's Build 04/10/2002
XviD Decoding Koepi's Build 24/06/2003
XviD Encoding Koepi's Build 24/06/2003
3ivX v.4.0.4
Microsoft MPEG-4 (modified) v.4.1.0.3927 /
8.0.0.4487
Windows Media v.7.1.0.3055
Windows Media v.8.0.0.371
Windows Media v.9.0.1.369
Cyberlink DVD Decoder v.5.0.0.602
Ligos MPEG-2 Decoder v.4.0.77
Elecard MPEG-2 Decoder v.2.0.0.2525
huffyuv v.2.1.1
Ligos Indeo XP v.5.2
Intel Indeo v.3.2
Intel I.263 v.2.55.1.16 ( NT)
WMA Audio v.8.0.0.4487
AC3 Audio v.0.69b
Fraunhofer IIS MPEG Layer-3 DirectShow
Decoder v.1.9.0.311
Fraunhofer IIS MPEG Layer-3 ACM Codec
v.1.2.0.63
Ogg Vorbis Audio DirectShow Filter
v.0.9.9.5
Ogg Vorbis ACM v.0.0.3.1
TFM Audio Filter v.1.0b8
Morgan Multimedia Stream Switcher v.0.9.7
DirectVobSub v.2.23
DivX Anti-Freeze v.0.4
FourCC Code Changer
GSpot Codec Information Appliance v.2.21
build 030711
K-Lite
Codec Pack v.2.04 Final (Basic Kit, 2.7 MB, Freeware, Windows 9x/Me/2000/XP)
K-Lite
Codec Pack v.2.04 Final (Full Kit, 8.2 MB, Freeware, Windows 9x/Me/2000/XP)
Need For Speed IV: Hot Pursuit 2 Trailer (3,89 MB) - HERE !!!
3D FISH v2.10 Screensaver (The best graphics I've ever seen) - HERE !!!
Sea Dogs I (The best 3D pirate adventuring game !!!) - HERE !!!
Reviewed in the Laboratory last time:
ReGet Deluxe v3.3
build 182 Final (15.06.2003)
Missed something important ??? Get missed news here :
...<< -- 18th, July, 2003 ... HERE ! ! !
If you missed some earlier news, get to the full News Archive !!!
Editorials
You can place banners of my site on your own site !!! Get one below:
You can use up to 50% of materials placed on my site but only showing the source! Any mirroring of materials is prohibited !!! All these rules are followed by the LAW !!!
Best Regards, Majestic and PC Helper Company
All Copyrights protected. 2002-2003.
