T H E B E S T S E C U R I T Y - R E L A T E D S I T E
VISIT WWW.SOFTWARE-PC1.NAROD.RU
| Date |
Hardware & Software Department Updates |
|
2nd, October |
I have finally completed the full review + testing of the AMD Athlon64 processors !!! You're welcome here. PLUS - the new design of the site will be created soon. So the site will load faster !!! ENJOY ! |
|
11th, September |
I haven't been updating the news department because I've been busy in the Hardware Lab. I'm still preparing two more huge articles (and of enormous interest :-))) for the HARDWARE LAB dep. so please be patient ! Software news have been updated. Not much is really happening in the Hi-Tech world...Everyone is awaiting the official release of AMD Athlon64 on the 22-23 of September. But I got a chance to test this processor...You will soon be acquainted with its results. |
|
26th, August |
Rich Hardware and Software updates ! My article about viruses also was updated. So you'd better check it ! Enjoy :-) |
|
25th, August |
New page started ! Software news added ! Look for the previous in archive ! Latest Hardware and Software news were left ! |
In addition to yesterday's Intel Celeron price-cutting,
AMD Company has published their new cut prices for Athlon XP 2100+, 2200+,
2300+, 2400+, 2500+ and 2600+ processors. The biggest price-cutting is on Athlon
XP 2600+ which is 10 %. The full information can be obtained from the table
below (prices are given for wholesale consignments from 1000 copies):
| Athlon XP | Old Price | New Price | Decrease in Price, % |
|---|---|---|---|
| 2600+ | $103 | $93 | 10% |
| 2500+ | $89 | $87 | 2% |
| 2400+ | $84 | $81 | 3% |
| 2200+ | $74 | $71 | 3% |
| 2100+ | $74 | $69 | 7% |
By the way, I've received a couple of e-mails from the visitors regarding the current marketing situation concerning new processors that are to be launched by AMD (Athlon64 and Opteron64). In case you didn't know...
The following logos were provided by AMD to present their new processors in the Internet and other areas of advertising or mentioning:
Although the official release of AMD Athlon 64 processors has already been planned on the 23rd of September (read the previous news...for more) there are still rumors about it.
This time German hardware source reported that together with Athlon64 AMD are to release Athlon 64 FX as well. According to them, FX will be planned as a low-end solution as it will not support the dual-channel DDR SDRAM while the usual Athlon64 will do. Nevertheless another thought has been expressed in the Internet: Athlon64 FX will become a kind of AMD Opteron but with 512 Kb of L2 cache. That's because AMD will need to evaluate 2 sizes of L2 caches - 512 Kb and 1 MB. But because the name of Opteron for the 512 Kb would sound banal Athlon64 will be a kind of AMD Thorton that has also been mentioned in rumors nearly a month ago as a new processor AMD were also going to launch.
We shall see... :-)
As you may have noticed the previous article on Macromedia future plans has been removed as it's no longer up-to-date ! So we will start in the same order....
1) Macromedia Flash Player v7.0.14.0 Final release
Macromedia Flash Player is a free ActiveX control destined to enable the viewing of vector graphics and motion created and programmed using the Macromedia Flash technology. Flash is the most popular kind of animated vector graphics in the Internet.
After passing the beta testing stage the new generation of macromedia flash player - version 7 is now available officially to download.
Macromedia Flash Player v7.0.14.0 Web Setup (Full Setup is 466 Kb)
2) Macromedia Studio MX 2004, Flash MX 2004 and Flash MX 2004 Pro, Fireworks MX 2004 and Dreamweaver MX 2004
The products I've been recently writing about have now been released !!!
Enjoy the new Macromedia Flash MX 2004 and Flash MX 2004 Professional (read about their features and distinctions here). Macromedia Flash is destined for creating static and motioned vector graphics, in my opinion, the best tool for creating web graphics and design. Flash format offers probably the best ever compression for web graphics by actually mathematically processing it and saving only coordinates of the beginning and doing the transformation automatically !
Other new versions were also announced. They are Fireworks MX 2004 and Dreamweaver MX 2004.
Fireworks MX 2004 product is destined to simplify the creation of vector graphics as it includes powerful additional tools for creating it. You can read more about it as well as its new features here.
Dreamweaver MX 2004 is an analogue of Microsoft FrontPage. But unlike the FrontPage, Macromedia Dreamweaver MX 2004 offers more advanced and powerful tools for creating websites. It is quite professional and is often used when sites have to be designed with particular elements (for example, cascading style sheets etc.) or for its unique options. Thus before using it, it's recommended that you explore fully its features and ability here.
Studio MX 2004 is a set of the products mentioned above. It's developed by Macromedia as a full set of software required for web-design and/or just creation of vector graphics.
Macromedia Flash MX 2004 Standard and Professional (72 MB, Shareware, Windows
98/Me/2000/XP)
Macromedia Fireworks MX 2004 (25.95 MB, Shareware, Windows 98/Me/2000/XP)
Macromedia Dreamweaver MX 2004 (62 MB, Shareware, Windows 98/Me/2000/XP)
The software solutions for all of these products will appear as soon as possible ! www.software-pc1.narod.ru .
This article has been updated due to viruses' and programs' mentioned updates. I've decided to unite all the news appearing about recent viruses into this article...(Thanx to Kaspersky Labs)
1) I-Worm.Sobig.f
Although I-Worm.Sobig itself appeared in the world of viruses only relatively recently (several months ago) it already has 6 modifications of itself. The last one - "f" - is what I'm going to describe. Sobig.f spreads via the Internet in the attachments to messages. It activates as soon as you open the attachment. Sobig.f has broken all the records set by previous mail viruses and nearly reached the level of computers infected by almost "legendary" I-Worm.Klez (still in the top 20 of the most "influential" viruses although it first appeared as long ago as in October 2001). On the 7th of August the level of infection by this virus reached 92% !
During installation the worm copies itself into the Windows directory under the name winppr32.exe and registers itself in the system registry autorun keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run TrayX = %WindowsDir%\winppr32.exe/sinc HKLM\Software\Microsoft\Windows\CurrentVersion\Run TrayX = %WindowsDir%\winppr32.exe/sincTo get victim emails the worm looks for .TXT, .EML, .HTML, .HTM, .DBX, WAB, MHT and HLP files in all directories on all available local drives, scans for e-mail like text strings and sends infected e-mails to these addresses. To send infected messages the worm uses the SMTP engine specified in the system properties.
The worm scans all accessible network resources (other computers in a network) and copies itself to the auto-start directories (if there are such subdirectories) of each resource (computer) found.
The worm sends UDP packets at random IP addresses to port 8998 and awaits commands from the 'master' machine. The commands contain URLs from which Sobig.f downloads and executes files. Thus, the worm is able to upgrade itself and/or install other applications (Trojans for instance).
2) Worm.Win32.Lovesan (aka W32.Blaster with modifications 'A', 'B', 'C')
This is currently the most dangerous network worm. It exploits so "famous" now DCROM RPC hole in Microsoft Windows described in the MS Security Bulletin MS03-026 (I was writing about this update...you will soon know why it's so important). The vulnerability exploited by this worm has previously been found and fixed by Microsoft as they provided a patch I was writing about. The update filters the port TCP 135 thus protecting you from this virus. If the virus is already in the computer, it's too late...
Symptoms of Infection: MSBLAST.Exe in the Windows system32 folder and Error message: RPC service failure. This causes the system to reboot.
Lovesan registers itself in the autorun key when the system reboots and launches itself every time the computer reboots in the future:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run windows auto update="msblast.exe"The worm then scans IP addresses, attempting to connect to 20 random IP addresses and infect any vulnerable machines. Lovesan sleeps for 1.8 seconds and scans the next 20 IP addresses.
Lovesan scans IP addresses following one of the patterns below:
- In 3 out of 5 cases Lovesan selects random base IP addresses (A.B.C.D) where D is equal to 0, while A, B and C are random numbers between 0 and 255.
- In the remaining 2 out of 5 cases Lovesan scans the subnet and gets the local IP address of the infected machine, extracts values A and B from it and sets D to 0. Then the worm extracts the C value. If C is less than or equal to 20, then Lovesan does not modify C. Thus, if the local IP address is 207.46.14.1 the worm will scan IP addresses starting from 207.46.14.0 If C is greater than 20, than Lovesan selects a random value between C and C-19. Thus, if the IP address of the infected machine is 207.46.134.191 the worm will scan IP addresses 207.46.{115-134}.0
The worm sends a buffer-overrun request to vulnerable machines via TCP port 135. The newly infected machine then initiates the command shell on TCP port 4444.
Lovesan runs the thread that opens the connection on port 4444 and waits for FTP 'get' request from the victim machine. The worm then forces the victim machine to sends the 'FTP get' request. Thus the victim machine downloads the worm from the infected machine and runs it. The victim machine is now also infected.
As of August 16, 2003 Lovesan will launch DDoS attacks on the Windowsupdate.com server with the objective of flooding the server so that it becomes unavailable.
This time the Internet was saved by the 1,8 second delay used by the virus between attempts of infecting machines. The delay of 1.8 second is programmed in the virus and that is what makes it less dangerous the the worldwide-known and the most dangerous ever network virus - Helkern aka Slammer which simply caused the de-segmentation and slowing down of the net by nearly 25% in January this year (Slammer didn't have the delay !):
20.40.50.0
20.40.50.1
20.40.50.2
...
20.40.50.19
----------- 1.8 second pause
20.40.50.20
...
20.40.50.39
----------- 1.8 second pause
...
...
20.40.51.0
20.40.51.1
...
20.41.0.0
20.41.0.13) Worm.Win32.Welchia
This is an anti-virus virus ! It's amazing, that Welchia fully removes Lovesan but installs itself and and starts using two holes (first - the same as Lovesan uses; second - WebDav in Microsoft IIS 5.0; it's described in Microsoft Security Bulletin MS03-007).
During installation the worm first copies itself to %System%\Wins\ folder under the dllhost.exe name and creates the service named WINS Client. Then the worm copies the tftpd.exe file from the %System%\dllcache folder naming it svchost.exe and creating an additional service - Network Connections Sharing.
As a result, Welchia will obtain control over the machine and execute itself every time the computer is re-booted.
The worm creates two different requests for sending to remote computers. The first request exploits the WebDAV vulnerability, the second request exploits the DCOM RPC vulnerability almost like Lovesan.
The worm finds an IP address, sends an ICMP request to it and waits for a response. If the remote machine responds, then the worm connects to it via port 135 (like Lovesan) or port 80 (if the machine uses IIS) and sends a ready-made package which loads Welchia from the host machine (via tftp).
The worm then scans the infected machine for the TFTPD.EXE file. If the TFTPD.EXE file does not exists, Welchia will download it (naming it svchost.exe) into the folder %System%\Wins\.
Once the current year becomes 2004, Welchia ceases to function and deletes itself from the system.
4) How to protect yourself !
The answer is simple: update your antivirus or install one if you haven't got any. My choice has always been (and I think always will be) Kaspersky AntiVirus Personal Pro (you can read all about it in the PC Helper Laboratory here).
However, all of the viruses mentioned can be cured by the special free AntiVirus utility provided by the Kasperky Labs, leading IT security expert.
To scan all your drives, run the utility with the key (without quotes) " /s[n]" ([n] extension also performs a check of mapped network drives).
The new build of RealOne Player 2 appeared in the Internet.
RealOne - is a multimedia player basically destined to play streaming real audio and real video formats, so popular in the Internet for streaming media so far. RealOne also has a built-in web browser providing more comfortable options of playing media from web pages, Audio CD Burning & Playing software (Music Jukebox) and supports QuickTime, Windows Media, MPEG, DVD and VCD media formats.
RealOne Player v2.0 Build 6.0.11.864 (8,3 MB,
Shareware, Windows 98/ME/2000/XP)
Although RealOne is recognized as shareware because it's supposed to be upgraded to Premium version, it can also be used as a basic free player for unlimited time.
I've decided to unite all the news appearing about recent viruses into this article...(Thanx to Kaspersky Labs)
1) I-Worm.Sobig.f
Although I-Worm.Sobig itself appeared in the world of viruses only relatively recently (several months ago) it already has 6 modifications of itself. The last one - "f" - is what I'm going to describe. Sobig.f spreads via the Internet in the attachments to messages. It activates as soon as you open the attachment. Sobig.f has broken all the records set by previous mail viruses and nearly reached the level of computers infected by almost "legendary" I-Worm.Klez (still in the top 20 of the most "influential" viruses although it first appeared as long ago as in October 2001). On the 7th of August the level of infection by this virus reached 92% !
During installation the worm copies itself into the Windows directory under the name winppr32.exe and registers itself in the system registry autorun keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run TrayX = %WindowsDir%\winppr32.exe/sinc HKLM\Software\Microsoft\Windows\CurrentVersion\Run TrayX = %WindowsDir%\winppr32.exe/sincTo get victim emails the worm looks for .TXT, .EML, .HTML, .HTM, .DBX, WAB, MHT and HLP files in all directories on all available local drives, scans for e-mail like text strings and sends infected e-mails to these addresses. To send infected messages the worm uses the SMTP engine specified in the system properties.
The worm scans all accessible network resources (other computers in a network) and copies itself to the auto-start directories (if there are such subdirectories) of each resource (computer) found.
The worm sends UDP packets at random IP addresses to port 8998 and awaits commands from the 'master' machine. The commands contain URLs from which Sobig.f downloads and executes files. Thus, the worm is able to upgrade itself and/or install other applications (Trojans for instance).
2) Worm.Win32.Lovesan
This is currently the most dangerous network worm. It exploits so "famous" now DCROM RPC hole in Microsoft Windows described in the MS Security Bulletin MS03-026 (I was writing about this update...you will soon know why it's so important). The vulnerability exploited by this worm has previously been found and fixed by Microsoft as they provided a patch I was writing about. The update filters the port TCP 135 thus protecting you from this virus. If the virus is already in the computer, it's too late...
Symptoms of Infection: MSBLAST.Exe in the Windows system32 folder and Error message: RPC service failure. This causes the system to reboot.
Lovesan registers itself in the autorun key when the system reboots and launches itself every time the computer reboots in the future:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run windows auto update="msblast.exe"The worm then scans IP addresses, attempting to connect to 20 random IP addresses and infect any vulnerable machines. Lovesan sleeps for 1.8 seconds and scans the next 20 IP addresses.
Lovesan scans IP addresses following one of the patterns below:
- In 3 out of 5 cases Lovesan selects random base IP addresses (A.B.C.D) where D is equal to 0, while A, B and C are random numbers between 0 and 255.
- In the remaining 2 out of 5 cases Lovesan scans the subnet and gets the local IP address of the infected machine, extracts values A and B from it and sets D to 0. Then the worm extracts the C value. If C is less than or equal to 20, then Lovesan does not modify C. Thus, if the local IP address is 207.46.14.1 the worm will scan IP addresses starting from 207.46.14.0 If C is greater than 20, than Lovesan selects a random value between C and C-19. Thus, if the IP address of the infected machine is 207.46.134.191 the worm will scan IP addresses 207.46.{115-134}.0
The worm sends a buffer-overrun request to vulnerable machines via TCP port 135. The newly infected machine then initiates the command shell on TCP port 4444.
Lovesan runs the thread that opens the connection on port 4444 and waits for FTP 'get' request from the victim machine. The worm then forces the victim machine to sends the 'FTP get' request. Thus the victim machine downloads the worm from the infected machine and runs it. The victim machine is now also infected.
As of August 16, 2003 Lovesan will launch DDoS attacks on the Windowsupdate.com server with the objective of flooding the server so that it becomes unavailable.
This time the Internet was saved by the 1,8 second delay used by the virus between attempts of infecting machines. The delay of 1.8 second is programmed in the virus and that is what makes it less dangerous the the worldwide-known and the most dangerous ever network virus - Helkern aka Slammer which simply caused the de-segmentation and slowing down of the net by nearly 25% in January this year (Slammer didn't have the delay !):
20.40.50.0
20.40.50.1
20.40.50.2
...
20.40.50.19
----------- 1.8 second pause
20.40.50.20
...
20.40.50.39
----------- 1.8 second pause
...
...
20.40.51.0
20.40.51.1
...
20.41.0.0
20.41.0.13) Worm.Win32.Welchia
This is an anti-virus virus ! It's amazing, that Welchia fully removes Lovesan but installs itself and and starts using two holes (first - the same as Lovesan uses; second - WebDav in Microsoft IIS 5.0; it's described in Microsoft Security Bulletin MS03-007).
During installation the worm first copies itself to %System%\Wins\ folder under the dllhost.exe name and creates the service named WINS Client. Then the worm copies the tftpd.exe file from the %System%\dllcache folder naming it svchost.exe and creating an additional service - Network Connections Sharing.
As a result, Welchia will obtain control over the machine and execute itself every time the computer is re-booted.
The worm creates two different requests for sending to remote computers. The first request exploits the WebDAV vulnerability, the second request exploits the DCOM RPC vulnerability almost like Lovesan.
The worm finds an IP address, sends an ICMP request to it and waits for a response. If the remote machine responds, then the worm connects to it via port 135 (like Lovesan) or port 80 (if the machine uses IIS) and sends a ready-made package which loads Welchia from the host machine (via tftp).
The worm then scans the infected machine for the TFTPD.EXE file. If the TFTPD.EXE file does not exists, Welchia will download it (naming it svchost.exe) into the folder %System%\Wins\.
Once the current year becomes 2004, Welchia ceases to function and deletes itself from the system.
4) How to protect yourself !
The answer is simple: update your antivirus or install one if you haven't got any. My choice has always been (and I think always will be) Kaspersky AntiVirus Personal Pro (you can read all about it in the PC Helper Laboratory here).
But in case of Lovesan or Welchia infection, something has to be done emergently ! That's why Kaspersky Labs has updated their free utility (known as clrav) adding the ability to clean Lovesan as well. You can download it straight from my site:
To scan all your drives, run the utility with the key (without quotes) " /s[n]" ([n] extension also performs a check of mapped network drives).
Missed something important ??? Get missed news here :
...<< -- 21st, August, 2003 ... HERE ! ! !
If you missed some earlier news, get to the full
Editorials
You can place banners of my site on your own site !!! Get one below:
You can use up to 50% of materials placed on my site but only showing the source! Any mirroring of materials is prohibited !!! All these rules are followed by the LAW !!!
Best Regards, Majestic and PC Helper Company®
All Copyrights protected. 2002-2003.
