OS/400 Alert: Have You Been Snarfed?

March 3, 2004 Shannon O'Donnell

Just when you thought it was safe to talk on your cell phone, along comes a new form of hacking targeted specifically at these devices. Hacking into cell phones or other Bluetooth-ready devices, known in the industry as “snarfing,” has just gotten a whole lot easier. Speaking of easy, are you are looking for a way to remove any of those nasty Windows viruses making the rounds these days? I’ll tell you where to find the tools you need to target specific viruses.

SNARFING

Despite its name, snarfing has nothing to do with the Smurfs. Nor is it something you do when you have a really messy sneeze. Bluesnarfing is the hijacking of Bluetooth-enabled cell phones in order to steal personal information. Snarfing allows an unauthorized person to log on to your Bluetooth-enabled device without your being aware of it. The hacker then has access to all of your personal information, such as your address book. Several Bluetooth-enabled devices, including many from Nokia and Sony, are vulnerable to this type of attck. For more information on bluesnarfing and other Bluetooth-related vulnerabilities, go to www.bluestumbler.org.

VIRUS REMOVAL TOOLS

If you have been infected by a virus, chances are that despite your best efforts to remove it, your computer is still infected. That’s because viruses are typically not found in a single repository on your PC. Instead, they are scattered all over your hard drive, inside your Windows Registry and in dozens of places you would never think to look. The only sure way to remove such a beast is by using a virus removal tool designed by experts specifically for that virus. You can find such a tool for all the latest and greatest viruses on Symantec’s Web site.

THIS WEEK’S NASTY WINDOWS WORRIES

Backdoor.IRC.Loonbot is a Trojan horse that has backdoor capabilities. It can allow an attacker to remotely control your computer using Internet Relay Chat (IRC). This Trojan can also download and execute files. This threat is written in C and is packed with AsPack Version 2.12.

PWSteal.Tarno.B is a Trojan Horse that attempts to intercept user names and passwords and other computer information. It sends the user names and passwords to a certain e-mail address, using its own SMTP engine.

W32.Mockbot.A.Worm is a worm that spreads using computers infected with the W32.Mydoom.A@mm, W32.Blaster.Worm, and Backdoor.Optix worms. To spread itself, the worm can also exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), as well as a vulnerability in the DameWare Mini Remote Control program.

Backdoor.IRC.Aladinz.M is a backdoor Trojan horse that uses malicious scripts in the mIRC client software, allowing unauthorized remote access.

W32.Netsky.C@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the e-mail addresses it finds when scanning hard drives and mapped drives. This worm also searches drives C through Y for the folder names containing “shar” and then copies itself to those folders. The subject, body, and e-mail attachment vary.

W32.Bizex.Worm is a worm that spreads by sending an ICQ message to all the contacts in a user’s ICQ contact list that contains a link. The link opens an Internet Explorer window and links to an HTML file that exploits a vulnerability in an Internet Explorer function. This worm has several components that can be downloaded by clicking the link.

For more information on the latest virus threats, go to www.symantec.com.

IBM MANUALS ONLINE

Looking for a specific IBM manual but don’t know where to go? IBM maintains a list of online manuals for V5R2. You can find the answers to any of the operational or programming problems that are keeping you from performing your job.

PTF’S AND FIXES FOR OS/400 AND RELATED PROGRAMS

IBM released the latest cumulative package for V5R2 customers on January 21.

The latest HIPER package was released on February 18.

The Database Group PTF was updated on February 26.