To use the links in this newsletter, you must be connected to the Internet.  PC Eudora users: to see this and other html mail properly you must check the box "Use Microsoft's Viewer" in the "Viewing Mail" options.

Exactly a month ago, in the 10/11/99 issue, WebSkulker stated in part:

"It is also possible to code a website so that merely by visiting the site, a ... document would be run on your machine that could have malicious commands embedded.  What's worse ... it is possible for someone to send you an email in HTML format (just like this newsletter) which contains embedded calls ... If you read email with Outlook, Outlook Express, Eudora, or any other email reader that uses the Microsoft HTML renderer, then merely opening an email message could cause commands to be executed on your machine."

Were we psychic, or what?  Which story was all over the computer news yesterday?  The Bubbleboy virus that, so the reports generally claim, is the first virus capable of issuing commands to cause damage to your PC simply by opening an email message.  Here is a typical report about Bubbleboy in case you haven't been following the news:
http://www.zdnet.com/zdnn/stories/news/0,4586,1018067,00.html

Here is more technical report giving the details of what Bubbleboy does when it infects a machine:
http://vil.nai.com/vil/vbs10418.asp

It turns out that Bubbleboy is exploiting a security problem in Internet Explorer (IE) that was publicized and fixed over two months ago, but the fix does no good unless you download it and install it on your system.  At the time this was discovered, it was believed that the danger was in visiting a "malicious web site" using IE as the browser, because the web site author could code special functions in their web pages that would take advantage of the flaw and execute malicious commands on your machine.  Here is the Microsoft Security Bulletin describing the flaw and how to fix it:
http://www.microsoft.com/security/Bulletins/ms99-032.asp

But pretty much anything a malicious web site author can do on their web site can be done by sending HTML-formatted email messages.  The Microsoft email programs Outlook and Outlook Express use Internet Explorer under the covers to handle the display of HTML-formatted messages, so flaws in IE as a web browser are also flaws in IE as an email reader.  Eudora can be set to use IE, and in that mode it is probably vulnerable to the same problems.

So how can you jr. skulkers prevent Bubbleboy and other email viruses like it that are sure to follow?  By downloading and installing all the security fixes for Internet Explorer.  The easiest way to do that is the Windows Update web site from Microsoft discussed in the following article.

If you use Outlook or Outlook Express to read email, you can also change a setting to make email reading more secure from HTML attacks.  For both products, go to the Tools menu, choose Options, then press the Security tab.  You will see a way to change the Internet Explorer Security Zone.  Change this to "Restricted Sites" and press OK.  This setting tells Internet Explorer that when it is displaying an email message under the covers of the email program, it should treat the email like a potential malicious web site and restrict the HTML functions it will allow. 

http://windowsupdate.microsoft.com

http://www.microsoft.com/downloads

If you are using Windows 98, you probably noticed the Start Menu item(s) called "Windows Update".  This is merely a bookmark to the first link above, the Microsoft Windows Update site.  You can use the Windows Update button, or click on our link to get to the site.  Contrary to popular belief, the Windows Update site now works for Windows NT as well as Windows 98, but WebSkulker seems to recall that you must have IE 5 already installed to use it from NT.  (We believe it will work from Windows 95 as well for some types of updates, but we don't have a system to test this).  NT doesn't have the Windows Update button so go directly to the first link using Internet Explorer.  When you get to the Windows Update site, press Product Updates.  After some machinations, you will get a list of fixes and new versions of programs and add-ons that are available from Microsoft.

This list will be customized to your PC and will show only those items that would work for you and that are not already installed.  The Critical Updates will generally be security fixes so you should take all those.  Check the box in front of each item you want, press the Download button, then sit back and watch.  Everything should be downloaded and installed automatically.  Depending on what you update, you might get a message at the end asking you to reboot.

The second link above is to the Microsoft Download Center.  This is a central location for downloading fixes and updates for most Microsoft products.  For operating system and Internet Explorer updates, you should generally use Windows Update instead of downloading and installing individual items, but if you need to install the same item on multiple machines then downloading might be a better idea than running Windows Update on each machine individually.

http://www.kumite.com/myths

http://ciac.llnl.gov/ciac/CIACHoaxes.html

http://www.best.com/~braith/frys.htm

Jr. Skulker Tom McWilliams suggests this site for those of you who know what the Fry's Electronics stores are all about.  If you never heard of Fry's, think about a gigantic Wal-Mart sized Radio Shack store and you will get the general idea.

http://home1.gte.net/rtidr/bulldoze/bulldoze.htm

Submitted by Jr. Skulker Marvelena

An American, a German and a Japanese guy are golfing one day and, at the 3rd hole, they hear a phone ring. The American excuses himself, puts his left thumb to his ear, his left baby finger to his mouth and proceeds to have a telephone conversation. When he is done, he looks at the other two and says "Oh, that's the latest American technology in cell phones. I have a chip in my thumb and one in my baby finger and the antenna is in my hat. Great stuff eh?"

They continue golfing until the 9th hole when, again, they hear a phone ring. The German tilts his head to one side and proceeds to have a conversation with someone in German. When he finishes, he explains to the other two that he has the latest in German technology cell phones. "A chip in my tooth, a chip in my ear, and the antenna is inserted in my spine. Ah the wonders of German know-how!"

At the 13th hole, a phone rings again and upon hearing it, the Japanese fellow disappears into some nearby bushes. The German and the American look at each other and then walk over and peer into the bushes. In the middle of the bushes is the Japanese fellow, squatting with his pants down around his ankles. "What on earth are you doing?!" asks the American.  The Japanese fellow looks up and replies "Waiting for a fax".

WebSkulker is a daily newsletter in html format. To subscribe or unsubscribe, go to our web site at http://www.webskulker.com  or send email to listserv@webskulker.com with precisely the following: "subscribe-webskulker" or "unsubscribe-webskulker" as the only words in the SUBJECT.  Leave off the quotes and be sure to include the hyphen.  Before you even think about unsubscribing, we strongly suggest you go to our web site, click on "unsubscribe", and read the story of the two farmers.  You will be shocked at the consequences!

To change your subscription to a new email address, unsubscribe from the old address and then subscribe to the new address.

This newsletter is copyrighted 1999 by The WebSkulker.  You may use any material in this issue for any reason provided that you attribute it to the WebSkulker Newsletter and include the URL to our web site: http://www.webskulker.com .