Bugs & Fixes: Save Your PC From Virus Attacks

Do you think your PC's peril is increasing these days? You're right. Last year, the number of reported security threats (including viruses) more than doubled, according to the Computer Emergency Response Team Coordination Center at Carnegie Mellon University. Now more than ever you need to stay on top of virus updates. Here are the facts about two of the thorniest new attacks.

With PCs running either Internet Explorer 5.01 or 5.5, the nastiest new virus exploits a hole in Outlook and Outlook Express. Dubbed W32.Klez.E, this worm emerges when you view an infected e-mail message in the preview window. Like other worms, W32.Klez.E sends copies of itself to everyone in your address book.

There's more: On the sixth of every month, for example, W32.Klez.E tries to overwrite every file on your hard disk that has one of the following extensions: .txt, .htm, .html, .wab, .doc, .xls, .jpg, .cpp, .c, .pas, .mpg, .mpeg, .bak, or .mp3. To be extra mean, if it's January or July, it overwrites all the files on your hard drive.

You can avoid contracting the virus through your preview window by disabling the Preview Pane function, but the worm will still infect your PC if you open the message. (To turn off the preview pane, Outlook users need to select View and click Preview Pane; Outlook Express users must choose View, Layout, and uncheck " Show Preview Pane.")

See Microsoft's patch, Symantec's disinfection instructions, or McAfee's remedy.

Bad Grammar: A Bad Sign

The second worm, called "ZaCker" and also known as W32.Maldal.d@mm, comes as a file attachment in an e-mail with a relatively benign-sounding subject line---normally the name of someone's computer. But the message body is likely to be fraught with grammar mistakes, such as "I wish you like it" and "What women wants." This worm affects Outlook only.

As soon as you click the attached file, ZaCker may try to overwrite or delete key system files. So next time you start your PC, you may receive an error message telling you that the Win.com file is missing, indicating that it's time to reinstall Windows. Meanwhile, in typical worm fashion, ZaCker has e-mailed itself to everyone in your address book and attempted to delete your antivirus software.

If you're a McAfee antivirus user, any virus definition file numbered 4179 or higher will protect you. McAfee's instructions explain how to disinfect your computer. Norton Anti-Virus subscribers are safe from ZaCker if they have virus definitions dated December 29, 2001, or later. Read Symantec's advisory.

In Brief: New Netscape Hole

A security flaw in Netscape Navigator versions 6 through 6.2 could allow sly Web site operators a peek at your PC's cookies. Netscape plugged the hole in the latest version of its browser--6.2.1. The company says it also added new features, such as customizable security tools.

Supercookies: You Are Being watched

If you're a fan of Microsoft's Windows Media Player, you need to know that the sites you visit may be tracking your movements on the Web without your knowledge. According to recent findings by privacy maven Richard M. Smith, the problem goes back to a design flaw in the player itself. By writing JavaScript code, snoops can grab the unique ID number of your player and follow you around. These tracking devices are called "supercookies."

It's easy to disable this tracking function. In versions 6.4 through 7.1 of the player, select Tools, Options, and then deselect Allow Internet sites to uniquely identify your player. If you have older versions of the player, you need to upgrade to version 7.1. To protect yourself, get the download.

Bugged?

Found a hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.