PLEASE READ - NOTE FROM MARILYN
When I first created the BHS-57 web site in fall of 2001, I included a Tips & Technical Info section which has some information about similar subjects that will be, in the future, put in this "Spam, Scams & Viruses" section. Later, I added the COOKIE INFO icon link to the BHS-57 Home Page in the red column which provides a pop-up window with some general info on this subject and a link to the NACL (National Anti-Cookie League) web site for more information on cookies. Oh yeah, the PDF File Downloads section has some related info.
I apologize that there are so many places to check out this kind of info on the BHS-57 web site, but you really should read them all--if you haven't already--at least once. Earlier this year, (January 14, 2004), I added some info on current "phishing" scams into the "Tips" section, which you should particularly read because it is current.
Even more recently, I received news from a Dallas friend about the January 27th WORM called "MyDoom" that is tormenting people with PCs, and I decided then to create this new section (here) to put that and future information of this kind into this one place -- with a link on the Home page that you couldn't miss.
Unfortunately, it would be a tremendous, time-consuming job to reorganize everything from those other sections into this new section. Maybe I'll do that one day, when I have time. In the meantime, I apologize if there is a little bit of redundancy. Marilyn
ABOUT THIS SECTION
This section will contain some information about email spam, "phishing" scams for identify theft purposes, and computer viruses including the WORM (Write Once Read Many) type of viruses that propagates throughout PC computer systems running Windows operating systems. (Like me, Macintosh computer-owners are so glad that Apple's computers don't run Windows operating systems.)
DO NOT DEPEND ON THE BHS-57 WEB SITE TO KEEP UP-TO-DATE ON THIS TYPE OF INFORMATION. That is a fulltime job in itself. But, this section provides the links below to News web sites that specialize in keeping the public up-to-date on these items. There, you will find complete information about the items that are introduced on this web page.
LINKS YOU SHOULD CHECK OUT
You are strongly urged to keep up-to-date on this type of information via the links to News web sites given here. If you have other web sites that you would like added to this page, please email that URL info to Marilyn.
Also, if any of the web sites listed below on this page are "direct" links to "current" news items that have since been removed and archived in the web site's libraries (making the links given here be "broken links"), please let Marilyn know to remove those broken links from this page.
When links are broken, you might check the "home page" part of those URLs (up through the URL's ".com" or ".net" part) to locate the archived information.
Home page of a good web site about email hoaxes and scams:
http://urbanlegends.about.com
The FDIC identity theft scam begun around January 14, 2004 is described at:
http://urbanlegends.about.com/library/bl_fdic_phishing_scam.htm
Other "phishing" ("fishing" for purposes of identity theft) scam info is available at:
http://www.millersmiles.co.uk/identitytheft/120603-ebay-hoax-1.php
http://www.millersmiles.co.uk/identitytheft/spoof-email-and-spoof-web-page-library.htm
Some links with info about the January 2004 "MyDoom" (also called "Novarg") WORM:
http://zdnet.com
http://www.salon.com/tech/wire/2004/01/27/virus/
http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=47488
CONTENTS
This rest of this section is divided into these parts:
- The difference between Spam, Scams, Viruses and WORMs
- Recognizing Spam in Your Email "IN" Mailbox
- Controlling Spam via Your Email Program's Filters
- Controlling Spam via Your ISP's "Spam Blocking" Filters
- Introduction to the FDIC "Phishing" (Identify Theft) Scam
- Introduction to the Big Bad "MyDoom" WORM
1. THE DIFFERENCE BETWEEN SPAM, SCAMS, VIRUSES AND WORMS
Chain letters (no matter what their style and no matter how "cute" or "funny" or "politically informing") are a form of seemingly "harmless" spam - except it can cause many ISP servers to bog down as people keep sending it on and on and on. This can tie up the lines and give many busy signals to people who are still on dialup lines. As a general rule, it is a good idea to never send or forward chain letters. (If you would never send on a chain letter through snail mail, then don't do it through email. Just because email is an inexpensive and easy way to communicate, be selective in what you communicate about.)
Email hoaxes (where someone starts an email about a non-existent virus) are another form of spam. This is meant just as a scare tactic (there is no such real virus), but too many people do not check out the News web sites (such as the Urban Legend web site listed above) to see if the email received (from a well-meaning friend, of course) was a hoax or a real virus threat. Trying to be helpful, they quickly send it on to their own friends - and the email hoax becomes a sort of chain letter, as it is sent on and on and on - with the result that the telephone lines are tied up.
Scams: Watch out for "scams" where the email sender may be trying to get personal information from you for purposes of identity theft (there is a LOT of that going around now), or maybe they may be trying to sell you something that doesn't exist. Always know the company or person you intend to buy something from over the Internet - and NEVER give personal information (social security number, mother's maiden name, etc) over the Internet - via email or on Web forms (also called "web-based email").
Viruses: Computer "viruses" usually do damage (or harmless pranks) to only your own computer. There are thousands of these that have been going around for years; for a list and details, check the archives of some of the News links above.
Sometimes WORMs are called viruses or a "form of a virus." It's not always clear whether something is a "virus" or a "WORM" but it doesn't matter - both are thiings to avoid having on your computer.
There are some good "anti-virus" programs available (such as Norton's or McAfee's) that you can purchase and install on your PC. As patches are made available by Microsoft to "patch up" the holes in the Windows systems that allow these things to get into your personal computer, the anti-virus programs download them to you; this is normally done automatically ona weekly basis.
WORMs: A computer "WORM" (Write Once Read Many) is a computer prgram that embeds itself in your PC computer's Windows operating system and "worms" its way around inside, perhaps doing different damages at various times or maybe just suddenly sending you a "surprise" message ("Kilroy was here") on your computer screen on a certain date (according to your computer's internal system clock).
Be sure to read about the MyDoom (below) that can propogate through all the computers for which you have email addresses stored on your computer. The "MyDoom" WORM gets into your electronic Address Book in your email programs and retrieves the email addresses you have stored there.
If you get tired of having viruses and WORMs affecting your PC computer, buy a Mac - the Mac G5 is currently the world's fastest personal computer and doesn't get viruses except possibly through a MS product (e.g., Word or Excel) that perhaps has a macro bug in an attached file that is emailed to you. (Or so I've heard. Anyway, I've used Macs since the mid-1980s and have never received a virus on a Mac.)
And, you know what you can do with your old PC.
2. RECOGNIZING SPAM IN YOUR EMAIL "IN" MAILBOX
If you know an email is NOT spam, either because you recognize the Sender name or because you recognize something pertinent to your life (like "BHS-57") in the Subject, simply click on the email to open it and then read it.
You should ALWAYS delete all spam email unopened. Don't let your curiosity about potential spam email get to you. You NEVER want to open spam email - especially if you have a PC. Some spam email may have attachments (even (hidden ones) that are executable files (programs) that can wreck havoc on PC computers and may even spread to other PCs. For example, the mid-January 2004 MyDoom virus (actually a "WORM" - see info below) reads your electronic address book and gets all your email addresses from it - and then MyDoom sends that same email and hidden attachment program to all those email addresses.
Some email spam is usually easily recognizable in your IN box's listing. For example:
-
Some spam email has Subject lines with "porn" subjects, or "advertisement" subjects; these are easily identified and you can quickly delete them.
-
Some spam email has no Subject line. If you don't recognize the Sender name, it should be considered spam and deleted unopened.
-
Some spam email may have a totally blank Sender name. Delete it unopened.
-
Some spam email Subject's are tricky to determine if they are spam or not. For example, the Subject may just say "Hi." If you don't recognize the Sender name, delete it unopened.
Note: All BHS-57 people should include "BHS-57" in their Subject line when first sending email to other BHS-57 classmates, because not everyone may recognize your Sender name and you will want your email opened and read.
-
Some spam email may use other tricky Subjects - such as "About Your Account." As a general rule, you should never supply your email address to companies, such as credit cards, with whom you have "accounts." Let them always notify you by snail mail. Then, you can easily recognize these "About Your Account" Subjects as spam email and delete them unopened.
-
Other tricky Subjects may look like they come from your ISP and may have "Admin" as the Sender name. These are almost always spam and not really from your ISP. Your ISP will probably have their Sender name show "techiename@ISPname.com" instead of just "Admin"as the Sender.
Note: My ISP only uses snail mail for communication to its customers. A former ISP sent billing notices in email, but the Sender name was its business name - not something like "admin" or "billing".)
3. CONTROLLING SPAM VIA YOUR EMAIL PROGRAM'S FILTERS
If AOL is your ISP, they have their own Mail program and you'll probably be stuck with using that (and it has some nice features). I happpen to like being able to choose which email program I want to use.
You might use Microsoft's Outlook or Outlook Express for your email program, because Outlook is included "free" on both PC and Mac computers now (since Microsoft and Apple made a deal).
I've used all those email programs in the past, as well as Netscape's Communicator, Messenger, and other Mail programs. But, for several years I've used Eudora - which I feel is the best email program - and it's "Light" version is free.
Eudora (even its free version) has lots of nice features. One thing I like about Eudora is it is easy to "filter out" unwanted email. If an email comes in that I recognize as spam, I can go to the "Make Filter" tool and tell Eudora to (in the future) send any email with that Sender name (or with certain "porn" or "advertisement" text in the Subject line) directly into Trash instead of to my IN box.
On the other hand, if I wanted to, with Eudora, I could also filter "good" email into certain mailboxes or folders that I set up. I don't do that because I like everything to be handled by me in the one IN box, but some people might like separate "IN boxes" for various people they communicate with.
Eudora has lots of other good features in the "Light" version (which I use) and even more in the version you pay for (and it's not expensive software). If you don't mind looking at pop-up advertisements, you can get the "full version" of Eudora free as well. So, they offer three versions.
Note: Eudora now belongs to a company called "Qual.com" but you can also find it through "www.Eudora.com" if you want to check it out.
4. CONTROLLING SPAM VIA YOUR ISP'S "SPAM BLOCKING" FILTERS
My current ISP has a free "spam blocker" filter that blocks email from the automatic "bulk emailer" programs used by "marketing" people and "junk email" spammers, but their filter is relatively new and still being developed. Unfortunately, we learned last week that it doesn't yet work for domain owners (like me) whose email addresses are redirected to their own domain name (e.g., "softguide.net") instead of to the ISP's name. (Hopefully, that design flaw in the filter will be fixed soon - if their email technology allows it. I'd like to take advantage of the spam blocker filter.)
Note: Spam email has gotten much worse in the past couple of years due to the use "bulk email" software available becoming available and widely sold. For example, I get over 1,000 spam email each week. (My "delete" finger is beginning to feel arthritic.) I usually get about 10-20 "real" email that is personal for me each week, and those are the only ones I open and read. I don't open spam.
How my ISP's spam blocker filter works: Let's pretend that my ISP name is aaaaaa.com. Here's how their spam blocker filter works for customers (without domains) whose email is addressed directly to the ISP's server name (e.g., TO: receivername@aaaaaa.com).
-
The first time you, (e.g., sendername@xxxx.net), send an email to a person covered by the spam blocker service, it is passed through the spam blocker software on the ISP's server.
-
Your email is checked against a list of "okay" email addresses for that specific receiver (e.g., receivername@aaaaaa.com).
-
If you are not already listed in the receiver's "okay" list, you (e.g., sendername@xxxx.net) would receive your "sent' email right back with a message that requires you to hit REPLY so the email can be put in the receiver's IN box.
-
You hit REPLY and that tells the ISP's "spam blocker" program that you are a real person and not one of those automatic bulk emailer programs sending out email to the receiver.
-
Your email address (sendername@xxxx.net) is then added to the list of "okay" email addresses for that receiver.
-
Your email is then sent on to the receiver who gets it in her IN box.
- After that, you (the sender), will never see your email returned to you when you send future email to that specific receiver. You only have to hit that REPLY thing once.
5. INTRODUCTION TO THE FDIC "PHISHING" (IDENTIY THEFT) SCAM
In my email program's "IN" mailbox list, the Subject was "Important News About Your Bank Account" and the Sender was only "FDIC." I decided to open that emaio, even though I suspected it was spam. When I read the email, it showed further suspect information. Look closely at the "From" and "To" info and the greeting ("To Whom It May Concern" - as if they didn't know my real name) and then read the Body of the email text:
==========
Delivered-To: mcoughran-mcoughran@softguide.net
From: "FDIC"
To:
Subject: Important News About Your Bank Account
Date: Mon, 26 Jan 2004 12:05:25 -0400 (EST)
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
Donald E. Powell
Chairman Emeritus FDIC
John D. Hawke, Jr.
Comptroller of the Currency
Michael E. Bartell
Chief Information Officer
==========
They forgot to attach the "IDVerify" file to my copy of this email scam (both times they sent it to me), but I learned through online research that other people received a form that asked for personal info such as their SSEC Number, mother's maiden name, etc.
If you ever receive anything (even sort of "official looking") be sure to use the News web sites I listed above on this web page before you act on it. And, in any case, NEVER PROVIDE ANY PERSONAL INFO LIKE SSEC NO. OR MOTHER'S MAIDEN NAME online.
6. INTRODUCTION TO THE BIG, BAD "MYDOOM" WORM
========
Here is Symantec info:
Security Response is currently investigating a new mass-mailing worm. Initial submissions have been received with attachments that have a file extension of .exe, .pif, and .scr. Additional information will be made available as soon as possible.
Type: Worm
Infection Length: 22,528 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, =Windows NT, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x
========
This article provides great information on MyDoom:
"New virus hitting in-boxes"
By Robert Lemos
CNET News.com
January 26, 2004, 4:11 PM PT
Antivirus firms on Monday warned of a new mass-mailing computer virus that has gained a foothold in a large number of PCs by masquerading as an email error.
The virus--known as MyDoom, Novarg, and as a variant of the Mimail virus by different antivirus firms--arrives in an in-box with one of several different random subject lines such as "Mail Delivery System," "Test" or "Mail Transaction Failed." The body of the email contains an executable file and a statement such as: "The message contains Unicode characters and has been sent as a binary attachment."
"It's huge," said Vincent Gullotto, vice president of security software maker Network Associates' antivirus emergency response team. "We have it as a high-risk outbreak."
(For the rest of this article, please see: http://zdnet.com./2100-1106_2-5147605.html
========
Woody's Windows Watch Newsletter states:
By now you no doubt know about the latest worm to hit the streets. McAfee calls it MyDoom. So does F-Secure. Symantec/Norton calls it Novarg. MyDoom is . . . in the process of clogging up all the email servers around the world because of its remarkable 'social engineering' - in other words it is packaged in a way to make unwary people open it.
In many cases, the attachment won't fool any of you because you have Windows set up to show you filename extensions . . . and you know that double-clicking on a .bat, .cmd, .exe, .pif, or .scr file is just about as stupid as pointing a loaded gun at your foot. . . . Force Windows to show you filename extensions.