Digital Threats Unmasked

© 2009 PCMECH.COM - http://www.pcmech.
com Page 1
This Product Proudly Brought To You By
“PCMECH” is a registered trademark of PC Media, Inc.
Based in Tampa Bay, Florida, USA.
© 2009 PCMECH.COM - http://www.pcmech.com Page 2

Introduction 7
Computer Viruses 9
What is a computer virus? 9
Who Programs Computer Viruses? 11
Types of Viruses 18
Virus Examples 21
How To Tell If You're Infected 24
Virus Prevention 27
Virus Removal 31
A Word on Hoaxes 33
Additional Resources 34
Spyware 36
Types of Spyware 39
Adware 40
Browser Helper Objects 40
Browser Hijackers 41
Computer Barnacles 42
Dialers 42
Keyloggers 43
Malware 44
Spyware 44
Trojans 46
Worms 47

Other Terms To Know 48
Effects & Telltale Symptoms of Spyware 51
What Kinds of Tactics Are Used? 52

ActiveX 53
Fake Removal Tools 54
Misleading or Enticing Advertisements 55
Phishing 57
Downloads 61
Prevention Techniques 63
Administrator Accounts 63
ActiveX Security and Safety 64
Block Adservers & Spyware Servers 65
Browsing & Downloading Habits 66
Email Safety 66
Hidden File Extensions 68
IE AutoComplete Security Risk 68
IE Search Toolbars 69
Install a Firewall 70
JVM Security 72
Software Updates & Patches 72
Use an Alternative Browser 72
Windows Processes 73
Scanning Tools 74
Problem Specific Tools 76

The Spyware Removal Process 77
The Last Word 81
Email SPAM 83
Why SPAM? 85
Understanding SPAM 92
Identifying SPAM 98
Hidden URLs 98
Javascript in Message Bodies 100
Random Characters 100
Email Addresses in Links 101
Personalization 101
Dirty HTML 102
Use of Affiliate Sites 102
How Did You Get Spam In the First Place? 103
Spam Damaging Your Computer? 104
Spam Laws 107
How To Stop Spam 108

Use a Junk Email Account 109
Spell Out Your Address 109
Contact Forms 109
Email Images 110
Using Javascript to Hide Emails 110
But, I Already Get Spam! 110

Don't Buy Anything 110
Don't Ever Reply 111
Keep Your Cool 111
Don't Open It 112
Report Spam 112
Read Website Privacy Policies 112
Check the "Do Not Mail" boxes 112
Secure Your Email Client 112
Spam Filters 113

How Filters Work 113
Reporting SPAM 117
Detective Work 119
And That is Spam 125
Handing Your PC to Hackers in 9 Steps 128

Appendix 133
Sample HOSTS File for Blocking Spyware Sources 133

Introduction
The days of a computer being a self-contained little world are over.
Today, an internet connection is almost a necessity. More and more of our
computer activity is going online. Whether it be surfing the internet, using
web-based service, chatting with friends or connecting up in social
networks, there is so much going on online today that being forced to use a
computer with no internet connection can make you feel like you just ported
back to the dark ages.
With that pipeline to the internet comes a lot of freedoms. Freedoms

to speak to others. Freedoms to share you work. Freedoms to chat, email,
watch videos, you name it. But, over that pipeline, other things can travel
as well. Things you don't necessarily want on your computer. It is a turf war.
You are trying to defend your turf – your computer. Others are trying to
stake a claim and take use of your computing real estate for themselves.
The internet really resembles the wild, wild west of long ago.
Everybody fends for themselves and there are really no laws to speak of.
Well, more accurately, there are laws to prevent some of these things,
however they are simply not enforceable. Most activity on the internet can
be done anonymously and that means that ill-intentioned people can
operate almost carte blanche online. So, the thing to do is be educated so
that you do not fall into their trap.
That is where this book comes in.
The threats today that you need to worry about are:

✓ Computer viruses
✓ Spyware
✓ Email SPAM
I am going to address each of these in an in-depth fashion. And I will

also be giving you a lot of information so that you can avoid these threats
altogether.
One thing to keep in mind is that the internet is NOT dangerous. Not
at all. It just takes some basic education and knowledge to keep yourself
out of trouble. It is very similar to learning how to drive. If a person was
driving a car and did not know how to deal with the roads and the car itself,
that person would be in danger and so would others around him. On the
other hand, if that person knows how to do it, everything is fine. And as
most of us know, driving a car is completely second nature after awhile.
Well, staying safe online is the same way.
Read on to learn how to stay safe at your digital wheel.

Computer Viruses
Computer viruses can be a
matter of some confusion among
computer users. Without
understanding the nature of them,
it is easy to get paranoid.
However, a computer virus is
actually a very simple thing and
very easy to defend against.
What is a computer virus?

You might wonder why it is called a virus. Is your computer getting
sick? Is it going to die? Obviously a computer is not made up of cells. It
cannot get sick the same way a person does. So, why is it called a virus?
To understand this, let's take a look at the biological virus? Let's look
at the definition of “virus” as defined in Wikipedia:
A virus (from the Latin noun virus, meaning toxin or poison) is a sub-
microscopic particle (ranging in size from about 15–600 nm) that can infect
the cells of a biological organism. Viruses can replicate themselves only by
infecting a host cell.
So, a virus infects a host and cannot operate without the power and energy
of the host. The host is the thing which gets infected with the virus.

So, what we have here is a parallel. An organic virus infects a host (person
or animal), attaches to the cells of the organism and spreads. A computer
virus does exactly the same thing. It infects your computer (the host) and
uses it to spread. The only difference is that a computer virus is obviously
not organic. Instead it is simply another software program, programmed by
an actual person, but programmed specifically with the intention to do harm
or other make an effect that will be noticed.
So, a computer virus would be defined as:
1. A program which is specifically designed to replicate itself. Copies

may be exact duplicates or may perhaps even be slightly
different in order to throw off anti-virus utilities looking for a
particular signature.
2. The replication is done on purpose.
3. A virus has to attach itself to a host, in the sense that execution of

the host program leads to execution of the virus.
To clearly understand what is happening here, it is important to

realize that a computer is just a dumb machine that blindly executes
whatever program instructions are fed into it. Programs can be large or
small, and can have multiple purposes. Such a purpose could potentially
be:
✓ To do harm to the host computer
✓ To spread to other computers
✓ To hide itself from anti-virus programs

From the computer's perspective, the computer virus is just another
program to be executed. The computer obediently does what it is told by
the computer virus, whether the owner likes it or not.
Who Programs Computer Viruses?

All computer viruses have an author. It was programmed by a real live
person with the sole intent of creating a piece of software that will function
like a virus. The people who create computer viruses are fairly
technologically inclined as they obviously have good programming skills. In
fact, some virus programmers are actually employed as programmers.
They are not employed to create viruses, however they may work for a
large IT company performing legitimate programming but create viruses in
their spare time. Or perhaps their creation of the computer virus was more
or less a one-time thing on their part just to see if they could do it. Which
leads us to ask: why would a person create a computer virus? Reasons
could include:
✓ Seeing if they can do it
✓ Getting revenge (on a company, for example)
✓ To generally create trouble
✓ To gain notoriety and see if they can get their work talked about in
the press
✓ To combat boredom

To get an idea of the type of people who create computer viruses, we
can take a profile of a young virus programmer named Mario who was
profiled in a 2004 article in the New York Times by Clive Thompson:
Mario stubs out his cigarette and sits down at the

desk in his bedroom. He pops into his laptop the CD of
Iron Maiden's ''Number of the Beast,'' his latest
favorite album. ''I really like it,'' he says. ''My
girlfriend bought it for me.'' He gestures to the 15-
year-old girl with straight dark hair lounging on his
neatly made bed, and she throws back a shy smile.
Mario, 16, is a secondary-school student in a small
town in the foothills of southern Austria. (He didn't
want me to use his last name.) His shiny shoulder-
length hair covers half his face and his sleepy green
eyes, making him look like a very young, languid Mick
Jagger. On his wall he has an enormous poster of Anna
Kournikova -- which, he admits sheepishly, his
girlfriend is not thrilled about. Downstairs, his
mother is cleaning up after dinner. She isn't thrilled
these days, either. But what bothers her isn't Mario's
poster. It's his hobby.
When Mario is bored -- and out here in the

countryside, surrounded by soaring snowcapped mountains
and little else, he's bored a lot -- he likes to sit at
his laptop and create computer viruses and worms.
Online, he goes by the name Second Part to Hell, and he

has written more than 150 examples of what computer
experts call ''malware'': tiny programs that exist
solely to self-replicate, infecting computers hooked up
to the Internet. Sometimes these programs cause damage,
and sometimes they don't. Mario says he prefers to
create viruses that don't intentionally wreck data,
because simple destruction is too easy. ''Anyone can
rewrite a hard drive with one or two lines of code,''
he says. ''It makes no sense. It's really lame.''
Besides which, it's mean, he says, and he likes to be
friendly.
But still -- just to see if he could do it -- a

year ago he created a rather dangerous tool: a program
that autogenerates viruses. It's called a Batch Trojan
Generator, and anyone can download it freely from
Mario's Web site. With a few simple mouse clicks, you
can use the tool to create your own malicious ''Trojan
horse.'' Like its ancient namesake, a Trojan virus
arrives in someone's e-mail looking like a gift, a JPEG
picture or a video, for example, but actually bearing
dangerous cargo.
Mario starts up the tool to show me how it works. A

little box appears on his laptop screen, politely
asking me to name my Trojan. I call it the ''Clive''
virus. Then it asks me what I'd like the virus to do.
Shall the Trojan Horse format drive C:? Yes, I click.

Shall the Trojan Horse overwrite every file? Yes. It
asks me if I'd like to have the virus activate the next
time the computer is restarted, and I say yes again.
Then it's done. The generator spits out the virus

onto Mario's hard drive, a tiny 3k file. Mario's
generator also displays a stern notice warning that
spreading your creation is illegal. The generator, he
says, is just for educational purposes, a way to help
curious programmers learn how Trojans work.
But of course I could ignore that advice. I could

give this virus an enticing name, like ''britney--
spears--wedding--clip.mpeg,'' to fool people into
thinking it's a video. If I were to e-mail it to a
victim, and if he clicked on it -- and didn't have up-
to-date antivirus software, which many people don't --
then disaster would strike his computer. The virus
would activate. It would quietly reach into the
victim's Microsoft Windows operating system and insert
new commands telling the computer to erase its own hard
drive. The next time the victim started up his
computer, the machine would find those new commands,
assume they were part of the normal Windows operating
system and guilelessly follow them. Poof: everything on
his hard drive would vanish -- e-mail, pictures,
documents, games.

I've never contemplated writing a virus before.
Even if I had, I wouldn't have known how to do it. But
thanks to a teenager in Austria, it took me less than a
minute to master the art.
Mario drags the virus over to the trash bin on his

computer's desktop and discards it. ''I don't think we
should touch that,'' he says hastily.
Not all authors of computer viruses actually spread their work. Some
do it just to see if they can. Others will publish their work on the web with
full documentation for the purposes of educating or for bragging rights.
While they might not personally spread the virus, somebody else will.
The people who work to spread computer viruses, whether they are
the authors or not, are usually people who are out for mischief. These
people are called “script kiddies”. This is a slang term, usually thought of as
derisive, which is used to refer to young hackers, often of high school or
college age, who take the work of others and release it into “the wild”. In
the world of computer viruses, “the wild” is used to refer to the world
outside of the “lab” where the virus was originally created. Many times, a
“script kiddy” does not have the necessary skills to create a virus on their
own. However, they have a mischievous side to them and they download
the work of others and release it, often claiming they are the author.
Essentially, this means that the spread of computer viruses is the

combined work of two groups of people: (1) the original programmer who
did it for fun, the challenge, or perhaps something more dark, and (2) the
person who is naïve and stupid enough to release that virus onto the

unwitting public. Sometimes these script kiddies actually are pretty naïve,
too. Sometimes they will download the virus and modify the source code to
include their own identity or the URL to their personal website. This, of
course, is designed to lend “street cred” to their supposed programming
skills and gain them some fame. Unfortunately for them, it also makes them
a lot easier to track down and prosecute by the authorities.
The script kiddy is the obvious bad guy here, but the person who
actually programmed the virus is certainly at fault as well. Unfortunately, the
law is not so clear. If the programmer is approached, they may admit that
they created it but will quickly note that they did not release it into the wild.
Legally, then, they didn't really do anything. The truth is, though, that many
of these virus authors put the code online knowing full well some script
kiddy is going to come along and let it loose. So we really are looking at
havoc by proxy.
Not all virus writers are trying to cause harm. Sometimes viruses are
programmed simply to be noticed. For example, some viruses are set to
simply display a message right in the middle of the screen. No harm done,
but it is definitely noticed by the owner of the infected machine.
Some viruses are programmed specifically to exploit a new hole

found in certain software or operating systems. Microsoft Windows and
other software by the company is a pretty common target. In fact, Microsoft
finds itself a common target for virus writers who are particular hostile
toward the company. These programmers actually blame Microsoft for the
troubles caused by the viruses, saying that it could not occur if the
company released more secure products. Many virus writers resent the fact

that Microsoft is so successful and is used on so many computers. They
take pride in causing trouble for the software giant. At the same time, the
typical end user of Microsoft Windows is not always computer literate and
this makes for easy victims. If the user of Windows doesn't know enough to
know how to avoid infections (as is common for many new computer
users), it is really easy for infections to spread.
It is really hard to say if Microsoft finds itself a target because of it's

poor product quality or simply because it is the “big dog” in the industry.
The virus scene is oddly very social. Many viruses are created solely
for the bragging rights and the “street cred”. Virus programmers are very
intelligent. They may not be the most socially adept and they find friendship
with other programmers. They are often very libertarian and do not like to
confirm to societal norms. Many of them have a chip on their shoulder.
Perhaps they got fired by a company and want to get back at them.
Perhaps they want to take a poke at the industry after failing to get a job.
Most virus writers are quick to justify what they do. They are quick to
say that they are not the ones spreading the virus. They have simply
created a program that is designed to self-replicate but it is the actions of
the end user that allows the process to proceed. They argue that they
cannot be held accountable for the naïve actions of somebody else. This is
a very similar argument as is sometimes used with guns. The virus creator
may have created the gun, but they can't be blamed for what the gun is
used for. Virus programmers don't spread viruses – people do.
For those who fight viruses, casual virus programmers and “script
kiddies” are not the real threat. Sure, they can create a lot of trouble.

However, it is fairly predictable and it can be dealt with. What keeps them
up at night are the more sinister ones – those viruses designed specifically
for criminal purposes.
Types of Viruses
Not all computer viruses are equal. After all, virus writers are often
trying to impress their colleagues. Nobody would be impressed if they all
did the same thing. So, yes, there is a lot of variety, not only in what the
viruses do, how they spread, but also in methodology.
We can classify this whole area into the following:
Computer virus.
A small piece of software that is designed to piggyback on other
programs to work and spread. For example, a virus may be designed
to attach itself to a particular operating system file. Whenever a
particular operation is performed on that computer, the file is run. The
virus is also run, leading to the virus spreading and doing what it was
designed to do.
Email virus.
An email virus is designed to spread specifically through email. It
does not tack itself onto other software. Instead it takes advantage of
email. For example, it may be spread by email attachment. Whenever
a user opens the attachment, it will run the virus. Typically the virus
will automatically and invisibly email itself to other email addresses in
your email software, such as your contacts. Some email viruses are
even designed to not specifically require the user to open the file.

Simply by previewing the email in the email viewer, it could execute
the virus.
Trojan Horses.
A trojan is a program that disguises itself as one thing while actually
doing another. For example, a trojan may masquerade as a movie
file, screensaver, or perhaps a picture file. When “opened”, the trojan
will infect the PC.
Worm.
A worm is a piece of software that is designed to take advantage of
security holes in software or networks in order to spread. When it
spreads to a computer, it will begin to scan the network for other
computers with the same security hole. If it finds an available host, it
will spread itself.
Within these virus types, we have some other different classifications:
1. Boot Virus: A boot virus is designed to infect the master boot record
of the hard disk. The master boot record is that area of the hard drive
which is responsible for booting your computer when you turn it on.
When a virus is able to infect this section of your hard disk, it will be
executed immediately after you turn on your computer, before you
operating system even has a chance to load.
2. Program Virus: This is a virus which is run just like any other
program on your computer. Such a virus may have a file extension
like BIN, COM, EXE, DRV (driver file) or SYS (system driver). When

the program is run, the virus is executed as well and becomes active
in system memory.
3. Stealth Virus: This is a computer virus which is designed specifically

to avoid detection by anti-virus software. It may do this by redirecting
the drive's read/write head to another sector if the sector the virus is
on is accessed.
4. Multipartite Virus: This is a combination of boot virus and program

virus. The virus is executed as a normal program but, when run, will
then infect the master boot record. A program which is designed to
install a virus is often called a dropper.
5. Polymorphic Virus: A virus that will encrypt itself in different ways so

as to look different each time it is spread. This makes detection
harder for anti-virus programs.
6. Macro virus: This is a virus designed to take advantage of the macro

capability of many types of documents, such as Microsoft Word.
When the document is opened that is infected, the macro virus is
activated and run. The virus may be designed to infect the Normal.dot
file (the document template for all Word documents created by
default) which would mean that all Word documents you create after
infection will also contain the macro virus.
7. Active X: ActiveX is a Microsoft-created way of allowing small applets

to run on your computer directly from the web browser. For example,
when you run Windows Update inside of Internet Explorer, you will
notice that it is updating your computer by way of Internet Explorer.

Well, this same interface opens up a whole world of potential security
breaches. ActiveX could be used to run other software code as well,
even if not created for helpful purposes.
8. Cross-Site Scripting: This is a type of vulnerability that is more or

less exclusive to web-based applications. Essentially, a security hole
would exist in the website which would allow the attacker to inject
their own programming code into the webpages viewed by other
people.
As you can see, there are a lot of very creative ways to breach the
security of your computer. As software on our computers get larger and
introduce more features, more and more effort is made to make things
more convenient. However, convenience sometimes means opening things
up to security breach. Since virus authors are just as creative as the
programmers of your favorite software, there are about as many avenues
of attach as there are programs available to your computer.
Virus Examples
There are new viruses, worms and trojans coming out all the time.
The volume of new virus activity is actually pretty staggering. Some worms
and viruses end up becoming more famous than others due to the speed of
spread or the type of damage it causes. This, of course, is what the creator
of the virus wanted – media coverage and notoriety. The larger majority of
viruses do not end up creating much of a ripple. Others can create tidal
waves.
Let us look at a few examples of computer virus and/or worm:

1. Nyxem: This worm was discovered in the beginning of 2006. The
worm spread itself by using mass email. It was designed to activate
on the 3rd of each month, about 30 minutes after the computer starts
up. The worm was designed to do many things. For example, it would
try to disable security software installed to the computer as well as
attempt to destroy certain kinds of Microsoft Office files. When
executed, it would attach itself to rundell16.exe, scanregw.exe,
update.exe and winzip.exe. The most usual type of email to contain
this worm are those advertising Viagra. For more information, read
about W32.Blackmal.E@mm at Symantec.
2. Samy (XSS): This was a cross-site scripting virus designed to use

Myspace.com to spread. When infected, the virus would display the
words “but most of all, Samy is my hero” on the Myspace profile of
the infected person. When a user viewed that profile, they would have
the same thing planted onto their own Myspace profile. The virus was
relatively harmless, only designed to automatically make a friend
request to the author of the virus. By attaching itself to Myspace, one
of the most popular sites on the entire internet, Samy was able to
spread to over one million users in less than 24 hours. Myspace sued
the creator of the virus and he was ultimately sentenced to three
years probation.
3. Sasser: Sasser was a computer worm sometimes referred to as “the

Big One”. It spread itself by finding a vulnerable network port on
computers powered by Windows XP, Windows 2000 and some
versions of Windows 98. The worm would result in random crashes to
Windows. Due to the popularity of Windows itself, the worm was able

to spread quickly and have many side effects. It managed to cause
Delta Air Lines to cancel several transAtlantic flights because their
computers were down. The AFP news agency had it's satellite
communications down for several hours.
4. Mydoom: This was another famous worm that spread quickly by way
of mass email over computers powered by Windows. The worm
spread by way of emails that looked to be error emails, such as “Mail
Delivery System”, “Test”, or “Mail Transaction Failed”. The email had
an attachment that, if executed, would infect the PC with the worm.
The worm would then scan for email addresses locally on the infected
computer (such as in the Address book) and email everybody in it.
Once infected, the PC would serve as a zombie for spammers,
allowing back door remote control of the computer via port 3127. A
second version of the worm would block internet access to Microsoft
as well as the sites of many anti-virus software, thereby blocking
access to updated virus definitions and updates to Windows. You can
get more information at Viruslist.com.
5. SoBig.F: SoBig was a very well known computer worm that was also
a Trojan. It spread by way of e-mail yet again, however it was also a
Trojan because the email was designed to look like something
benign. The email would typically have a subject line like “Re:
Approved”, “Re: Thank you!” or “Re: Your application”. These subject
lines were designed to trick the user into thinking it was a legitimate
email and even a reply from an email they had sent earlier. The email
would contain the text “see the attached for details” and would
contain an attachment, usually with a PIF file extension. Opening the

attachment would infect the PC. The worm infected internet-enabled,
Windows-powered computers.
6. Blaster: This worm infected Windows powered PCs as well and was
designed to launch a denial of service attack on windowsupdate.com.
A denial of service (DoS) attack is when a particular server is so
overloaded with incoming requests that it cannot handle legitimate
requests. So, the idea was to have infected computers
simultaneously hammer the Windows Update site such that the
service went offline. The worm was fairly easily stopped and the rapid
spread of the worm was eventually mitigated. The worm was also
known as Lovsan because inside the source code of the virus was
the line “I just want to say I love you San”. Notably, though, there was
another line which read “Billy Gates why do you make this possible?
Stop making money and fix your software!!”.
Those viruses that make the most press are often worms due to the
volatility with which they can spread. Also, Microsoft Windows often makes
the biggest target.
How To Tell If You're Infected

There are a lot of different worms and viruses out there. You may
think that the entire thing is beyond your control. However, it really is no
more beyond your control than a biological virus. A biological virus, when it
infects the host, becomes apparent by way of certain observable
symptoms. You are not going to get a little notification on your screen
saying “You are infected with the BLAH virus”. Instead, you will begin to
notice things that are out of the ordinary.

Here are some typical signs that your computer may be infected with
a computer virus:
1. The PC has slowed down noticeably and programs take longer to

load.
2. The time-stamp on files may change. When a virus attaches itself to

one of your files, it has to modify that file and this will result in the
time-stamp (the date last modified) of the file being updated. If you
notice a file that has been updated when it shouldn't have, this may
be a sign.
3. Increased level of disk access. The hard drive may get very busy or
may be accessed when you are not doing anything. The floppy
diskette drive (if you have one) may be accessed without explanation.
With the hard drive, it is easy to confuse this activity with normal
operating system maintenance activity.
4. Increased use of disk space without explanation – caused by the

virus spreading in your files and attaching itself.
5. Errors about attempts to write to write-protected files or folders.
6. Strange characters appearing in file or folder names.
7. Strange messages appear on screen or in your documents.
8. Strange graphical displays on screen, such as falling letters or some

other attention-getting display.
9. Overall instability, random crashes.

10. Documents overwritten with garbled text.
It is also worth noting that it is possible that your computer has trojans
or other viruses laying dormant on the machine without your knowledge.
For example, most people will routinely get viruses emailed to them. This is
not really a matter of concern because, in most cases, you have to actually
open the attachment to begin infection. Besides, your virus scanner should
detect these. Via one method or another, it is not uncommon for a
computer to have various malware installed and not know about it. You will
not notice any symptoms simply because the computer is not officially
infected until the malware is actually executed.
Microsoft Windows is the most common attack point for virus writers.
According to statistics, there are over 140,000 known viruses for Windows,
around 4,000 for MS-DOS, and only 30 for Linux and 1 for Mac OS X. So, if
you are running a computer powered by Microsoft Windows, this is
certainly a problem you need to concern yourself with.
This is not to say that Linux and OS X users are immune. As noted
earlier, many virus writers have a particular bone to pick with Microsoft.
Perhaps they are jealous over the company's success and just want to
poke holes in their software. Whatever the motive, the popularity of
Windows also makes it an ideal target. The user population of OS X and
Linux is nowhere near as large as that of Windows, making it not as
attractive as a target.
If a virus writer is trying to create an effect, they will go where the

people are. If more end users migrate to OS X or Linux, those operating
systems will begin to find themselves the target for these same kinds of

security breaches. Users of Linux and OS X like to brag that those
operating systems are immune from computer viruses. This is almost
definitely not the case. The truth is only that those systems are not as
attractive of a target because not as many people use them.
Virus Prevention
Now that we have covered the general background of computer
viruses, it all comes down to one thing: how do you prevent it? The good
news is that it is very easy to prevent and it is not going to take long to
explain this to you.
Here are the general preventative techniques. Some of these will be

obvious. Others perhaps not as much.
1. Install and use an anti-virus program. I will list some options for you
below. This single act will prevent almost any type of infection you
can have.
2. Enable any real-time monitoring that comes with your security suite.
This will watch your computer for any signs of infection at the time of
execution.
3. Set the update schedule on automatic for your anti-virus software so

that you do not rely on your memory to keep your virus definitions up
to date.
4. Allow the software to perform a full system scan of your hard drives
for viruses at least twice per month.

5. Be sure to virus scan ALL software and attachments that come from
the internet.
6. Just in case, prepare a rescue disk with critical system files that will
allow you to boot the computer in case of a serious issue that keeps
the system from properly booting.
7. Go into your BIOS and make the C drive your primary boot drive. In
other words, place the C drive first in your boot order. This will
mitigate somewhat the effect of boot record viruses from external
media such as floppies.
8. Do not download or install software from questionable sources, such

as sites with illegal “warez” software. In short, any pirated software
site or porn site is a sure-fire way to get your computer infected
quickly.
9. Keep your operating system patched with the latest updates. Users of
Windows need to run Windows Update fairly often because they are
always finding and patching vulnerabilities in that operating system.
10. Treat all email suspiciously if it has an attachment. Even if the email
looks like it came from a close friend or family member, the virus
examples above should show you that sometimes that only means
your friend or family member has an infected PC.
11. Regularly back up your files. Should the worse happen, you can
always get your data back from backups.

The chance is probably as high as 99% that any virus that makes it's
way to your computer will do so via your internet connection. So, as long as
you have your defenses up on things coming IN to your computer, you will
be fine. The primary focus of attention will be on your email and anything
that you download. Keep in mind that when you are surfing the internet,
you are downloading code in order to display websites. So, surfing the
internet counts as downloads and needs to be watched as well.
There are a lot of different options out there for anti-virus software:
1. Norton Antivirus. This is perhaps the most popular option and is a

quality product. Symantec is a leader in anti-virus and you are
generally in good hands using their product.
www.symantec.com
2. Kaspersky Anti-Virus Personal. Another good anti-virus suite with a

team that is very quick to responding to and releasing new virus
updates when a new virus is discovered.
www.kaspersky.com
3. McAfee VirusScan Plus. Another good scanner, also including

SiteAdvisor which supposedly helps you against spyware and
phishing sites.
www.mcafee.com
4. Panda Antivirus. Guards against viruses and spyware with a light

system footprint.
www.pandasecurity.com

5. F-PROT Antivirus. Defense against viruses, spyware and malicious
ActiveX controls. Also allows for command line scans in Windows
safe mode.
www.f-prot.com
6. AVG Anti-Virus. Another quality product, most notable for also

having a FREE personal edition available, creatively called AVG Anti-
Virus Free Edition. The free versions works quite well for typical
home user use.
www.grisoft.com
free.grisoft.com
7. Nod32. A very fast and lightweight anti-virus scanner which has been
around for years. Definitely a good option if system performance
impact is of major concern to you.
www.eset.com
There are many, many others. Obviously, with the prevalence of the
threat and the fact that so many people use Windows, a lot of companies
have gotten on the bandwagon offering their own security suites for
Windows.
A user of Mac OS X also has some antivirus options available to

them, although it is debatable that they have a strong need to have
anything installed. If they do wish to have something, a Mac user might try:
1. ClamXav. A free virus checker for Mac OS X. www.clamxav.com
2. Norton Antivirus for Mac. www.symantec.com/nav/nav_mac/

3. Sophos. www.sophos.com
4. McAfee VirusScan. www.mcafee.com/us/enterprise/products/

anti_virus/file_servers_desktops/virex.html
Virus Removal
Anti-virus software mostly works the same way. It scans your hard
drive for particular signatures that indicate a known computer virus that is
contained in the virus definitions supplied by the company. If it finds a sign
of a virus, it will typically offer to quarantine or delete the infected file.
Quarantining the file will place it in a tightly controlled area by the anti-virus
software so that it cannot infect the computer.
Anti-virus programs work best as a line of defense. In some

instances, they can repair the damage after infection. In other cases, it
cannot. So, what do you do if your computer is already infected by a
computer virus?
The best thing to do is first spot exactly which virus is infecting your
computer. Usually your anti-virus program will identify this for you. Next
(and only if your antivirus program cannot do it for you), you will need to go
online and search for removal instructions for the virus that you have.
Usually you will find information on the major sites of antivirus software
vendors. For example, Symantec maintains a library of removal tools for
various viruses at:
www.symantec.com/business/security_response/removaltools.jsp
If there is no removal tool which automates the job for you, often you can
find todo lists on how to manually remove it yourself. Many times the

removal processes are not quick and easy, depending on the nature of the
virus you are infected with.
A particularly bad virus may render your computer unbooatable. In

this case, you will not be able to use your anti-virus software as usual in
order to detect and/or remove the virus. The good news is that most good
anti-virus programs give the ability to create a rescue disc. This rescue disc
is usually bootable so that you can boot the machine even if Windows
cannot. It will then automate the process of scanning for viruses even
without officially going into Windows. If Windows itself will not work, this is
usually your only way to fix the problem.
Another option may be to go into Windows safe mode and attempt to

run a virus scan that way. Safe mode is a reduced mode of running
Windows. In safe mode, all startup software, services and many drivers are
usually disabled. This allows you to run Windows without any of the
payload which may be allowing the virus to operate. You can get into safe
mode by rebooting your computer and pressing the F8 button BEFORE the
Windows logo appears on screen. You may need to hit the F8 button
several times to ensure the system detected it. You will then get a boot
menu. Option 3 will be to enter safe mode. Once in safe mode, run your
anti-virus software and/or perform the manual removal actions for a virus
you know you are infected with.
If your computer gets infected with a particular bad virus that does
real harm to the files on your drive, your only option may be to format the
computer and re-install Windows. This is a last resort option only if the
computer is so far gone that you are pretty sure you will not be able to

recover it properly. In this case, your data backups (which you should have)
will come in handy. You will need to format the drive, re-install all your
software, then restore your data files from your backup.
If you do not have valid or up-to-date backups, there is yet another

option available to you. In order to do this, you will need a second hard
drive.
1. Install the second hard drive to your computer and re-install all of
your software to the NEW hard drive.
2. Next, attach your old, infected hard drive to the new computer as a
second drive. If it is an IDE drive, connect it as a slave. If it is a SATA
drive, simply connect it.
3. When you reboot the computer, make sure to go into your BIOS and
make sure the NEW drive is designated as the bootable drive so that
your computer does not attempt to boot with the infected drive.
4. Once the computer has completed booting, use your anti-virus

software to scan all of your data files on the old drive (which should
be available in Windows Explorer as a second hard drive).
5. Only when the files check out as completely clean, you can copy and
paste those files over to your new hard drive.
A Word on Hoaxes
The world of computer viruses is not always understood by people.
Often that lack of understanding can lead to unnecessary worry. This has
given rise to virus hoaxes. A virus hoax is meant to simply scare people

and has no actual harm potential to anybody's computer. It is simply a
practical joke and, cleverly done, can result in thousands of people
forwarding it around thinking it is legitimate. Those who have fallen for it are
simply trying to warn people. Those who created it laugh the whole way.
How do you spot a virus hoax?
1. If it comes from a friend or family member, it is usually forwarded with

the hopes of warning you. If you search the internet for any of the
facts in the email, you will usually find others are calling it a hoax.
2. If the email encourages you to forward the email to as many people

as you can, it is usually a hoax. A real warning would refer you to a
respected source for information.
3. If the email contains a bunch of technical jargon, don't fall for it.
Sometimes the hoax creators take advantage of the public's lack of
technical knowledge to fool them into thinking they know what they're
talking about. Even a janitor can appear as a doctor if they use
enough Latin words! Don't fall for it.
If you suspect that you have gotten a virus hoax email, do not forward it. If
you find clear evidence that it is a hoax, reply to your friend and tell them
they just got duped. It will at least keep them from emailing it to others.
Additional Resources
 Computer Knowledge Virus Tutorial
http://www.cknow.com/vtutor/index.html

 Computer Virus/alt FAQ
http://www.landfield.com/faqs/computer-virus/alt-faq/
 Essential Free Tools for Removing Spyware, Adware and Malware

http://www.pchell.com/support/spywaretools.shtml
 Symantec Threat Explorer

http://www.symantec.com/business/security_response/threatexplorer/
index.jsp
 List of Antivirus Software

http://en.wikipedia.org/wiki/List_of_antivirus_software
 List of Computer Viruses

http://en.wikipedia.org/wiki/List_of_computer_viruses
 The WildList Organization International

http://www.wildlist.org/
 Trend Micro Virus Information

http://www.trendmicro.com/vinfo/
 avast! Virus Cleaner – free virus removal tool

http://www.avast.com/eng/avast-virus-cleaner.html

Spyware
Spyware: a term computer users have been hearing about more and
more often during their travels through the World Wide Web, or through
visits to the repair shop.
Spyware is something that has been becoming increasingly common

on systems. A system brought online with no protection is completely
vulnerable within the first few minutes it is connected to the Internet.
Statistically speaking, you have about 20 minutes before the system is
completely loaded up with spyware and malware. It has become more of a
common problem than virus infections. Most forms of spyware do not
outright destroy your computer system, but rather, create various annoying
issues and also result in an overall negative impact on system
performance. It can sometimes render the speediest 3.2GHz system
helpless, making it act like an old 266MHz machine on a good day. For
you, the user, there has yet to be an instance where spyware helps in some
fashion and while remaining free of any negative attributes. Spyware
infests your system, compromises privacy and security, and goes on to bog
down system performance and Internet bandwidth.
Taken down to its simplest form and to be quite general, spyware is a

software technology that assists in information gathering. The kind of
information being gathered depends on how the spyware was written and
what it was made to target. Once installed on a system, it can collect
password data, bank and credit data, information on web surfing habits,
email addresses, or just about anything else that you may consider a
breach in privacy. This information is gathered from your computer and

then relayed over the Internet to advertisers and any other interested
parties, as allowed and directed by the piece of spyware. This definition,
however, does not include or apply to all forms of software that fall under
the heading of "spyware".
The Internet can be a great place to visit and can contain a wealth of
information that is made readily available at your fingertips, but like
anyplace else, you must exhibit a certain degree of caution while making
your way around. Wariness coupled with awareness can go a long way to
help combat spyware.
A common rebuttal as to not making a good effort in the area of

system security is this common excuse: "I don't keep sensitive data on my
computer. Why would anyone care to hit my computer with spyware and
malware?" Machines that can be easily compromised are usually turned
into servants for launching larger attacks and flood their Internet connection
as a result. In other words, your system will be quite easily turned into a
zombie computer without adequate protection, which will go to hurt other
computer users. Additionally, there can be a significant amount of data
transferred while your computer is serving as this kind of host, and many
ISPs have limitations on a user's monthly bandwidth, which can include a
speed cap or disconnection of service.
If you're a firm believer in the argument that you "don't have any
important data on you machine," just take into consideration that your
computer has the potential for conducting illegal activities and privacy
invasion. Like owning a car, owning a computer comes with certain

responsibilities that must be fulfilled so that harm does not befall others on
the information superhighway.
The first known recorded use of the term "spyware" reputedly

appeared in a Usenet post on October 16, 1995 that took a humorous stab
at Microsoft's business model. The term "spyware" was applied to
espionage equipment until its next appearance in 1999. Zone Labs used
the term in a press release for their new Zone Alarm Personal Firewall
software. From then on, the term "spyware" has been applied as we know it
today. The first anti-spyware program, OptOut, was released in 2000 by
Steve Gibson of Gibson Research, as the result of the growing problem of
spyware. Other spyware removal and prevention tools have since surfaced.
Spyware almost always comes as "extra baggage" from sites

providing "shady" content, such as pornography, warez, and game cheats.
ActiveX pop-ups asking for permission for software modules to be installed
is another method. They usually go hand-in-hand with sites containing
"shady" or "underground" content.
Another large source of spyware comes from downloaded shareware

or freeware programs. Licensing agreements included with downloaded
software sometimes warn the user that some sort of spyware program will
be installed along with the main software package. However, the spyware
notices in licensing agreements are usually difficult to locate, as they are
often seeded within lengthy, hard-to-read legal disclaimers. However, this
doesn't mean that all freeware and shareware programs contain spyware.

Some file sharing networks, such as KaZaa, have been flooded with
all sorts of malicious files and programs, and what you may be
downloading might not be what you think it is.
All in all, there's no such thing as a "free lunch" when it comes to

illegitimate software and "free" underground content.
As of now, spyware itself is not illegal. It is simply software that is

freely downloadable off of the Internet. The only recognized form of illegal
software is known as "warez". However, this doesn't make all of the
activities performed by spyware legal. Some of them are quite illegal.
Because of the array of illegal activities that can be spawned from spyware,
the U.S. Courts have been tossing around the issue of spyware and its
legality. No formal decision has yet been reached. There is, however, an
Anti-Spyware bill floating around the U.S. Legislative system that is
undergoing amendments. The details of the most recent actions concerning
this bill can be found in Wired News. As for the actual bill itself, a readable
copy can be found here.
Types of Spyware
The single, all-encompassing term "spyware" is more or less a
misnomer, for there are a number of different kinds of software that engage
in data harvesting and come under the broad, umbrella-like term "spyware".
Spyware can be loosely associated with viruses; Trojans and Worms being
the closest relative to viruses, but there is a fine line of difference. Viruses
are typically self-replicating. They can copy themselves and spread from
computer to computer through security holes and exploits, as well as
relying on a user's poor security habits to quietly slip in to an unguarded

system. Spyware usually relies on a user's ignorance and credulity to infect
a system and does not engage in replication. So, in effect, the first and best
form of prevention is awareness.
Adware
Adware, or advertising-supported software, is basically software that

displays advertisements on your computer. Adware by itself does not
threaten privacy or security. It is not usually written with the intent to
vandalize computer systems or the Internet. Fundamentally, there were
three major influences that led the push behind the development of adware:
the failure of selling small, low-priced software in retail packages, the rise of
peer-to-peer apps, and the rise of cost-per-click advertising.
Adware helps offset development and maintenance costs of software

or website hosting, and in turn, can help provide software and website
hosting free of charge. It can even help turn a profit when software or
websites are provided free of charge to users and supported by ads. Ad
supported software is one of the forms of "shareware".
Certain forms of adware sometimes go overboard and stray into the

realm of spyware. They collect personal information and pass it on to third
parties without the expressed consent or knowledge of the user in the
hopes of providing more specific ad targeting.
Browser Helper Objects
A BHO, or Browser Helper Object, can be a useful little browser plug-

in module when used legitimately. For instance, the Microsoft Word plug-in
that allows Internet Explorer to read .doc (a.k.a. Word Document) files
within their browser is a BHO. The same goes for Adobe Acrobat's plug-in

for PDF files. Google Toolbar is also another example of a BHO, but in this
case, it is attached to IE's UI, so it can be used directly by the user.
Because of the free roaming privileges BHOs are allotted within

Internet Explorer, some forms of spyware are installed into IE as BHOs,
and can perform a number of tasks. This can include a keylogger (which
usually activates when some sort of HTTP financial service is detected,
intending to collect credit card numbers, usernames and passwords), and
can record a user's browsing habits and send the recorded data off to third
parties.
Browser Hijackers
Browser Hijackers can include malicious BHOs, as well as go to

change various settings within Internet browsers (usually directed at
Microsoft Internet Explorer). These altered settings can cause your
homepage to change, add bookmarks, create pop-ups faster than they can
be closed, and redirect addresses that users may type in (especially if
typed without the www. preface.) All of these browser alterations usually
end up directing the user to sites containing pornography, warez, game
cheats, or any other "underground" material.
One of the most common browser hijack methods used is to add

entries to the hosts file. So, instead of sending servers to the localhost
black hole, certain web addresses are redirected to servers that you
probably would not want to go on your own.
The results of browser hijacking most often lead to non-technical

problems, which include accessing inappropriate sites at work, straining
personal relationships, and/or coming under scrutinization (and possibly as

far as being arrested) for possession of illegal material. Browser hijackers
are often one of the hardest forms of malware to deal with, on both
technical and non-technical standpoints.
Computer Barnacles
Barnacles are data collection and/or advertisement producing

software that are often bundled along side larger software packages, and
are usually installed with the user's unwitting consent. Consent is usually
gained through hard-to-read license agreements, or ActiveX pop-ups.
Barnacles are made to be difficult to uninstall, often intentionally

using confusing or counterintuitive uninstallation wizards to prevent the
removal of the spyware software. Sometimes, uninstallation requires the
user to fill out an online form, but depending on the shape that the system
is in (with other forms of spyware possibly installed), this may not always
be possible.
Barnacles often exhibit the same system degradation symptoms as

other forms of spyware, however barnacles often target the Layered
Service Provider (basically this is a protocol called winsock, which defines
how software accesses network services, such as TCP/IP) to redirect data
from a system's TCP/IP stack (a set of protocols that defines how data is
sent over the Internet). When this form of barnacle is removed, it usually
corrupts Internet protocols, thus requiring a reinstallation of the TCP/IP
stack.
Dialers
This form of malware is only applicable to dialup or ISDN Internet

connections. Some of these dialers include scripts to disable the modem's

connection sounds, so you can't tell if and when it may be dialing out.
Users on broadband connections may still get dialers installed on their
system, but dialing a phone number is not possible on broadband networks
because they are not composed of regular phone numbers.
There are two basic methods that dialers operate under. The first is
via security holes in Windows Operating Systems. They either use the
Windows dialer, another legitimate third party dialer, such as one included
with AOL, or someone's own malware dialer. The other method entices the
user with promises of special content only if they call the number listed,
which usually appears on sites providing pornography, warez, game
cheats, or any other "shady" activity.
Any of these dialing methods may rack up a significant phone bill.

This money usually lines the pocket of the person or organization providing
the malware. 900 numbers, a.k.a. premium rate numbers, are most often
used, and can generally cost up to $4 per minute, with the call usually
lasting about 10 minutes.
Keyloggers
Keyloggers are either small programs or small hardware devices that

mainly do one thing- record any and all keystrokes that may be typed in by
a user. In the case of espionage, a device is used to capture keystrokes by
placing it at the end of a keyboard cable, whereas another kind can be
soldered right into the keyboard's circuit board.
In terms of spyware, keyloggers can be distributed and installed on a

computer system by means of a Trojan, virus or worm.

Malware
Interestingly enough, the prefix for this term in both the French and
Spanish languages translates to "bad". No argument here about that
description. It has also been stated that the term has been shorted from the
word "malicious" and combined with the word "software". Either way,
malware is software that intentionally causes harm on a computer system.
Malware should not be confused with faulty software containing bugs; for
bugs, no matter what the problem may be, are not intentional.
It is difficult to specifically classify malware, since other types of

spyware tend to overlap with it. Viruses, trojans and worms all fall into this
category.
A less common form of malware that doesn't really fall under any
other categories and engages in self-replication is referred to as a "wabbit".
It doesn't self-replicate from system to system, but rather, uses a simple
recursion algorithm to replicate itself indefinitely to clog up system
resources until the system is rebooted. Any first year application
programmer has the ability to create one.
Spyware
Overlapping with the extreme form of adware, spyware is more

engaged in unethical and explicitly illegal purposes. These activities can
include spying on a user's surfing habits for marketing purposes, as well as
anything else coming under the heading of "spyware", where each activity
is explained under the associated form of spyware in this article.
Unprotected Windows-based computers can rapidly accumulate a

surprising about of spyware components. Awareness, tighter system

security and establishing a practice of more cautionary browsing habits can
help alleviate the problem.
Spyware is not known to cause outright system destruction or

replication, unlike a virus infection, but it functions more as parasite that
sucks up system resources. In most cases, the user is not at all aware that
spyware is installed, and assumes that it is the hardware that is no longer
up to par. Usually executing at startup, spyware runs in the background,
sometimes causing a huge drop in performance, system stability (crashes,
lock-ups and hangs), and available bandwidth on Internet connections
(because it is flooded to capacity). These results are mainly unintended by-
products of having a large amount of spyware flood a computer system.
The direct damage caused in this respect is merely incidental (discounting
the result of privacy invasion). However, some forms of spyware integrate
themselves into certain operating system files and can cause a mired set of
problems if the files are purged outright. This makes it even more difficult
and time-consuming task to completely clean a computer system and have
everything in fine working order afterwards.
Users who are not aware of the cause of all these problems
sometimes ditch their infected computer and go out and buy a new one.
That is a waste of money, as well as a waste of perfectly good computer.
Either awareness or a visit to a PC technician can help take care of a
spyware-infested system. Spyware has caused more visits to PC
technicians than any other problem in the last couple of years, and it
continues to grow.

Trojans
A Trojan, or rather its full name, "Trojan Horse" is an allusion to the

epic tale of the ancient city of Troy and the Greek's Trojan Horse. In the
siege of Troy, the Greeks left a large wooden horse outside the city. The
Trojans were convinced that it was a gift, and brought the horse within the
safety of the city walls. What the Trojans didn't know was that horse was
hollow, and hidden inside were a small number of Greek soldiers. After
nightfall, they snuck out of the horse and opened the city gates of Troy,
allowing the Greek army to enter and pillage the city.
Trojan horse programs work in much the same way; they may appear
useful or interesting at first glance to an unsuspecting user, but like the
Greek's Trojan Horse, it is certainly not the case. A Trojan is a form of
malware that cannot engage in self-replication, but can be harmful when
executed. A Trojan can be deliberately attached to otherwise useful
software, distributed on its own posing as useful software, or can be spread
through a variety of download methods over the Internet (i.e. email, IM, and
file sharing) by tricking users to open it. Note that Trojans cannot spread by
their own accord, they must be "invited" into systems, per say. They rely on
unsuspecting users to pass them around. If the Trojan poses as a harmless
joke or screensaver, for example, the idea is that unsuspecting users will
pass it along to their friends. It's yet another reason to ignore those chain
emails with "re: re: re:" in the subject header.
To further complicate matters, some Trojans can spread or initialize

other forms of malware. When used in this fashion, they are referred to as
"droppers". Other common features of a Trojan can include (but are not
limited to) file deletion, subtle to major file corruption, spying activities, and

data theft. Last but not least, Trojans can install backdoors in systems in
order to turn them into zombie computers, which can perform any one or
even many of the tasks just listed, as well as email spamming and DoS or
DDoS attacks.
Worms
The name "worm" was taken from a 1970's Sci-Fi novel, The
Shockwave Rider by John Brunner. While working on a research paper on
experiments in distributed computing, researchers noted similarities
between their software and the program described in the novel, and thus
adopted the term.
A worm is a form of malware that is similar to both a virus and a

Trojan. It's similar to a virus in that it engages in self-replication, and is
somewhat similar to a Trojan in that it can be, and usually is, a completely
self-contained program. Unlike a Trojan, a worm does not need to be
executed by the user; it can execute and jump around from system to
system on its own accord because of its ability to self-replicate. It can clog
up systems, as well as networks, and bring both to their knees. Other
features can include file deletion, email spamming (with or without file
attachments), and DoS or DDoS attacks. Like Trojans, worms can install
backdoors in systems in order to turn them into zombie computers, which
can perform any one, even many, of the tasks just listed.
For a brief time, programmers attempted to use worms as useful

system patching tools to plug security holes and other various
vulnerabilities. This, however, ultimately backfired. These types of worms
often clogged up networks more effectively than intentionally malicious
worms, as well as doing their work on systems without the user's explicit

consent. In the course of applying these patches, systems suffered from
sudden and unexpected reboots, thus effectively causing data loss in open
or unsaved files, as well as causing connection problems with the rebooting
of a server. Today, the potential legitimate uses of worms are now the talk
of computer science and AI theory.
Other Terms To Know
These are terms that aren't directly related to spyware, but have been
mentioned briefly and will be mentioned later on. They're good to know
within the general scheme of things, for general awareness.
ActiveX Pop-up
This contains an ActiveX Control, which is most often downloaded and

executed through a web browser, and can have full reign over Windows
Operating Systems. Because ActiveX Controls have such free access in
Windows systems, there is a huge risk that the software being installed can
be almost any form of spyware or malware.
Browser Cache
This is where all temporary webpage data is stored. All files that are
downloaded within your browser end up here, which can include: html, php,
cgi, jpg, gif, bmp, png, wma, txt, etc.
DoS Attack
(Denial of Service Attack) An attack on a computer system or network that

overloads all available resources, which causes a loss of network
connectivity by consuming all available bandwidth, or an overload of
computational resources in a computer system (flooding the RAM, maxing

out the CPU, or filling the hard drive), which often leads to lockups and
freezes.
DDoS Attack
(Distributed Denial of Service Attack) This attack is very similar to a regular

DoS attack, but in this case, the attack is made from multiple sources;
usually from zombie computers.
JVM
(Java Virtual Machine) A cross-platform execution environment. It allows

programming, program execution and computer connectivity compatibility
between Operating System platforms by means of a virtual machine
(computer).
MAC Address
(Media Access Control address) This is a unique identification address

used in hardware that connects to a network (ie, a modem or Ethernet
card).
msconfig
(Microsoft System Configuration Utility) This utility handles startup tasks.

Most often when it is referenced, it implies that the user should look at the
"Startup" tab. To access it, simply go to Start > Run, type msconfig and hit
enter. This utility is not included on Windows 2000 systems, so it will have
to be manually installed.
Phishing

Put simply, they are fraudulent acts committed online. It is an attempt to get
a user to reveal their passwords, credit card information, or any other
personal information via deceptive practices (usually by email).
UI - (User Interface)
This can be text based or graphical based. GUI (Graphical User Interface)
is the term most people are familiar with seeing.
Virus
Similar to a worm, but needs to be inserted into a file or program in order to

execute and propagate. They are not self-contained.
Warez
Illegal/pirated software; software that has been distributed freely without

being paid for and/or does not have a valid individual software license.
Zombie Computer
A computer with an Internet connection (most often broadband) that has

one or many hidden software programs or backdoors that have been
installed by a third party. This software can allow the computer to be
remotely controlled. Zombie uses include conducting DDoS attacks, email
spamming, warez file hosting and malware distribution. This can all be
accomplished while not revealing the attacker's true identity and laying
blame on the computer's owner. This can sometimes lead to an ISP
shutting down the Internet connection and/or blacklisting the connection or
MAC address.

Effects & Telltale Symptoms of Spyware
There is a large set of problems that are usually attributed to
spyware, but that doesn't mean the effects of spyware are limited to the
items described below. If you are experiencing any one of these, it may be
a good idea to run some spyware scans.
✓ When you start your computer, or when your computer has been idle
for many minutes, your web browser opens to display
advertisements.
✓ When you use your browser to view websites, new browser windows
open to display website advertisements. This isn't always
attributed to spyware on your system, however. The website you
are visiting could be supported by these pop-ups.
✓ Web pages are unexpectedly added to your Favorites folder.
✓ New toolbars are unexpectedly added to your browser.
✓ New icons are unexpectedly added to the desktop or system tray.

However, with most newer programs, a tray icon is automatically
placed in your system tray. This can be turned off in msconfig or
within the program's options or preferences.
✓ A program that has worked fine before behaves unexpectedly. This

can be attributed to spyware, but there can be other causes as
well.
✓ Windows components cease to work or behave unexpectedly. Again,

this is not always due to spyware.

✓ Random Windows error messages appear. Yet again, this is not
exclusively attributed to spyware.
✓ When you click a link in a program, the link does not work, or it
redirects you somewhere that you did not intend to go.
✓ Your browser suddenly closes or stops responding. Not just once, but
almost every time you use it.
✓ It takes a much longer time to start or shutdown your computer. This

symptom can also be caused by having a large number of
programs installed.
✓ Your computer seems very sluggish when opening programs or

processing tasks.
✓ There are several processes listed in the task manager that you don't
recognize as legitimate programs or Operating System
components.
These are some of the main symptoms exhibited on a spyware-

infested system. A user can exhibit one or more of these, and symptoms
are not necessarily limited to these descriptions. Although these symptoms
can allude to a spyware infection, spyware may not always be the culprit
causing these problems.
What Kinds of Tactics Are Used?

Much of the time, spyware relies on persuading unaware or credulous
users to download and install it by offering some kind of seemingly enticing
bait, such as a prize, free money, a free service, or a free service that's

"better" and supposedly gives you a leg up on widely known legitimate
software or services. 99% of the time, you can assume that it will not help
in any way.
Here is a list of known spyware applications (http://

www.spywareguide.com/product_list_full.php) and a list of known spyware
creators/vendors (http://www.spywareguide.com/creator_list_full.php).
Check these lists if you run across a program you want to install, but don't
really know anything about its origins or appear on unprofessional
websites. If the software does not appear in the product search, it is either
too new, too obscure, or not a threat.
ActiveX
Accepting ActiveX plug-ins is an easy way to get spyware installed on

your system. These are usually found on sites containing "underground" or
"shady" content. Legitimate sites, such as Microsoft and Macromedia may
ask to install installer engines if you are downloading updates or programs
and usually say on the web page that you will be prompted to install an
ActiveX plug-in. In cases like these, it is fine to let the ActiveX plug-in be
installed, for it is needed to complete an operation. There is a big
"however" to add to this - some sites with spyware are clever enough to
include a notice for the ActiveX pop-up, so be careful. Pop-ups offering
"free" something-or-other or "browser enhancements" should be avoided.
Additionally, random junk that pops up on random sites where you are not
explicitly downloading something should not be allowed to be installed.
Here is one such example of an ActiveX pop-up that should not be

allowed to run:

Fake Removal Tools
Beware of programs masquerading as adware or spyware removal

tools, becoming known as "BetrayWare". There are a small number of
legitimate adware and spyware programs available; make sure that the
removal tool program you download is a legitimate one. Other fake removal
tools don't go to cause harm to your system - some tools merely do nothing
to combat the spyware problems, contrary to promises in their
advertisements. Still others are simply clones of legitimate removal tools,
but aren't quite as good as the originals, where the core engine was swiped
or licensed from, meaning that the major change is just a different GUI.

A comprehensive list of fake removal tools is available if you should
want to check up on some removal tool that is being advertised or has
been installed on your machine. That URL is:
www.spywarewarrior.com/rogue_anti-spyware.htm#products
Misleading or Enticing Advertisements
Advertisers will use every trick in the book to grab your attention.
They will use interactivity and movement, your sense of curiosity, your
sense of humor, your sense of justice and right and wrong, your sense of
greed and desire, and just plain unawareness or credulity simply to get you
to click. Your click on an ad registers "Ka-Ching!" for the advertiser, both in
terms of monetary profits and the installation of spyware for the purpose of
data harvesting.
Users are often tricked by advertisements such as these:
At first glance, it looks like a serious Windows error message, and some
users will click the "yes" almost automatically. However, if you look in the
bottom right corner of the ad, it says "advertisement" in small light gray
letters. Its somewhat hard to catch if you are just skimming a webpage
quick. The other thing to know about these ads is that it doesn't matter
where you click on the ad; the whole ad is a clickable image that can

redirect the user to a spyware infested webpage, or to a page that offers a
spyware infested scanning utility (BetrayWare).
Another similar (and newer) advertisement is usually presented as a

pop-up, and contains similar content as the previous example. See if you
can spot the "advertisement" label in this ad:
Another common gimmick spyware creators/vendors love to use are

the interactive ads; the ads where the user had to click on something that's
moving around. All those "punch the monkey and win", and "knock out the
boxer and win" type ads are redirects to places users would not really want
to go on their own accord, since they are chockfull of spyware. No, you
never actually win anything, and if you enter your email address on their
website you will get spammed.
Here's an example of an interactive ad promising that free $20 for

performing an action. Notice the asterisk at the end of the phrase. That
implies there is fine print that is attached to the deal that is being offered in
the ad.

Here's an example of an animated lottery ad that goes to entice users
hooked on the game of chance; all forms of lotteries and gambling.
When it comes down to it, any ad

involving money, offering free
anything, offering great benefits of
drug enhancements, offering better
abs, offering a better love life, or any
other enticing item or service,
beware! It is most likely a scam to
install spyware and try to get you to
submit your email address for the purpose of spam. To make use of an
overused geek cliché, Admiral Ackbar says, "It's a trap!"
Phishing
Phishing is not a form of direct spyware, but it can still be a simple,

yet very effective tool for gathering personal information, sometimes
leading to identity theft. It can be very scary if someone is taken in by a
phishing attempt. As with anything else, there are a few things to look out
for so it can be avoided.
✓ Read critically for spelling or grammatical errors.

✓ Legitimate sites/organizations never ask for personal information over
email.
✓ Make sure the link

included in a
phishing attempt is
not masked. Here is
an example of what to look for. Notice that the text of the link
displayed looks legitimate, whereas the real link address directs
you to a phishing page. This of course screams "phishing attempt".
✓ Check the webpage address for anything out of the ordinary. For
instance, if the phishing attempt includes a link to a form that asks
you to fill out personal information and does not contain the
legitimate website's base address, it is most likely a phishing
attempt. For example, if the attempt happens to be for Ebay and
the link does not include ebay.com somewhere near the beginning
of the address, it is most likely a phishing attempt. In addition to
that, some phishing links can appear with letters switched around
or omitted in the base address so it still looks like a legitimate
address at a quick glance. www.microsoft.com may appear as
www.mircosoft.com, www.micosoft, or may have an addition made
to the front of the address such as www.msn-microsoft.com. It is
also suggested that you do not actually click on the link because
the website may be a host to all sorts of spyware and malware.
So, if it doesn't fool you into entering information, it will at least get
that junk installed on your system.

✓ Beware of link addresses that contain an IP address. This is a big red
flag that signifies that the server won't be up long enough to be
worth purchasing a domain name for it. In other words, it's a host
to a phishing site that probably won't be online for too long. The IP
address offers a direct link to the server without having to go
through a domain name server, so no record of it would be logged.
The link address can also be hidden by a mask, as shown in an
earlier example.
✓ Beware of redirection links. Links that may look official may actually
redirect you to a phishing webpage.
✓ Never fall into the trap of "get rich quick" schemes, especially if you
are called to perform some sort of service beforehand, and
especially if it's for someone in a 3rd world country.
✓ Never fall into the trap of emails asking for money or to help shuffle
money around, especially if they say something like, "Help me. I'm
really a displaced prince and will have access to a numbered bank
account I will share it if you help" or "Help, I was the victim of a
horrible tragedy and could use your monetary assistance through
this difficult time." These are the kinds of scams where the phrase
"a fool and their money are soon parted" can be applied today.
Don't fall into the trap!
✓ If you receive an email from a bank regarding account or personal

information, or if it's not from a bank you even use, it's definitely a
phishing attempt. Banks never ask for personal or account
information by email. They usually contact by snail mail or phone.

Also, it's rare, but not unheard of phishing attempts (fraud) being
carried out via snail mail or phone, although this method is usually
more expensive than sending out emails, and isn't used often for
this reason.
✓ For any email asking for personal information regarding some sort of
user or bank account, watch out for these (or similar) phrases
found in the email's subject or body: "Dear Valued Customer",
"Verify your account", "If you don't respond in [this amount of time],
your account will be closed", and "Click the link to gain access to
your account".
This MSN account phishing attempt is one of the most convincing phishing
attempts that I have noted. At first glance, it looks quite legitimate and even
sports a link to a page that looks convincingly legitimate. Take a look at it
and see if you can apply some of the telltale signs of phishing.

Take a look at the spelling. It's hard to catch at first glance, but
"Automatical" is not a word. This anti-phishing site shows details of this
specific phishing attempt. If you are ever not quite sure if something you
receive is a phishing attempt, Google it. Search for a small phrase found in
the phishing attempt and see you get any hits. If there are more than 3 hits
that say "Yes, this is a phishing attempt," it most likely is one. You can also
take a look at these two anti-phishing sites for information on phishing
attempts: http://www.antiphishing.org/index.html and http://
www.millersmiles.co.uk/.
Downloads
When you download a file to install from the Internet, that piece of
software always has a license agreement that can be viewed at some time
during the installation process. This EULA (End User License Agreement)
is included to take care of issues with copyright and liability laws. They
include permissions of what the end user can and can't do with the
software, as well as inform the end user of what the software does and
doesn't do. You will be hard pressed to find someone who actually reads
those license agreements on their own free time. Most users simply click "I
agree to these terms". Included in the terms of agreement can be notices
that forms of spyware may be installed with the main software package,
albeit often hidden within complex legal jargon.
Cutesy applications are a huge success for spyware vendors/

manufactures in that they are often laced with spyware that is installed
along side the main package as an extra feature that does users no good.
These “cutesy applications” can be screen savers, IM emoticon packages,
desktop buddies, and so on. A few good examples are Bonzi Buddy, Comet

Cursor, and Smiley Central. Whether or not the main purpose of the
package is entertainment or data harvesting, it is hard to tell. They do a
good job with both tasks. The amazing thing is that users sometimes pay
for these applications in order to get “special” or “extra” services.
Cutesy applications aside, there are additional freeware packages

that offer themselves as so-called legitimate and useful software, but
actually do more harm to you as a user, rather than good. Such
applications can include any Gator products, DashBar, PrecisionTime,
DateManager, eWallet, eAcceleration, and, yes, even the seeming popular
WeatherBug. Make sure you do your research on freeware that you may
want to install. There’s a relatively small portion of free applications that are
intentionally malicious, if all freeware is taken as a whole. There is a great
many more legitimate freeware applications available for use, so don’t let
these few malicious applications deter you from taking advantage of all the
freeware that’s available. A simple Google search of the application’s name
and the word “spyware” will usually turn up a significant number of results if
the freeware package is indeed malicious.
Search Toolbars are another set of applications that have become

quite popular. They are also a large source of data harvesting by collecting
search string information, as well as browsing habits, and can even act as
a keylogger.
Another source of adware, spyware and malware that gets installed

on a user’s system without their consent is referred to as a drive-by
download. Drive-by downloads are either embedded within a webpage,
installed as a result of clicking on a deceptive ad or pop-up, or just

bouncing around the Internet dropping into whatever unsecured computer
they happen to run across. Older browsers and un-patched security flaws,
in both browsers and Operation Systems, can allow drive-by downloads to
take advantage of your unprotected system. The lack of a firewall can also
be a big contributing factor, which can be compounded with the lack of up-
to-date security patches, making for a good double whammy.
This is why it is dangerous to go poking around and following

phishing links and ad links. Note that not all ads hide a page loaded with
spyware. A good portion of ads on legitimate websites are in fact, not ill
intended and will not install spyware on a user’s system. Just be aware of
deceptive pop-ups and ads because after all, they do exist.
Prevention Techniques
Tightening up system security, keeping up to date with security
patches, and engaging in safe Internet usage are the three main ways to
prevent spyware from entering your computer system. Many of these
techniques rely on each other to maintain overall good system security.
Don't rely on just one or two. Use most, if not all, of these techniques. You
will end up with a much healthier computer.
Administrator Accounts
It is wise to password protect all your administrator accounts as well

as the administrator user account named "Administrator". There are some
forms of spyware and malware that have been spread through these
accounts thanks to blank password fields. It is recommended that you use
at least an 8-letter/number combination.

You can access user account information in Windows XP by going
into the Control Panel > User Accounts. Select a user account and click
"Change my password". Follow the onscreen instructions. In order to
change the Administrator account's password, you will have to boot up into
safe mode. Restart the machine and before the windows loading screen
appears, press F8. You should then be given a menu of choices. Choose
"Safe Mode". Make sure that you do not allow a system restore if you
should be prompted. Next, proceed to the User Accounts as before to
change the password.
In Windows 2000, go to Control Panel > Users and Passwords, select

the user account and click "Set Password". Enter the new password in the
dialog box that appears, hit ok after you're done, and hit ok on the "Users
and Passwords" window.
ActiveX Security and Safety
Show Caution With ActiveX Controls and Plug-ins. In IE, go to Tools >
Internet Options > "Security" tab > Custom Level. Under "ActiveX controls
and plug-ins," set the first two options ("Download signed ActiveX controls"
and "Download unsigned ActiveX controls") to "prompt", and "Initialize and
Script ActiveX controls not marked as safe" to "disable".
From now on, each time that ActiveX objects want to be executed or
installed will alert you with a dialog pop-up. "Yes" will allow the ActiveX
object to do its thing, while "no" will stop it from executing and/or installing.
You must read every "offered" ActiveX download carefully before you
decide to accept it. If it says something to the effect that it will enhance your
browsing experience or searching ability, this is a huge red flag, and should
not be downloaded and/or executed.

Block Adservers & Spyware Servers
There is an available HOSTS file for your use with common

adservers and spyware servers blocked in the appendix of this book. This
file contains general ad and spyware servers and does not block site-
specific ads (such as ads hosted on the same server as the website). By
blocking the server, the ads/spyware never get downloaded onto your
computer because the request never actually goes out over the Internet;
the request is routed directly to 127.0.0.1. Note that by blocking adservers,
you may be depriving website owners from income that keeps their site up
and running.
A second effective method to block servers and web addresses is to

use Sunbelt Personal Firewall’s (formally Kerio Personal Firewall) built-in
web tools (note that this is only available for free as a limited trial). Unlike
the hosts file, Sunbelt's server blocking feature allows for wildcards in
domain addresses. For instance, instead of having these entries in your
hosts file:
127.0.0.1 ad1.thisadserver.com
Sunbelt can shorten this and cover a lot more entries by adding this line of
code: ad([isx0-9].*)?.. *.. * It will block any addresses that start with “ad”,
followed by a number between 0 and 9.

Browsing & Downloading Habits
A majority of the spyware, malware and adware usually gets installed

from visiting certain websites. These "underground" websites can contain
pirated software and cracks, pornography, or game cheats. Surprisingly
enough, game sites devoted to flash/shockwave/java games are also major
sources for spyware and malware.
Sometimes malware is downloaded directly into your browser cache

without your knowledge. If it is a worm, Trojan or virus, real-time AV scan
programs can sometimes catch it, however, detection is never 100%. Your
best bet is to avoid these "shady" sites.
Whenever you download and install a program from the Internet, it is

often a good idea to run virus and spyware scans on it if you are not sure if
it contains spware/malware/adware. Some P2P sharing networks, KaZaa
being a prime example, have been loaded with all sorts of malicious files,
so it may be wise to stave off the downloading from P2P networks that are
overrun with junk. Also, should you choose to run P2P applications, make
sure that you do not share your entire hard drive. This is a huge security
risk, on your part, if everything that is on your computer is made available
for download.
Email Safety
Protect your email address like you would your phone number. This
helps cut down on spam and other junk that comes through email. The
same goes for your IP address, especially if its static.

Never open email attachments when you aren't expecting them, and
especially from people or email addresses you do not recognize. Either one
can potentially contain a virus, trojan or worm. Some forms of malware can
access a user's address book and spam all the contacts with spam and
malware through the user's email account.
If you need to attach a file to an email, make sure you include a

description of what the attachment is somewhere in the body of the email.
For example, "I am attaching 2 pictures of Bill's wedding" or "I am attaching
a copy of my resumé in Word 2000 format." Just make it simple, yet
descriptive enough so that the email recipient knows what to expect.
There is a problem with emails that arrive in HTML format. With most
legitimate sites, it's no big deal, but with HTML spam, there can be all sorts
of junk code in the background that you really wouldn't want running. There
are a few methods to stop this from happening. The first is to disable your
email preview pane (found in Outlook, Outlook Express, Mozilla, Netscape,
and a few other email clients). If you're using outlook, go to View and
uncheck "Preview Pane". In OE, go to View > Layout and uncheck
"Preview Pane".
Another option would to go in "Offline" mode after you have finished

downloading your messages. That way, if any HTML emails need to go out
to the Internet for pictures or whatnot, they can't because the mail client
has gone "Offline". The last option would be to turn off HTML all together
and only accept plain text. In Outlook, go to Tools > Options >
"Preferences" tab > E-mail options and check "Read all mail as plain text".

In OE, go to Tools > Options > "Read" tab and check "Read all messages
in plain text.
Hidden File Extensions
By default, Windows hides all file extensions for recognized file types
(jpg's, exe's, zip's, etc.). This makes it easy for executable malware files to
be disguised as a recognized file that doesn't look harmful. To reveal all file
extensions, open up "My Computer" > Tools > Folder Options > "View" tab
and uncheck "Hide extensions for known file types.
For example, with file extensions hidden, a file could display as

"destroysys.jpg", a harmless enough looking image, but really be
"destroysys.jpg.exe," an executable that may do an untold amount of
system damage. Windows allows periods in filenames, so someone could
give the file a false extension, misleading a user to think that the file is
something that it's not. It's important to know what extensions mean; you
can't just depend on what the file icons look like. Those can be changed
easily enough.
FILExt (www.filext.com) is a site that contains information on file

extensions, as well as a file extension database.
IE AutoComplete Security Risk
IE's AutoComplete feature enables users to begin typing website

addresses, usernames, passwords, and passwords and have them
automatically filled in if they have been entered before. This offers
convenience and saves a little time while browsing. However, the downside
is that it can be a security risk. Everything that was just mentioned can be
accessed by someone using your computer, and sometimes by some forms

of spyware. This will allow people to see what sites you have been visiting,
gather personal information, and go as far as impersonate you to a degree.
To access the AutoComplete options, open up an IE window and go

to Tools > Internet Options > "Content" tab > AutoComplete. Anything that
has been checked will be remembered and saved.
IE Search Toolbars
No matter what kind of search toolbar you install I guarantee it has

some form of spyware in it. Yes, even the praised Google toolbar that acts
as both a search bar and pop-up blocker. It is, however, one of the better
pop-up blockers out there. Windows XP SP2's pop-up blocker is defiantly
way too restrictive even with the default settings, so even legitimate pop-up
windows are blocked. Google toolbar seems to have a good balance. As for
it containing spyware, take a look at this image from the installation
procedure:

If you take a close look at the bottom where you have to make a selection
to enable or disable something, you'll notice that enable says, "Anonymous
information will be sent to Google." Translation: statistics on your browsing
habits will be sent back to Google. This is a form of data collection. Make
sure when you install Google toolbar that you hit "Disable".
Most toolbars have some sort of spyware or adware bundled. There

is yet to be a search bar that is totally free of spyware and adware.
Suggestion: avoid them when possible, although there are a few
reasonable exceptions, such as Google toolbar.
Install a Firewall
Basic firewalls have two uses. The first is to monitor connections and
programs requesting access to the Internet, which is referred to as an

application firewall. This is a good way to see which programs are trying to
access the Internet. It's somewhat surprising to find that most applications
actually ask for Internet access at one time or another. Application firewalls
usually have 4 basic settings: allow this time, always allow, don't allow this
time, and never allow. These four options give the user the power to control
which programs are allowed to access the Internet. It is also a good way to
detect spyware that may be floating around on your system. Most often,
they request Internet access at one time or another to "phone home".
The second basic use of a firewall is to block certain forms of

spyware and malware, protect from DoS attacks, block random,
unrequested, or "background noise" traffic coming from the Internet, all of
which can be accomplished for the most part by closing ports from outside
intrusions.
In most cases, a single firewall can take care of both situations.

Sygate Personal Firewall, Sunbelt Personal Firewall, or ZoneAlarm would
be adequate protection. Windows XP SP2’s Internet Security is very good
as well, however, it would not be wise to rely solely on this high profile
target. First, it is far less customizable than other solutions and tends to be
too restrictive, as to the traffic it is blocking. Second, when something is
widely used, malicious software writers usually target the largest base of
attack, namely, the Windows platform. The long short of it, use a firewall
that doesn’t come with the Microsoft tag. It would also be wise to avoid
Norton Security products. Newer versions (2002 and above) have been
known to cause an array of random issues with Windows XP. Also avoid
"System Utility", or all-in-one packages. They may appear to help, but more
often than not, they actually end up causing headaches and have a huge

negative impact on your system by eating up system resources. All of the
extra and unnecessary "stuff" that is added to the software package is
really a bloated set of applications that can be replaced, most of the time,
with either freeware or shareware applications that have smaller footprints
(meaning, they are not resource hogs).
In any case, if you don’t have a firewall installed, your computer is

completely open to attack. In less than 20 minutes, your computer will be
full of all sorts of junk, and your security and privacy will be compromised.
A firewall is one of the best pieces of software you could install on your
system as a preventative measure to spyware and malware infestations.
JVM Security
Make sure your installation of JVM is up to date. There are some

well-known security holes in Microsoft's JVM that can be exploited by
browser hijackers. It helps to replace Microsoft's JVM with Sun's official
JVM. The JRE downloads are for everyday users, while the SDK
downloads are for Java developers and programmers.
Software Updates & Patches
Make sure to check for updates for security programs (firewalls,

spyware removal tools, and AV tools), your web browser, and Windows
often. They usually contain security fixes that would otherwise be open to
exploitation.
Use an Alternative Browser
To be concise, avoid using Internet Explorer. It can be a huge magnet

for spyware, adware, malware and various hijacks. Just because IE comes
preinstalled on your system doesn't mean it has to be used as your primary

browser. The reason IE is such a huge magnet is because of its wide user
base.
Alternative browsers contain changes in the speed of browsing,

caching, and the way image loading is handled, which are also significant
advantages over IE, but lack ActiveX support. Opera and Firefox are two of
the most popular alternative browsers. As long as IE is not being used, it is
a good choice. There are also a small number alternative browsers that are
based on IE, and often have many of the same security exploits that can be
taken advantage of as in IE. They should be avoided. Firefox and Opera
are the two major accepted alternative browsers that are available for use.
However, a note about Firefox: since it is growing in popularity and
becoming the second most used browser, it is starting to become a target
for adware, spyware and malware. Regardless of the browser you use,
keep it up to date against vulnerabilities.
Web pages that still use browser recognition scripts will sometimes
force you to use IE on their webpage saying something to the effect of
"This webpage does not support your browser." In other instances where
there may not be a recognition script, the page will simply appear not to
work correctly. In cases like these, yes, you will need to use IE for the time
being. Luckily, this does not happen often and many good web designers
are moving towards using coding standards, rather than using sloppy
browser-specific coding.
Windows Processes
Check up on what is running in the system processes in the task

manager (right click on toolbar > Task Manager > "Processes" tab). Pay

special attention to executables (*.exe files). If you don't know what it is, try
running a search for it at www.processlibrary.com or on Google.
Scanning Tools
The two most common and most used spyware tools, Lavasoft's
Adaware and Spybot Search&Destroy have been cleaning infected
systems for a few years now. Both still come highly recommended for your
spyware combat arsenal.
However, an interesting factor has cropped up recently where

Lavasoft has removed a large well-known adware vendor called WhenU
from their definitions database. That means any utilities produced by the
WhenU vendor will be ignored by Adaware scans. This is a very
disappointing move for Lavasoft to make. Pest Patrol and Aluria have also
failed to include WhenU's set of pests in their databases. Lavasoft's
response to its removal was that WhenU software was no longer a threat.
Many spyware experts strongly disagree. There are other cases of known
adware/spyware vendors going after the creators of spyware removal
software, which can be found under this list of litigations pursued by
spyware vendors when their software was included in various removal
utilities.
This just one large reason why a single scanning utility is not enough.
Spyware utility companies should not be playing the "scratch-my-back-and-
I'll-scratch-yours" game with spyware vendors. In order to catch everything,
you need to run multiple scanning utilities on your system. The Adaware/
Spybot combination can do a good job at getting rid of adware/spyware, but

it does not get rid of everything on your system, for spyware often changes
faster than these companies can update their software. The spyware
detection engines are starting to show their age by not picking up as much
spyware as they used to in the past. In general, what one spyware utility
misses, the other usually catches. Also, check the list of spyware your
software detects and make sure they aren't core Operating System
modules or programs that you need or use (one such program called VNC
for remote desktop control does get picked up, and yes, can be a security
risk to an extent). Note that if you check for detected programs, it could
also backfire because a program you have installed that you think may not
have spyware, actually does. If you're unsure, check this program search
database.
Two other tools worthy of mention are Spy Sweeper and Pest Patrol.
Both of these products are worthwhile, but are not free. There are plenty of
free products available, therefore these tools are not necessary as a first
line of defense. Spy Sweeper is a very good tool to use as a last resort
option when other utilities were not successful in removing certain forms of
spyware.
Spyware removal utilities do not usually pick up certain forms of

malware, such as worms and Trojans, which usually come under the
category of Anti-Virus protection. A good free AV application called AVG
comes highly recommended and is often better than many AV packages
you can purchase.
If you need an emergency scan quickly and don't have an AV

application installed, or AVG or some other utility isn't picking anything up,

but you still suspect a problem, using these online Trojan and virus
scanners. Symantec's AV Center Database contains information and
removal tools for viruses, Trojans and worms, in case any of the above
mentioned AV tools do not get rid of the virus/Trojan/worm.
Another good source for information on malware in general is 2-

spyware.com, which has a database filled with malware-specific removal
tools.
Last but not least, the final scanning utility you may want to run is
HijackThis (http://www.spywareinfo.com/~merijn/programs.php). HijackThis
is a technical scanning utility which lists all running processes and installed
or altered system modules. It is best if this program is run right after
startup. Their site also has a link to a tutorial which will help interpret a
HijackThis log by giving you a more detailed description of each entry. If
you are still unsure about what may or may not be legitimate and what
should be removed, many computer forums across the Internet that have
experienced techs who are willing to assist users in identifying pests that
appear in HijackThis logs. Simply copy and paste the log’s contents into a
new thread and courteously request assistance. Also, be sure to clearly
state what Operating System and Service Pack for that Operating System
that you are running.
Problem Specific Tools

Still other annoying forms of malware mutate so fast that they cannot
be thoroughly removed by existing spyware or AV utilities. Such is the case
with the CoolWebSearch infections. Spyware utilities may pick up the
infection, but are not equipped to fully remove, or remove it correctly

without side effects. CWShredder is a utility that focuses solely on
removing this annoying pest.
http://www.intermute.com/spysubtract/cwshredder_download.html
Another annoying pest is the infamous "About: Blank" home page in IE. If it
is a hijack and not a simple home page change, like CoolWebSearch, this
pest cannot be picked up by existing spyware or AV utilities. PCHell.com
has a tutorial on how to deal with this issue.
http://www.pchell.com/support/aboutblank.shtml
This fix may seem like a daunting task, but if it is taken one step at a time, it
shouldn't be all that overwhelming.
AboutBuster (http://www.malwarebytes.org/aboutbuster.php) is
another alternative for getting rid of "About: Blank" only if other problems
accompany it, only after a spyware scan. The problems can include
receiving random pop-ups, and the home page usually being set to
"About:Blank", or sometimes may be similar to "res:///random".
Yet another annoying pest that is starting to become increasingly

common is the nail.exe infection paired with the Aurora pop-up infection. It
is nearly impossible to remove these regenerating infestations manually, so
a 3rd party utility is extremely useful in this case.
The Spyware Removal Process

Now that you have been introduced to some of the spyware tools that
are available, there is a general procedure of attack to rid your system of
that pesky software.

First, identify any odd-ball applications listed in Control Panel > Add/
Remove programs. You will need to be online to remove certain spyware
applications because they require you to go to their website’s uninstall
interface. Read carefully! They try to trick users by using odd wording to
keep the spyware installed. For example, it could say, “Are you sure you
don’t want to uninstall our software? Click yes or no.” In this case, the
answer is “No”. Those double negatives can be confusing.
Uninstalling spyware with provided uninstallers saves a lot of hassle

later down the road, however, the downside is that some of these
uninstallers need an active net connection for the uninstaller to work. Either
way, uninstalling everything you can as a first step saves hours of
headaches if you do not want to reformat and reinstall the Operating
System.
If you simply allow a spyware scanner to try to remove these strains

of spyware that appear in “Add/Remove Programs”, you will be left with bits
and pieces on the hard drive and in various places in the registry. These left
over pieces will have to be removed manually because they are no longer
being detected as threats, but may still be reappearing, recreating
themselves, and causing problems. So, make sure you uninstall items that
are listed here, plus any additional packages that looks suspicious:
✓ 180solutions
✓ B3D Projector
✓ BackWeb
✓ BargainBuddy

✓ CashBack
✓ ClickTheButton
✓ CometCursor
✓ CommonName
✓ DownloadWare
✓ eAnthology/eAcceleration
✓ Ebates Moe Money Maker
✓ GoHip
✓ Golden Palace Casino
✓ HotBar
✓ IEDriver
✓ Internet Optimizer
✓ IPInsight
✓ ISTBar
✓ MediaLoads
✓ MySearchBar
✓ N-Case
✓ NetworkEssentials

✓ New.net
✓ SaveNow
✓ SearchAssistant
✓ SubSearch
✓ TopText
✓ WeatherCast
✓ Win32 BI Application
Note that manufactured PCs come with many pre-installed

applications. Do a quick Google search for the application name to see if it
is software associated with the manufacturer, or a piece of possible
spyware.
Next, go to Start > Run, type msconfig and hit enter. Once you have
the System Configuration Utility open, go to the “Startup” tab and uncheck
anything unfamiliar that you don’t want to load when the computer starts
up. You do not need to reboot when prompted.
Next, make sure the detection definitions for Adaware, Spybot, and
Microsoft AntiSpyware are up-to-date. Each of these tools has their own
web update utility built into it. If the spyware infestation is really bad, go
ahead and skip this step for now, but make sure you do eventually go back
to perform the updates and rescan the computer with all three removal
tools. Another option is to just download the updates, then boot in safe
mode to perform the spyware scans.

These is no official order in which to use these programs. Personally,
I usually start with Adaware since it’s the fastest scanner, and usually
removes a good chunk of spyware that may be slowing the machine down.
This allows the other two utilities, which are resource intensive, to run a bit
more efficiently.
If you have trouble getting rid of something, try booting up Windows

in Safe Mode and scanning the computer with the above mentioned
removal tools.
After the first set of spyware scans, be sure to clear the browser
cache, history, AutoComplete forms, and temp files. Then reboot and run
the spyware removal utilities again. There are actually components that are
not always detected the first time through, especially if the count is over a
dozen separate items.
Next, run the HijackThis utility. Details on its use were mentioned
earlier near the end of the “Scanning Tools” section in this section.
HijackThis can also help you identify self-regenerating pests so you can
find the appropriate removal tool that will remove it.
When all's said and done, that’s the basic framework of a spyware
removal procedure. The procedure can be altered and items swapped
around when necessary, but this is one of the most efficient and effective
removal procedures to make the most of your time and efforts.
The Last Word

Remember, using spyware removal tools and following specific
spyware removal instructions are done so at your own risk, and have the

potential to remove windows components that are mistaken for spyware.
Be wary of removal utilities, especially if they have not been thoroughly
tested.
Another thing to keep in mind - there is a large amount of spyware

removal applications out there that give you false positives or pick up on
trivial items for the express purpose of enticing you to buy the application to
remove the alleged spyware it detects. Do your research carefully on the
spyware tool in question. All the tools listed in this article are legitimate and
do a good job at removing real problems. What isn't included in the article
cannot be vouched for and most often is not worth the money you would
pay for it.
There are a significant number of people out there who firmly believe
that just because something is free, there's a catch, but if you pay for
something that appears to do the same thing that is offered for free, it just
has to be better. This is not necessarily the case. Free alternatives are
usually best explored first, and more often than not, they turn out to be
equal to or better than purchasable alternatives.
All in all, there has been a huge amount of information thrown at you
in this section. I hope it has gone to help you become more aware of
spyware and ways to help protect yourself from it. Just be smart and aware
of some of the things out there. Put your newfound knowledge to use and I
guarantee you'll come out ahead of the game. Good luck!

Email SPAM
Every one of us deal with it - we go to check our email and, along
with the messages we want from business contacts, friends and family, we
download a bunch of unsolicited email advertising. Things like porn sites,
medications, low-interest loans, and even the long lost secret of an
adventurous love life. It's novel at first, but after, oh, a few seconds, it's
annoying. To some, it is simply an annoyance and stays that way. You
simply delete the email and move on with your life. This is the usual
procedure for people who use email mainly for personal use. But, those of
us with email addresses that are pretty public have this problem in a huge
way. If you use your email for business, then likely your email address is on
at least a few mailing lists and on people's address books. If you have had
your email address for some time, its probably gotten worse. But, on the far
end of the spectrum, there are those who run internet websites and whose
email addresses are very public. Large companies and internet business
actually waste a lot of time and money due to this problem.
Let's take myself for example. On any given day, I used to download
about 3,000 emails to my main email account. I would estimate that at least
90% of that is SPAM, and due to the filters I have set up, most of it is
automatically placed in my "Deleted Items" folder. This amount is the result
of quite a bit of work to bring the amount down, for PC Mechanic as a site
receives closer to 50,000 emails every day. I, as the owner of the site,
would normally receive the brunt of it. I did some configuration on the web
servers to automatically delete much of it, then yet another level of server-
side filters, and then yet

another level of client-side filters on my local PC. So, every email goes
through 3 levels of filter before it reaches my inbox, and yet I still have to
delete many useless messages every day. As an aside, I would highly
recommend the Cloudmark Desktop service (formerly Safetybar), from
Cloudmark. It integrates with Outlook and has reduced my spam volume
considerably.
Once email hit the scenes, it didn't take long for mass marketers to
recognize the usefulness of the medium. It makes its way to people's
computers and it is free. No postage. Mailing lists are collected in a variety
of ways. They even have little programs that will browse the web and
harvest email addresses from public websites. This is, no doubt, how my
email addresses have ended up on so many mailing lists. The medium
being so new, it has remained essentially uncontrolled territory for quite
awhile. In 1999, there were the first attempts to propose legislation in the
United States to control the problem. It went on until the passage of the
CAN-SPAM Act in 2003, but the effectiveness of this legislation is certainly
limited.
SPAM, then, is certainly a topic which is germane to almost everyone

who reads this book. And in this book, I intend to cover the subject fairly
thoroughly.
I want to answer the question of what SPAM is exactly (it's a subject
of some disagreement), who is sending it, how they get your email address,
and ways you can prevent the problem. I would like to cover the subject of
filtering and how you can set it up. In short, my aim is to give you the
knowledge to make you have some control over SPAM rather than be the

effect of it continually. It's not a problem that you can do away with, given
the nature of the internet, but it is one you can control. Read on...
Why SPAM?
Yes, Spam, is the name for that little blue can of processed "meat"
made by Hormel you can find in the grocery store. The meat is junk, which
is fitting, but I'm not sure if that's the source of the word we've grown so
fond of. Actually, the generally accepted derivation for the word is a Monty
Python skit. They had a skit in which a group of Vikings were singing
"spam, spam, spam, spam" so loud and often that it drowned everyone out.
In the early days of the internet, when the net was mostly populated by
nerds of the classical sense, there were very few net surfers who didn't
appreciate Monty Python, so I guess the word caught on and I can see the
correlation.
When we hear the word SPAM, our first thought is unsolicited junk
mail. For most practical purposes, this covers it. But, some have simply
defined it as "unsolicited email". This is an incomplete definition simply
because most of us get emails every day we didn't directly ask for. It's
simply not plausible for each of us to give people a call and say "Hey, send
me an email.". It's silly. Others have said SPAM is email coming from an
unknown source. Again, this is incomplete because people receive emails
every day from people they do not know. If I only accepted emails from
people I knew, then anybody reading this book or visiting PC Mechanic at
all could never email me. What most people mean when they think of
SPAM is simply annoying email. If they find the email annoying in some
fashion, then its SPAM. This definition gets a little closer, but it still left to
the preference and mood of the recipient and, for this reason, is not a very

useful definition. For example, PC Mechanic sends out a Tip of the Day
every day. There are always a few people who say we are spamming them
and they take themselves off the mailing list. There is nobody on our
mailing list who did not directly sign themselves up for it. Therefore, it not
unsolicited at all, but that particular day they found our Tip of the Day
annoying and therefore, to them, it is SPAM. Again, a very useless
definition. How about "unsolicited bulk email" as a definition? Close, but
again there are caveats. If I receive an email from my bank or some other
company who provides a service to me, then chances are the email is
unsolicited. I didn't ask them to send me emails. But, at the same time, I
have a business relationship with them and therefore it is reasonable that I
would receive occasional emails from them.
Get the point? Determining whether an email is SPAM or not is a gray

area and is, to large degree, in the eye of the beholder. Perhaps the most
accurate definition would be "unethical mass email". Ethics is that effort on
each person's part to perform the most good for the most number. So, on
the reverse side of this, if you have a mass email which offends the ethical
sense or netiquette of a majority of internet users, it is probably SPAM.
Therefore, any email sent individually to a person is not SPAM; it is not a
mass email. But, a commercial email (one advertising a product or service)
can be if it does the following:
1. Sent blindly to a large mailing list without any form of targeting.

Usually, this type of SPAM will be sent to thousands, even millions at
a time with the expectation that maybe a few dozen will respond to
that ad, whether accidentally or stupidly. These kinds of emails are

not of any interest to probably 99% of the people receiving them, and
are thus unethical.
2. Sent with spoofed headers.

The email header is a block of information appended to the
beginning of every email. Think of every email as a packet of
information. The body of that packet is what you read in your email
client. The header is generally not seen by you when you read the
email (some email clients allow you the option to view them), but is
useful to the network of servers on the internet which are responsible
for delivering the email to you. The header contains the sender of the
message, their return address, the subject line, the originating IP
address and more. Well, SPAM messages often spoof the headers or
use invalid headers. The result is an email which is untraceable or
which looks like it was sent from a place where it was not.
3. Does not contain an opt-out option.

Any kind of mass mailing MUST contain a working method of
unsubscribing from the mailing list.
4. Is not sent on a list requiring double opt-in.

A well managed mass email list will require double opt-in, meaning
after the email address
is entered, they receive a confirmation message via email which
requires them to perform yet another action to finally subscribe
themselves to the list. That action may be to follow a web link or to
simply reply. Any other method is unethical, not to mention insecure

because then anybody could sign anybody else up for any mailing
list.
5. Performs any kind of tracking or other action.

Email messages are often opened by the recipient without them even
knowing anything about
it. When you click the subject line in your email client, it shows up in
the preview window. Even if it shows there for less than a second, it
counts as opening the email. Thus, any email which contains any
code which executes on the user's machine, sets a cookie, or
otherwise performs any tracking is unethical and potential SPAM. It
should be noted that the use of tracking is ethical if the recipient
directly signed up for the list, although such tracking should be
mentioned in the website's privacy policy.
6. Is Sent using Email Harvesters.

An email harvester is a software robot which spiders websites across
the internet looking for email addresses. These email addresses are
usually on "Contact Us" pages and the like, allowing visitors to
legitimately contact the site's author. Harvesters collect these email
addresses and saves them in a database, thereby allowing the
mailing list to be used and re-distributed to others.
7. Is Sent using open relay server or unprotected form mail scripts.

Legitimate emails do not have to hide their identity and usually send
through a legitimate source. Using an unsecured relay server
(sometimes called an injection point) or form mail script is unethical.

SPAM is sent usually by someone who wants to sell you something.
Sometimes these are companies, but more often, these are individuals or
fly-by-night small businesses. Sometimes these entities go to a third-party
company who they then pay to send a bulk mail on their behalf. Most of the
time, these third party bulk email companies are ethical and will seek to
enforce anti-spam regulation on their clients. But, other times spammers
will use simple home computers to send their bulk email. Computer security
experts estimate that as much as 30% of all spam is relayed using
compromised home PCs located around the world in home offices and
living rooms. These computers are not necessarily set up for the purpose of
spamming, but could be vulnerable to outside control, which thus allows the
unethical spammer to use that PC as a relay. (more on securing your
computer against this later in the book).
But, who is the typical spammer? Usually they are an individual

person. They are predominantly male, around 16-35 years old. They are
usually living in or working from their home. They are usually technically
competent, and you would need to be to devise ways to send emails using
other people's computers. Sometimes, a spammer will be involved with
other illegal activities such as credit card fraud. Almost all of them consider
their "business" to be harmless and see absolutely nothing wrong with what
they do. Properly set up, a single spammer can send millions of emails
every single day. A well-known spammer by the name of Ronnie Scelson
boasts that he can send as much as 84 million emails every day. They use
software like News Blast, Mailbomb or Prospect Mailer. Some spammers
will have software custom written to send their bulk mails. Spammers
generate income based on sales or leads, so the more emails they send

out, the better. Even though nobody really wants spam in their inbox, a few
still respond and this is what keeps the spammer in business. For any
given 1 million bulk emails, maybe 100 or 150 will respond to it, which is a
sales lead or even an actual sale for the spammer. The spammer's
products might be by way of drop shipping or something similar. Some take
clients who pay them to send spam, so the spammer will make money for
sales leads or simply for the service of having sent the bulk mail. A good
spammer can generate a decent income from this practice; some earn as
much as $100,000 per year.
Ronnie Scelson, as I mentioned above, is a notorious spammer that

is well-known. Based in Louisiana, he is known as the "Cajun king of
spam". He is a high school dropout, early thirties, married with 3 kids. In a
USA Today profile, he says "I hate spam as much as the next guy. What I
do is not illegal. It's the people who spam sex, Viagra and get-rich-quick
schemes that give commercial e-mailers a bad name." The article goes on
to reveal a man who lives life on the edge, constantly trying to out-flank
anti-spam forces online. He chain-smokes. He claims to send out 60 million
to 70 million emails per day. He has no qualms about what he does. He
says he provides all recipients an option to remove themselves from the
mailing list, does not hide behind forged email addresses, and leaves
contact info in the email. He has testified before the US Senate about
spam, but says openly that if any anti-spam legislation is passed which
affects his business, he will simply move offshore.
Scelson makes a good income in the business, too. He works from a

home office, but has a dozen rack-mounted servers on 24 hours per day,
going though 165,000 emails per hour in order to weed out the roughly

16% that are actually legitimate addresses. He sends those emails to
servers located throughout the US, China, South America and Europe. He
says he sends them an automated message asking them if they want
spam, and if they say yes, he will send them bulk emails. Otherwise, he
says he leaves them alone. He charges clients anywhere from $10,000 to
$50,000 per month to send their ads, and Scelson estimates he makes
$30,000-$40,000 per month in profit. He has a staff who help fend off anti-
spam attacks and maintain his various operations around the world.
Scelson is an extreme case of a bulk mailer, and is not really a typical

case. But, his notoriety has earned him a threat-filled life, one in which he
keeps a 9mm handgun right next to his computer. Scelson has been kicked
off of numerous networks and has sued to stay on others. His costs and
legal fees forced him to file for Chapter 13 bankruptcy in March of 2003,
claiming $500,000 debt.
While Scelson may escape much of the anti-spam tactics, others are
not so lucky. There are estimated 2,000 spammers in the United States.
Many companies spend millions battling SPAM. Microsoft and AOL have
had strong anti-spam efforts. Earthlink has pending legal action on a long
list of known spammers. A spammer named Howard Carmack, known as
the "Buffalo Spammer", was sentenced to 7 years in jail on 14 counts of
identity theft and forgery in 2004. He was estimated to have sent 850
million emails. Earthlink won a judgment of $16.4 million against Carmack,
who was accused of using stolen credit cards to sign up for Earthlink
accounts and then using those accounts to send spam.

Some other spammers you can check out are Scott Richter, "Captain
Bob",
You can research spammers on your own using the ROKSO

database, hosted by the SpamHaus Project. The Register of Known Spam
Operations (ROKSO) is a database of spammers which have been
terminated by a minimum of 3 ISPs for spam offenses. Each member of the
list has detailed information, including their aliases, media stories on them,
etc. They even mention which other spammers they are partnering with,
something that occurs rather frequently in the spammer community.
According to the ROKSO site, 80% of spam received by users in North
America and Europe "can be traced via aliases and addresses, redirects,
hosting locations of sites and domains, to a hard-core group of around 200
known spam operations ("spam gangs"), almost all of whom are listed in
the ROKSO database". This is a very interesting database.
Understanding SPAM
In order to understand a SPAM message and how to best prevent
them, one needs to know a little bit about how an email works in general.
One doesn't usually think about it. They just type their message along with
a "to" address, and it miraculously arrives on the other end. But, how does
that work? Well, ironically, one can compare it to postal mail, in a way.
When you send snail mail, you have the message in an envelope. The
envelope has a return address and an address to send it to. You put it in
your mailbox, the postman picks it up, and it is sent. The postal service is
the relay for the message, and your letter moves through the system, from
terminal to terminal, until it arrives at the recipient. Email messages, too,
contain a header which serves as the "envelope" for the message. It

contains the sender's name, the return address, the subject line and where
the message is going, along with a bunch of other information. When you
send the message, it is sent via a mail host server. It uses a protocol called
SMTP to transfer the message. It transfers over the internet, each mail
server it hits reading the headers and moving it along. It finally reaches a
mail host at the recipient's ISP, where it sits until the recipient logs on,
checks their email and downloads it from the server.
To demonstrate, I sent a message from myself to myself and below

are the headers for that email:
Return-Path: <drisley@pcmech.com>
Delivered-To: pcmech-pcmech:com-drisley@pcmech.com
X-Envelope-To: drisley@pcmech.com
Received: (qmail 13463 invoked from network); 17 Jan
2005 15:14:23 -0000
Received: from relay01.pair.com (209.68.5.15)
by qs194.pair.com with SMTP; 17 Jan 2005 15:14:23 -0000
Received: (qmail 87092 invoked from network); 17 Jan
2005 15:14:22 -0000
Received: from unknown (HELO drisley) (unknown)
by unknown with SMTP; 17 Jan 2005 15:14:22 -0000
X-pair-Authenticated: 67.8.75.220
From: "David Risley" <drisley@pcmech.com>
To: <drisley@pcmech.com>
Subject: hello
Date: Mon, 17 Jan 2005 10:14:15 -0500
Message-ID: <040e01c4fca7$355c83d0$6601a8c0@drisley>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE

V6.00.2800.1106
Importance: Normal
X-Spam-Filtered: 0dcc1a651a10c4b8d1dd774df3024376
X-Spam-Status: No, hits=-2.4 required=3.5
tests=SUB_HELLO,BAYES_00
X-Spam-Flag: NO
X-Spam-Level:
Now, some of these headers are not very important to the discussion at
hand. But, some are very important to your understanding of SPAM. These
are:
1. Return-path. This is the email address from which the email was
sent. Most of the time, this is a more trustworthy indication of the
sender, because it is very easy to manipulate the headers for "From".
However, it is still possible to forge the return path, so in the case of
SPAM, it cannot
really be trusted.
2. From. This contains the name (in quotes) and the email address of
the sender. This information is controlled by the email client and can
be very easily altered. In other words, just because an email has
"Paypal" as the From name, don't assume it came from Paypal.
3. Received. This fields describes the routing of the email message

from the sender to the recipient. Each line of the header marked
"Received" marks a bounce in the path that email message took to
arrive to you. In the example above, you can see that the number of
bounces is very low and that is simply because I was sending the
message to myself. In other cases, you
may have more bounces. In the case of SPAM, you can sometimes

use this information to see where a message came from. I say
"sometimes" because not all mail hosts actually add their record to
the headers as the message goes through them, so sometimes this
record is not a complete picture of the path the email took. Lastly, one
often sees the word "HELO" in this field. This represents the name
that the sender reported into the SMTP server when they
signed on to send the mail. It can be forged so this is not accurate.
4. X-Mailer. This is a record of the software which was used to send the
email.
5. Reply-To. This is the name and email of where an email message

would be sent if you hit the Reply button in your email client. This
information is very easy to alter, but at the same time, you can look
for instances where the From data does not match the Reply-To data.
6. Date. This is simply the timestamp for the message, or when it was
sent. The stamp is relative to GMT and will contain an offset. In the
example above, you can see the offset is -500, meaning 5 hours off
GMT. This is because I am located in the Eastern time zone. It is set
by the mail host's internal clock which may or may not be set
correctly. Also, in the case of SPAM, you
can look for date headers which are messed up. They can possibly
give a time zone offset which places them in the middle of an ocean,
or use a mangled timestamp that just doesn't fit the correct format (for
example a year beginning with 0).
In the case of SPAM, much of this header information can be and

usually is forged. For example, they can spoof the host name or the HELO

when the message is sent. They can also add bogus "Received" lines to
give the message a false routing history. The From names and return
addresses are EXTREMELY easy to alter and any of us can do so right
now by entering different names into our email profiles in our email clients
(Outlook., Thunderbird, etc.). The HELO names are pretty easy to change
given the right software, and the routing of the message can be forged as
long as the computer that sends the mail is set to allow it.
Open relay servers or open proxies are usually free reign for this. An open
relay is a server which will accept email from anyone to send to anyone.
Basically, it acts as a public bounce point for all emails, and spammers can
make ample use of them. In the earlier days, relay servers were
everywhere, but as SPAM has become more of an issue, the pool of relay
servers has dropped quite a bit. Most system admins now have some kind
of security on their mail relay servers, usually requiring some kind of POP3
login from an allowed machine in the same domain before allowing mail
through. ISPs do this routinely, meaning you must log in and check your
email before you can send your email, thus giving the ISP proof that you
are truly a customer of their's before allowing you to use their relay server.
As relay servers have become fewer, spammers have found a more

effective alternative, the open proxy, or sometimes called "Zombies".
Zombie machines are usually Windows-based machines belonging to
innocent and unwitting home users who, due to lack of proper security,
have left their computer open to the installation of special software (through
the use of trojans, viruses and other such things). These machines are
usually connected to the internet via cable broadband or DSL, which by
their very nature, are always on. A PC connected this way with no security

can be used to send spam all day long and the PC's owner will never know
its happening. The recipient of the SPAM sent through the machine cannot
trace the message back any further than the zombie machine because the
zombie can be set up to use "direct-to-MX" routing, whereby the outgoing
mail is simply sent without any trace of the email in the zombie's email log.
In other words, if your PC was serving as a zombie, you would have no
record anywhere of the outgoing emails. The FTC estimates that as much
as 30% of all SPAM is sent through the use of zombies.
Some spammers use offshore ISPs to send their mail, usually

because these offshore ISPs are not exactly reputable in many cases and,
therefore, don't implement proper security. In some countries, the system
admins are just not as picky about their ethical standards. Plus, they are
usually more in need of money and therefore will offer less secured
accounts for less money. Popular sources for these accounts are China,
South Korea, Indonesia, Malaysia, as well as countries in the Eastern Rim,
South America and the former Soviet bloc. Sometimes as these countries
find themselves trying to become more a legit member of the new
information economy, they get more interested in controlling this problem
and start playing nice with the rest of the internet. Other countries, though,
don't seem to change. China, for example, does not seem particularly
interested in controlling their network traffic when it comes to spam,
pornography, stolen software and other such items, while at the same time
they move heaven and earth to keep their own citizens from accessing the
internet with any freedom.
Another trick spammers use to send email is improperly secured form

mail scripts. Form mail is the name for a specific program which accepts

emails from a web-based form and delivers the results via email. There are
many such scripts out there, though, other than Form mail. Many
webmasters, though, will use forms to control their level of spam. Rather
than display their email address publicly on the web (which leaves it open
to email harvesters), they use a form. The website visitor fills in the form
and when they submit it an email is sent behind the scenes to the
webmaster. However, an improperly programmed delivery script can be
open to being hijacked by spammers to send mail to anyone. And these
server-based mail delivery scripts offer the programmer full control over the
email headers, so a spammer who is able to take advantage of one can
send their emails and those emails will not be traceable at all. Any form-to-
mail script on the internet needs to be properly programmed to verify the
originator of the data as well as keep a record of the originating IP address.
Also, it is a good idea to NOT have the TO address of the email in the web
form as a hidden field, but to instead have the TO address coded right into
the script itself.
Identifying SPAM
In looking at a SPAM message, we need to also look at the body of
the message and some of the things often done to entice, throw off, or fool
the recipient into responding. Let's look at the biggies:
Hidden URLs
Some spammers will make use of various forms of encoding to hide

URLs or fool users into clicking on URLs they would not otherwise click on.
Many will use IP addresses rather than domain names, thereby obfuscating
the potential nature of the target site from the user until they actually visit it.
However, one can use the "nslookup" tool on their computer to get the

domain itself in many cases (more on this later). Sometimes they will
encode the IP address in escaped characters, meaning the ASCII or HTML
special character code for the item. Other spammers will use the little-used
user ID field of the URL to fool people. For example, sending a browser to
"http://www.notspam.com%10.10.10.10/"
is, to a browser, the same as going to 10.10.10.10 with a username of
"www.notspam.com". The site will, usually, ignore the user field so therefore
there you are staring at 10.10.10.10. Most users, though, would believe
they are going to www.notspam.com.
Related, some spammers will make use of other IP ports. Typically
internet traffic comes in on port 80, which is used for HTTP transactions.
But, if a spammer tries to link you to "www.notspam.com:2000", then they
are routing you to port 2000 rather than 80. If the spammer has some kind
of control placed on port 2000 on that server, then you just got "had".
Two other very common URL tricks are redirectors and deceptive
HTML links. There are URL address out there whose only purpose is to
redirect to another web address. They can give the click-through URL a
legitimate looking name, but clicking on it would route you somewhere else.
Lastly, being that much SPAM is in HTML format, they can have a link in
the email which is hyperlinked in the traditional blue, underlined text, but
actually clicking on the link takes you somewhere else entirely. The way to
protect yourself against this is to "View Source" on the message by right-
clicking and choosing "View Source". Look for the HTML
"<a href="http://realink">shown link</a>"

, and whatever is in place of the "reallink" text is where you will actually go
if you click on that link. This is a common trick in deceptive emails trying to
get sensitive information from users. For example,
emails that appear to come from Ebay or Paypal will claim to have a
problem with your account and need you to click on a link to verify your
information. The link and the email will appear official, when viewing source
on that email will reveal unrecognized IP addresses. It is very apparent, in
these cases, that such emails are deceptive hoaxes designed to get you to
give your account information to the spammer.
Javascript in Message Bodies
Some spammers will insert javascript into their messages in order to

track users and avoid spam detection. For example, a javascript could be
programmed to detect the users IP address, OS and browser and then
send back a message which looks like a regular email. Behind the scenes,
the spammer just learned a little bit about you. Or they could use javascript
to disable the right mouse button on your HTML emails, thereby keeping
you from viewing source in the traditional manner. It is, however still pretty
easy to view source. You can use the top menu option to view source (if
your email client has one), or you could simply save the email as an HTML
source file on your computer.
Random Characters
Quite commonly spammers will insert random characters into the

subject line or body message so that the message will slip through spam
detection. For example, take this subject line:
S'up'er L'ow P'ri'ces For Yo'ur M'ed'ic''ation ! YJOR

Obviously, they are advertising online medication, but with the random
characters, they are hoping to keep spam-detection tools from recognizing
those common spam keywords such as "low prices" and "medication". Very
lame, but very common. Sometimes they will simply randomly misspell
words that are commonly flagged, such as "v1agra" rather than "viagra".
Email Addresses in Links
Spammers like to know if their emails are being opened by anyone.

They also like to know who is opening them. In this way, they can flag your
email address as valid and continue to spam it with the knowledge that it is
a good address. One way of doing this is to append your email address to
any link contained in the email message. It may be either directly appended
or appended in URL encoded form. When you click that link, the spammer
knows who clicked on it. Another way is to have a zero-size or 1x1 image
embedded into the email. The image is not really a simple image but is
actually a small script which is taking your email address and updating
some database that your email is good.
Personalization
In order to entice you to open their email, the spammer has to trick
you into thinking it is legitimate. One way to do this is to address you by
name. If they do not have your name, they may use a portion of your email
address and see if they get lucky. Another method is to use a subject line
which you may think is directed to you. Subjects like "Payment Past Due"
or "Important Notice About Your Account" are common. These aren't really
tricks, but more a form of social engineering.

Dirty HTML
Some spammers will take advantage of the fact that some HTML
simply does not render on the user's screen. For example, doing an
opening and closing bold tag ("<b></b>") would not show up to the user.
However, injected right into the middle of a commonly filtered word, it may
fool some filters into missing it and allow the email through. For example,
the word "mortgage" might get filtered, but the word "mort<b></b>gage"
might not. Sometimes they may use heavily nested tables which do not
show on the user's screen but may fool the filter. Another trick is to inject
bogus text, many times colored the same color as the background, to make
the email seem legitimate to filters which weigh the spam score. So, if the
body of the email that you see is advertising a low-interest loan, but
invisibly it is showing a long diatribe of text which is of an innocent nature,
that email may slip through the filters.
Use of Affiliate Sites
In this practice, the spammer may sign up for an affiliate program and
then set up their own website to promote it. Then they can spam
advertising this website and therefore shield themselves from automatic
notice when being reported from spam. The spammer earns a commission
on sales, and the company hosting the affiliate program benefits from a
large network of resellers. This kind of practice is very common on porn
websites. These sites offer galleries of some variety and then provide an
affiliate link to a larger website on which you need to pay. Any link in an
email which is passing an affiliate ID in it is more likely to be spam.

How Did You Get Spam In the First Place?
We've all experienced this. You sign up for a brand new email
account, maybe having switched internet providers. You are getting no
spam because nobody knows your email address. But, over time, you
begin to get more and more spam until, before too long, its as if you never
changed your email address. It can leave you baffled. How the hell did they
get my email address?
There are many ways you could end up on a spam list. If you are an
internet surfer and enter your email address into various websites, that
could be your opening. It is always best to check out a website's privacy
policy before giving them your email address. Ensure that they will not give
your email address to any third party.
The most common way that spammers get your email address,
though, are email harvesters. Harvesters are programs which are designed
to browse the web just as a search engine's spider would. As it does so, it
searches all webpages for email addresses and records those email
addresses into a database. So, if you run a website and your email address
is posted on the website, you can bet your life on the fact that it will be
picked up by an email harvester and find its way to a spammer's email list.
But, even if you don't host your own website, it can still happen. Ever
posted in an online forum? Some forum packages do not mask your email
address, leaving it wide open for harvesters. If you ever posted to a
newsgroup, you may have leaked your email address that way. These
email catcher programs harvest Usenet posts as well. Some spammers
also use websites to collect email addresses. Sites like porn sites, some

dating sites, greeting card sites, joke mailing sites and other such sites
sometimes serve as fronts for spammers. They run the site and when you
sign up, they get your email address.
Once you've been picked up by one spammers, chances are you will
end up on a bunch more. Spammers make common practice of buying and
selling mailing lists.
Lastly, if you've ever gotten fed up and actually followed a spammer's

method of unsubscribing, you just confirmed your email address to them. In
almost all cases, the unsubscribe notice given by a spammer is not
provided in good faith. They are not likely to sit there and honestly remove
your email address from their list. After all, you don't know who they are.
You can't exactly go to the spammer's website and complain. Instead, they
get an unsubscribe notice from you and they say "Bingo!, we have a valid
email address!". You just guaranteed you will get more spam.
Spam Damaging Your Computer?

There is has been a lot of lore about a spam message giving your
computer a virus and causing all kinds of problems. But, does it actually
happen? If the email you received is in text format, the answer is most
definitely no. A text message cannot harm your system in any way, so while
it may be annoying, you do not have to worry about it. However, if you
receive an HTML message (and most spammers do use HTML), there is a
possibility that there is some harmful code in that email. Many HTML-
capable email programs do run code inside of an email without your
warning. A spammer could use this code to launch pop-ups, cover their
own tracks, or more dangerous activities. Properly coded, and if you don't

have adequate protection, a spammer could implant a virus on your
machine which then sets you up as a zombie (see above). A virus could
also potentially install a keystroke macro, meaning anytime you press
certain key combinations, you will get some ad or other thing.
Another potentially dangerous practice is phishing. This is not

dangerous because it can install software to your computer. It is dangerous
because, through social engineering, it could trick people into giving up
sensitive information such as log-ins, social security numbers, bank
account numbers, etc. The way it works is that the phisher will create an
email which is designed to look like a well-known website. Ebay and Paypal
are common targets. The email that is sent is designed to look like it came
directly from eBay or Paypal (for example). They usually say something like
they need to confirm your information because of a server problem or some
routine maintenance. In short, they say there is some problem with your
account and they need info from you. If you lick the link and go to their
website, it is a look-alike copy of the original website. However, if you filled
in the form, your info would NOT be going to the company allegedly
sending the email. It goes right to the phisher's database who may then
turn around and sell it to criminals. After all, the phisher is a criminal.
How can you identify a phishing email? Its not difficult.
1. If the email contains a form to fill out, do NOT fill it out. Forms in email
are about the most insecure and dangerous thing you could fill out.
2. If they send the form as an HTML file which is attached to the email,
do not fill it out.

3. If the email looks like it came from eBay or Paypal, view source on
the message and see if the images or the form lead indeed to the
correct website. Many times, the URLs will have the target website's
name within the URL, but the actual domain which you would go to is
not proper. You may also find that the form is submitted to an IP
address.
4. Phishers aren't always the brightest bulbs in the box. Even though
they try to make the email look like it's official, many times its very
obvious to be a fake. Sometimes they send the email with broken
images. Sometimes the text will all be in default Times New Roman.
They're just very bad renditions of an email and you know the real
company would not send that.
5. Do not be fooled by the return address. Many times the email you see
as the return address will be a valid email address of the target
company. However, as discussed above, it is all too easy to
manipulate an email's headers.
6. If you do happen to click the link to the website, look at the URL in
your browser's location bar. Ensure it is the site you intend and is a
secure form.
7. Many times the address in a phishing email will be an address which

is other than port 80. Port 80 is the standard data port for a web
server. If the domain is going in on another port, suspect it. They may
be doing that in order to avoid search engine detection.

8. This one is point blank: no bank, Ebay or Paypal or any similar site
will ever send you an email with a form in it or ask you to send your
login information. If you get such an email, it is NOT from them. If you
are unsure, simply log in to your account on that site (not from the
phishing email...the real thing) and check your account.
So, is SPAM dangerous? Without proper software settings in your

email client, it can be. Without virus software on your computer, it can be.
And with a moment of stupidity on your part, it can be. Social engineering is
an art, and even the best can fall prey to it at times. It is very simple to
avoid the dangers of Spam. I've addressed some of the ways to avoid the
social engineering above. I will address other ways below.
Spam Laws
The US government has done things to try to curb the problem of
spam. After all, spam is a major problem. It clogs up the internet's data
pathways and costs companies money. The problem is that these laws
really don't mean much at all. Anybody can pass a law, but that doesn't
mean spammers will just all of a sudden turn into great little law followers.
And enforcement of these laws is a problem because it is hard to
sometimes find exactly who the spammer is.
The CAN-SPAM Act of 2003 is perhaps the most famous legislation

regarding spam that has actually passed into law. The Controlling the
Assault of Non-Solicited Pornography and Marketing Act requires
unsolicited commercial email messages to be properly labeled, to include
opt-out instructions and to include the sender's physical address. It also
prohibits the use of deceptive subject lines and false headers. The act

turned to law in 2004, yet as we all can see, spam continues and people
break those requirements all the time. Obviously no congressional action
can be the panacea to this problem.
Some other laws which are not passed include the Anti-Phishing Act
and the Anti-Spam Act of 2003 (which is essentially the same as the CAN-
SPAM act). The Ban on Deceptive Unsolicited Bulk Electronic Mail Act of
2003 would ban the use of email harvesters (CAN-SPAM does as well).
The Computer Owners' Bill of Rights would require the FTC to establish a
"do not email" registry. There are several other proposed laws, all of them
tackling the same problem in different ways.
The nature of the internet is such that governmental action can't do

much about this problem. The only way to curb this is to re-organize the
email system so that emails have a kind of caller ID to identify the sender of
emails. In this way we could at least hold spammers accountable in more
cases. Finding them is the problem. We have a law in place, but its
enforcement that is the issue.
How To Stop Spam

How do you stop Spam? After all, that is what this section has been
leading up to. Well, the first line of defense is not to get onto their email lists
in the first place. As mentioned previously, the main ways they get your
email address are you submitting your email address to a website and
email harvesters scanning your email address off the web. So, your first
line of defense, obviously, is not to provide your email address in a fashion
where a spammer can get it. Here are some ways to do it.

Use a Junk Email Account
Using a free, web-based email account such as that provided by

Google, Yahoo or Hotmail can be one way to avoid spam in your personal
email account. Sign up for such an account. Whenever you are posting
your email address in forms on questionable sources or in newsgroups,
use this sacrificial email account. These email services have spam filters of
their own. Plus, since this is a sacrificial email account, you don't really care
what goes in there. You can just check the account every few days at your
leisure. In order for this to work, you have to never post your personal email
account to the web. You also need to not forward email from your sacrificial
account to your main account.
Spell Out Your Address
When posting your email address in public places like forums or

newsgroups, you can spell out your account rather than entering it properly
formatted. For example, enter "david at nospam.com", david at nospam dot
com" or "davidNOSPAM@nospam.com", assuming your real address is
david@nospam.com.
The idea is that a real person could obviously figure out your real
email address, but an email harvester would not recognize it as a valid
address. If posting your address to the web in HTML, do not use the mailto:
tag. Even if the browser shows the altered email address, email harvesters
scan the HTML code, not the visible text. So, even if your email address is
hidden in the HTML code, it will still be harvested.
Contact Forms
If you use a contact form for people to email you, do not use a
standard form-to-mail script which has your email address in the form's

HTML code as a hidden field. As said above, harvesters scan the code
itself, and they will find it. Instead, it is best to submit the form to a script
which contains your email address in the source code. This way it remains
server-side and harvesters cannot get to it.
Email Images
Another way to display your email address but hide it from harvesters
is to display your email address in the form of an image. This way people
can see your address, but harvesters cannot. This will only work if you do
not hyperlink the image to your real email address.
Using Javascript to Hide Emails
If posting your address to a webpage, you can also use javascript to

create a working email link "on the fly", but in the source code of the page it
is not readable. If interested in this, you can search the web for such a
script. Javascript programming is not within the scope of this article.
But, I Already Get Spam!

Ok, so what can you do if you do not host your address on a website but
you are still getting spam? You already have the problem. Now what?
Don't Buy Anything
Never buy anything from a spam message. Ever. The simple fact is
that spamming is a business. Its about making money. Spammers are not
evil guys out to get you and screw up your day. They are simply in the
advertising business. They employ the marketing method of sheer
numbers. Email millions in the hopes that a few stupid people will respond
to it and generate some business. If nobody ever bought anything, spam

would stop cold. They only do it because it works and they can. So, do your
part in tackling this problem from the supply side. Do not buy anything from
spam promotions.
Not only does this help alleviate the motivation to send spam, but it
also reduces your risk of being cheated. Anybody who operates their
business in such a fashion that they see absolutely nothing wrong with
spamming is probably also the kind of person who you should not trust with
your money. I'm sure there are exceptions, but this is just a safe
assumption. There are enough scams out there in spam messages to
assume they all are.
Don't Ever Reply
Do not send reply messages back to spammers. This includes any

email asking to unsubscribe, following the opt-out instructions, or just
sending them a flame email because you have just had enough. Bite your
tongue. While you might enjoy telling them where they can stuff their
computer, the spammer doesn't care about that. All they then know is that
your email address is valid. You can count on the fact that spam will
continue and that your email address will be sold to other spammers.
Keep Your Cool
Some people just WAY overreact to spam, threatening lawsuits, "mail

bombs", denial-of-service attacks and the like. Despite the fact that these
people are usually just blowing hot air (they don't know how to do what they
are threatening), its just a bad idea. In many cases, it can get you in more
trouble than the spammer. Just do what you can to battle spam, but do not
get emotionally involved.

Don't Open It
If a spam message makes it to your inbox, do not open it unless you

want to read it or report it. If you can tell from the subject line that it is
spam, just drag it to your Trash folder without opening it.
Report Spam
If you are getting spam from one source often, you can report it to the
companies involved. I will address this in more detail below.
Read Website Privacy Policies
Before giving any website your email address, review their privacy
policy to ensure they will not provide your address to any third party. Of
course, some sites might proceed to break their own policy, but most sites
will not.
Check the "Do Not Mail" boxes
When filling in a web form, if they offer a checkbox that tells them not
to email you, check it.
Secure Your Email Client
At full security levels, your email client should not automatically load
images in emails, should not run embedded javascript code or other code,
should not start up any other programs on your PC automatically, should
not launch attached files automatically. You should review your email client
and try to enable as much of these settings as you can. If you find that your
email client is lacking in security features, you may want to consider
migrating to another email client.

Spam Filters
Using spam filters is one of the most common ways to battle spam.
What this means is that the software scans the incoming email, runs it
through a series of tests and compares it to known spam criteria, then
decides whether it is a good email or a spam message. If it is spam, it will
act according to settings.
If it is good, it makes it to your inbox. The perfect spam filter would
always get it right, filtering out all spam and letting all valid email through. In
real life, however, its a constant battle for accuracy. Filters miss email or
falsely flag email all the time. A "false negative" is when the filter does not
flag an email as spam when it should have. A "false positive" is when the
filter incorrectly flags a legitimate email as spam. For most, a false positive
is the worse of the two because perfectly valid email can get removed. This
happened to me just the other day when a perfectly valid email contained
the word "mortgage" got filtered out. The sender called wondering if I got
the email, which of course, I didn't. The only solution (other than training
your filter) is to periodically check your “Deleted Items” folder to see if there
are any valid emails in there.
How Filters Work
Filters work primarily by scanning content or scanning the email's

routing information in the headers. When scanning the content, the email is
given a score by running it up against the filter's rules. Based on that score,
it is either determines to be spam or allowed to pass. When scanning the
headers, it is comparing the origin of the email to a list of known spam
hosts, or looking for headers which appear to be altered or bogus. Filters
which filter based on the headers tend to be more accurate in many cases.

By using network analysis, they identify the source of the spam and then
just ban anything from that source. However, the market for spam filters
seems to concentrate more on keyword filtering. These filters are
complicated because they have to perform complex string scanning of the
email. In order to be accurate, they require pretty constant updates. At the
same time, though, it is purely a defense operation, whereas the other type
of filter helps you identify the source of the spam, allowing you to report the
sender.
Filters can be run in two places - locally on your computer or on your

ISP's server. The first option is very common, but it has limited workability.
Most of the time, this entails using the built-in filtering capability of your
email program to filter spam into your trash folder. In order to be accurate,
though, it takes a lot of setup time and training as well as constant updates
and re-training. Email programs allow you to setup a series of rules to filter
email into specific folders or perform other actions with them. This is a
great tool for organizing email automatically. Using this feature to fight
spam, though, is limited in workability for the reasons stated above. When
you set up rules to organize emails from known sources, it is predictable.
But, these filters are not robust enough to handle all the various
incarnations of spam message.
There are also third-party software products available which will do

the job of spam filtering for you. In this way, you do not need to take the
time to set up your own filters in your email client and then complain when
they don't work. These third-party utilities usually come trained to identify
much spam. They also come with updates so that you can keep the filters
up-to-date based on the latest spammer tricks. This software is still subject

to false negatives and false positives, so you will still need to evaluate the
product to see how it works for you.
There are also filters which work based on a black-list or a white-list.

Basically, a black list is a list of identified spammers. Any spammer which is
on the list will automatically have their emails blocked. This technique is
limited in workability because it is so easy to spam from sources that are
not on the black list. It is also up to you to keep the black list up-to-date by
identifying each message as spam from your computer. I personally don't
like this technique because it takes a lot of time to train the system and the
job is never-ending. I prefer a solution which needs minimal interaction on
my part. After all, the spammers win if I need to waste ANY of my time on
their emails. The white-list technique is a list which contains a list of good
senders, and any email which is not on that list is blocked. This, too, is
slightly dangerous because you could not receive emails from anybody you
don't approve ahead of time. If one of your contacts changes their email
address, they will get blocked. If you receive email from people you do not
know, this white-list technique simply will not work.
Many ISPs also provide net-based filtering which will filter email
before it even arrives in your in-box. SpamAssasin is a popular product
used. The way this works is that the email is scanned as soon as it arrives
to your ISP's mail server. The filter commonly uses content analysis filters,
but many also use header analysis. If the score is adequate to be labeled
as spam, the ISP will put the email into a queue of some kind rather than
deliver it to your in-box. On my server, we write all spam messages to a
large text file on the server. I never look at it, but the pont is that I could if I
wanted to. The advantages of a filter like this are great. My favorite is that

the spam is never downloaded to your computer in the first place. With
computer-based filtering as discussed above, the email has to be
downloaded and then scanned. It takes up your bandwidth, makes you wait
for the download, and then uses CPU power to scan the emails, only then
to move it to your Deleted Items. With the volume of spam I have gotten in
the past, my in-box can be so full of spam after a short vacation that my PC
literally took hours to download everything - even on a cable modem. I've
even had my email program (Outlook) crash under all of the filtering load.
The other advantages of net-based filtering are that the filtering is usually
much more robust and complex than you will get using your PC. They can
also do automatic header analysis, something that your PC-based content
filters cannot do. Also, many of these filters can also automatically filter out
emails containing viruses.
If you do not have net-based filtering available for your ISP, you can
use the SpamCop service. Its a paid subscription service, however they will
do the work for you. All your incoming email would be directed to
SpamCop. They will filter out the spam and then forward the good emails to
your own, secret email address. You can then log in to the SpamCop
website to view your filtered messages if you please.
The last type of filter I will mention is the challenge/response filter.

The way this works is that an incoming email arrives and is compared
against a white-list or other set of rules. If the email passed the test, it
proceeds to the in-box. If it does not, an automatic email is sent back to the
sender. This email requires that they click on a link in order to verify that
they are real, at which point they will be added to the white list. The idea is
that spammers won't take the time to respond to these emails while people

who truly want to communicate to you will. The problem is that the
assumptions that these filters make are flawed. First, many spammers
spoof their return address. Sometimes the return address belongs to some
innocent party. So, while the spammer never receives a thing, the innocent
party is sitting there receiving email challenges from the filter system. So,
even though you might not be getting the spam personally, the truth is that
your filter system is contributing to the overall problem of spam on the
internet. Another problem is that many times perfectly valid senders are not
willing to waste their time dealing with the challenges. In our case, we
publish a weekly newsletter and tip of the day here on PC Mechanic. Every
time we send an out-going email, we receive email challenges. However,
nobody here is going to take the time to respond to challenges. We have
better things to do. We are not spamming anyone and everybody on our
mailing list signed themselves up for the emails and confirmed themselves
using double opt-in. But, they will not receive what they signed up for
because we are not going to waste our time with challenges. At the very
least, when you sign up for a mailing list, add that sender to your white list.
Reporting SPAM
Reporting spam is a good way to fight the problem. You need to know
who to report to and what to report. The first rule of thumb is NOT to
complain directly to the spammer. As stated above, any reply to the
spammer simply tells them your email address is valid. That makes your
email address more valuable as a commodity to the spammer. They don't
care how huffy or puffy you get in your email. The proper parties to contact
are the people through which the spammer operates. The idea is to cut off
their ability to deliver spam or to create some sort of backlash against the

spammer. You can do this by either contacting the ISP which is hosting the
email servers which were used to send the spam or by contacting the ISP
who hosts the company which was being advertised in the spam. The idea
here is that the spammer obviously doesn't care whether you like the spam
or not. The website being advertised by the spammer is either his own
(which of course won't get you anywhere) or is owned by a company which
may have no qualms with spam because they are making money. However,
almost all ISPs will care immensely if anyone is using their systems to send
spam. As stated previously, spam costs the ISP industry a whole lot of
money. If an ISP becomes aware that they are empowering a user to send
spam, they will almost always shut down the account.
Most reputable web hosts or ISPs will have an anti-spam policy.

Before reporting a spammer, it is good to see if the company you are about
to report to does indeed have such a policy. Even if they do not, you can
still report the spammer.
Finding the proper companies to report to takes a little bit of detective

work. As mentioned, most spammers will spoof the return address in their
emails. So, in many cases reporting a spam to the company whose email
address is in the return address field is not likely to get you very far. Or
worse, if the spammer spoofed their return address to someone who is
completely innocent, you may inadvertently bring down action on a totally
innocent party. So, don't blindly just report to the return address's ISP. Do
your homework.
Another case you need to look for are people using legitimate mass-
marketing companies to send their spam. The companies that send the

emails are "legitimate" in that they require compliance to the CAN-SPAM
act and reportedly do what they can to minimize spam. The problem here is
twofold, though. The mailing lists these companies use are generally
purchased. They say all of the emails on the list are opt-in, however there
is really no way of knowing that from outside. Secondly, if people report the
spam or request to unsubscribe, many times the company will simply
forward those addresses to the spammer as "removal requests". They are
not removing the email addresses themselves. Instead, they are actually
helping the spammer by sending them a list of valid email addresses!
So, the next question remains. How do you determine who to report
the spam message to? Well, read on...
Detective Work
In order to properly report spam, you need to learn a few basic
networking tools. Very often you will see IP addresses only in the email
headers. For those who do not know, IP addresses form the basic building
block of the internet. It is a series of numbers separated by periods. Every
computer connected to the internet has an IP address when it is connected
to the internet. Each ISP has a set of IP block assigned to it. The first 2 or 3
sets of numbers in the IP address will signify the IP block which will be
traceable to the ISP. The numbers after the IP block refer to the specific
user on the ISP's network. Additionally, the internet makes use of the
domain name service (DNS) to map those IP addresses to actual alpha-
numeric names which can be remembered by us - people. The DNS
system is a mapping of domain names to the specific IP address of the
server which hosts a website, mail server, or any other server online.

There are a series of tools in order to work with this system and
identify information based on the information you have. Those tools are:
1. ping. All ping does is sends a packet of information to a server and

looks for an echo. It determines if the server you are pinging is online
and responding.
2. nslookup. A tool to allow you to determine the IP address of a given

domain, or the domain of a given IP address.
3. traceroute. A tool to allow you to trace the route which a data packet
follows to arrive at the target server.
4. whois. A tool to allow you to determine the owner of a given domain

name.
To use ping, all you need to do is open up your command prompt

window and type "ping [hostname or IP address]", supplying the domain or
IP you wish to ping. Ping will then send a series of data packets to the
target and print out on-screen the responses it got (if any) from the server
and how long the responses took. Once you've sent a few pings and gotten
a reply, hit Ctrl-C to stop delivery of the data packets.
NSLookup is also available on your PC through the command

prompt. Just type "nslookup [hostname or IP address]", supplying the
domain or IP. If the DNS lookup is available, you will get a result. If you
enter a hostname, you will get an IP address. If you enter an IP address,
you will get a hostname. Sometimes if you look up a hostname you may get
several IP addresses back as a result. This is simply because each of
those IP's responds to that domain. You may find this on popular websites

which employ several servers for load-balancing purposes. NSLookup can
be useful to see if a hostname in a spam message's headers actually
correspond to the IP address. Many spammers will spoof the hostname to
make the email look legitimate. But, an NSLookup will tell you if it is indeed
a spoof.
Traceroute is used the exact same way as the above two commands.
The results will show you a listing of all servers which the data packet had
to go through to reach the target. See, the way the internet is designed, it is
very rare that you are communicating directly with your target server. Your
information is traveling over a series of servers, bouncing its way to the
target. Each line of the results represents a server bounce. If you get "* * *"
on a line, it is because that server was too slow to respond (or that that
server doesn't honor traceroute queries). Traceroute is just another
detective tool in figure out where a spammer is located.
Whois is run the same way as the prior commands, except that
Windows machines do not have it built in (shame on you, Microsoft). All
domain names on the internet have to be registered, meaning they all have
a person's name or company attached to it along with contact information.
Also, all domains have to be hosted somewhere if they are active, and this
information will be available via the DNS system as well. Even though
Windows users can't run this locally (unless they download a third-party
utility to do so), you can still run such requests via the web. You can try
InterNIC, DNSStuff, or visit one of the regional internet registry websites.
The Regional Internet Registries (RIRs) control the allocation of IP blocks
in certain areas of the world. They are:

1. Asia, Pacific Rim. www.apnic.net
2. USA, Canada, Caribbean. www.arin.net
3. Europe. www.ripe.net
4. Latin America, Caribbean. www.lacnic.org
5. Africa. www.afrinic.net
In order to identify who to report a spam message to, you need to

learn to do a couple things: (1) Retrieve the email headers, and (2) run the
command-line utilities to identify the source of an IP address. Finding the
email headers varies from email program to email program, so you will
need to look into that yourself. However, in Outlook 2003 (which I am
using), you simply right-click on the email and choose "Options". You will
then see the internet headers. So, for example, I will take a spam message
I just got as I was typing this. The email thanked me for my loan request
(which I never made), said they were willing to loan me $260,000 and then
linked me to a form to fill out. The email's headers contained the following
line:
Received: from rwp44.pie.net.pk (202.125.151.151)

by [MY SERVER] with SMTP; 19 Oct 2005 09:06:55 -0000
Received: from adamsnowzzz (HELO
pointhost.localbootlegged)
by bibbl7.epic.sd.biz with WQMTP; Wed, 19 Oct 2005
14:05:55 +0400
Now, the IP address in parentheses cannot be forged, so we can do a look-

up on 202.125.151.151. So, the first thing you would want to do is a
nslookup or reverse DNS lookup on this IP address. When I do an

nslookup on this address, I find that the hostname given in the email's
headers is accurate: rwp44.pie.net.pk. When doing a reverse DNS lookup
via DNSStuff.com, I get the same results and I find that the server's
location is in Islamabad, Pakistan. Well, not that I didn't know this was
spam going into it, but if I had my doubts, this would have confirmed it.
After all, how likely are we to get a legitimate loan offer here in the US from
Pakistan? But, this brings up a lesson for spam reporting which is not so
good. Typically, it is not worth your effort to report spammers who have
overseas providers. ISPs in the United States are much more likely to run
their businesses legitimately. When you see internet activity coming out of
areas like Pakistan (mainland China is particularly bad), you can be
reasonably accurate in assuming that the owners of those servers do not
care what passes through them.
Let's look at some other spam messages in my account. I see a

spam message here from Millionaire's Concierge, based in Ft. Lauderdale,
FL. Based on their email, they are complying with CAN-SPAM. The email is
legal and they are probably using a mass-marketing company to send this.
However, it is still spam. Next, I find a spam for yet another $400,000 pre-
approved loan. Interesting that the offer is coming from Russia. The email
even has an account number in the subject line. How cute. Here's another
spam for home-buying of Viagra. The email is coming from Austria.The true
hostname was
"chello080108009124.14.11.vie.surfer.at"
however the spammer spoofed it to "alibi". Here's another one advertising

penis enlargement. It says "To be a Stud, press here" and it links to a

Geocities site in Brazil, yet the mail server's location is in Beijing, China
(according to the reverse DNS Lookup). Another interesting thing about this
email is that they padded the bottom of the email with what appeared to be
some lines out of a book. As started previously, this is a common spammer
trick to try to fool bad content filters into thinking it is legitimate. By padding
the email with seemingly un-spam like text, maybe they can reduce the
spam score enough to make it to your in-box.
Here is another one. They are advertising a virtual postcard service.

The link in the email seems to point to postcards.org. However, the email is
in HTML format, so you can view source on the message and see that the
link, even though it LOOKS to point to postcards.org, is actually pointing to
a Romanian domain name. And worse yet, the link is to an executable, an
EXE file. There is a potentially very unsafe link to actually click on. Who
knows what it would do. And, of course, a reverse DNS lookup on the IP
address in parentheses in the header shows the message is coming from
Japan.
Here's another one that is advertising a free Ipod Nano. They

addressed me as "Dear drisley" (a common spam trick, an attempt at social
engineering). They apparently appreciate my business, and in return they
will give me a free Ipod Nano. Ironically, they link me to dastardliness.com
However, doing a reverse DNS on the IP, I get a server under the domain
frouncing.com. If you do a WHOIS on that, you get an apartment (most
likely) address in Salt Lake City, Utah along with a phone number. Their
email address is with Gmail, Google's free email service. The lookups of
the name servers seem to be very circular, so its possible the guy is
hosting his own servers. In this case, reporting the spammer by calling that

phone number is likely not going to roll any heads. It might, perhaps, shock
the guy at that address, though.
The story is mostly the same for each spam message I look at. I am
getting them from Pakistan, China, Vietnam, Iran, you name it.
Unfortunately, as I said, there is really no receptive ear to reporting to these
sources, even if you are able to track it to a specific company (in many
times you cannot). Most of the very obvious spam emails are from foreign
countries. The viagra ads, the sex ads, and those kind are mostly coming
from reasonably anonymous senders in countries which just don't care
about things like that. Then there are other, cleaner spam messages that
are CAN-SPAM compliant and do lead to legitimate websites. These
companies are likely using companies here in the US to send to a mass
mailing list. There is absolutely nothing illegal about it. And they wouldn't do
it if it didn't generate some business for them. However, it is still spam
because I did not subscribe to these people's mailing lists.
And That is Spam

At last, we have arrived. As you can see, spam is a huge and
apparently growing problem on the internet. Due to the nature of the
internet, though, it is not a problem that is easily controlled. As I outlined,
spammers are spread out all over the world. Many of them reside in
countries which have no laws regarding spam. Additionally, the email
system, as designed, is very insecure. There is no fool-proof way to track a
message to it's sender and it is all too easy to manipulate the headers of an
email to make it look like it came from anyone. It would be like all of us,
anywhere, being able to type in our own name and phone number before
making a call to someone and that information showing up on the Caller ID

system. We would never be able to trust the information on caller ID.
Instead, though, we have a centralized system controlled by the phone
company which provides that control. On the internet, there is no such
thing.
According to a February 2005 article, spam is costing businesses $50

billion annually worldwide, with roughly a third of that from the United
States. And despite laws in the US to curb the problem, volume is growing.
And, despite the use of spam filters, volume is still increasing. Many
businesses are reluctant to incorporate the most aggressive spam filtering
in fear of cutting communications for valid customers. So, its a true
catch-22.
What is the answer? Not easy, that's for sure. The true solution, I
believe, would require a re-vamping of the entire internet email system.
What we need is a system that works like the phone company and the
caller ID service. In early 2005, Microsoft proposed such a plan. They are
testing a system that would publish the out-going email server's IP address
on every email in a format specified by the Caller ID for Email spec. By
then comparing this IP to the DNS for that IP address (much like we did
above), they can determine if the email headers are spoofed. Regardless of
what is implemented, though, a true solution is going to require the
cooperation of all email users. Today there are too many companies that do
not monitor their servers for spam or employ filtering.
The end-all solution to spam might perhaps be impossible due to

political implications. The internet is a global medium, but the users of the
internet are each subject to their own government's laws. Here in the US,

we have the CAN-SPAM act. While it is not very effective, it does at least
ensure that those spammers who choose to comply will follow certain
guidelines. But, too much spam comes from overseas where there are no
laws about it. And political reality is that most of these countries are not
likely to spend any time dealing with the problem. Some of these countries
are very poor and hence you will find people who will throw all ethics out
the window in order to make money. And, in many cases, the governments
of these countries are no different. Forming a worldwide enforcement body
to regulate this medium is not only hard because you likely won't get too
many nations to submit to it, but it also opens up another can of worms -
regulation of the internet.
Obviously, we don't want the internet to become a managed medium.

Communication is the universal solvent. It is always good and we'd rather
have communication than bombs. We obviously don't want any managing
body to be in a position where they can dictate what can and cannot be
present on the internet. We get into inherent issues of free speech. So, a
true solution is either going to involve the tight cooperation of private
industry (good), or the regulation of a governmental body (potentially
scary). Either that, or we just learn to deal with it.
One this is for sure, though - spam is here to stay. You might as well
understand it and learn to deal with it. Hopefully, this section has served
you to do precisely that.

Handing Your PC to Hackers in 9
Steps
In many ways, the internet today resembles a digital version of the
wild, wild west. There are a lot of ways that you can potentially open up
your computer and allow "bad guys" in. Then you have companies like
Symantec that turn all this into a game of "cops and robbers", with your PC
as the battleground and your wallet as collateral. This is not to say that
companies like Symantec don't have a purpose. They certainly do, and
they help guard your computer against "bad guys" when you are stupid
enough to allow them in in the first place.
If you are using a computer, you need to obey certain laws of

common sense so that you don't give your computer away as an early
Christmas present to some hacker. These basic laws of common sense
are:
1. Do not click on any links in an email which is not solicited.
2. Do not install little-known shareware applications to your computer.
3. Not hanging out with the "bad guys" means you're a lot less likely to
get zapped by them. This means you're a whole lot safer when you're
not surfing warez sites, porn sites, and other sites of questionable
material. The owners of such sites usually have a lower sense of
ethics and you're more likely to encounter PC infections on such
sites.

Now, there are more than 9 ways to give your PC over to hackers.
But, I am going to focus on some of the "biggies" that I see people do. I
don't fault people if they have done some of these things. It's really easy to
trust everybody until they prove otherwise, but unfortunately, that's risky
when you're talking about the internet.
So, without further ado, here are 9 ways you can hand your PC (or
your identity) over to hackers, spyware applications, and advertising
agencies.
1. Downloading Warez
Warez software is unlicensed software. There are those who actively
try to find and install paid software for free by finding cracked
software and installing it. Besides the fact that this is illegal, it also
opens you up to computer viruses.
2. Downloading or Surfing Porn

Sorry, guys. But, porn sites have a much higher likelihood of trying to
employ questionable tactics and compromising your web browser.
Sure, today's browsers have safeguards built in now, but the dangers
are still there. If you're trying to keep your PC totally clean, you're
better off staying off of these kinds of sites.
3. Clicking a Link in ANY email about your "account".

Common phishing schemes employ emails which LOOK like they
came from Ebay, Paypal, your bank, etc. They will say that something
on your account needs attention, and "click here" to log in and deal
with it. The email is designed to look exactly like the real thing, except
for the minor fact that the real company would likely NEVER send you

an email like that. If the email is a fake, clicking on that link will take
you to a page which LOOKS like the real thing, but is actually a fake
page which is designed to get your account login information. And
you can only imagine what the person will do once they get your
account information. Never do anything with these emails. If you
suspect it could be real, then go to your account BY HAND in your
web browser, not by clicking anything in the email.
4. Accepting online greeting cards.

These things really piss me off because they take advantage of the
human need for friendship. You will get an email saying somebody
sent you a greeting card, but to get the card you have to install some
"special" software to your computer. Nine times out of ten that
software will be rife with spyware. Do NOT fall for this crap unless you
enjoy random popup ads when you're just trying to use Microsoft
Word.
5. Not Using a Firewall.

If your computer is connected to the internet using an always-on
connection (like cable, DSL or fiber optic), then you absolutely need a
firewall. A firewall will provide a line of defense between your
computer and the outside world, like a mote to a castle. Most routers
today have a hardware-based firewall built right in which is
completely adequate. NEVER plug your computer directly into the
modem. I highly recommend using a router or, at the very least, using
a software-based firewall.

6. Not Securing Your Wireless Network.
If you have wireless in your home (and most do today), then you
need to secure the network. If you do not, then anybody can casually
get on and use your home network from outside your home. And if
you have any files shared on your computer, they may very well be
able to get to them from outside. Some ISPs today (like Verizon's
FIOS service) supply routers with the wireless security already on.
But, if you buy a wireless router, don't do anything else until you have
set up wireless security.
7. Casually Installing Freeware or Shareware

Now, I say "casually" here because I definitely don't want to say you
can't install shareware or freeware. What I am trying to say, though, is
to exercise some caution when doing so. There is a lot of freeware
out there (usually the lesser known ones) that loads your PC up with
spyware upon installation. For example, Kazaa is a file-sharing
application that, when installed, will inundate your computer with
adware. If you do not know about a particular program you are
thinking of installing, try searching Google for it and see what others
are saying. If it has an adware problem, people will complain.
8. Responding to Junk Mail

Don't ever respond to SPAM. I emphasize commercial spam. If it is a
newsletter or something, it isn't spam because, chances are, you
signed up for it and don't remember. But, if the email is obvious spam
(home mortgages, sex ads, viagra, some home business opportunity,
etc), it is junk. Don't ever reply and ask them to remove you from the
list. It is a lost cause, and it only tells them that they have a real email

address (which means you're sure to get MORE spam for your
troubles). If the email is coming from a trusted source, they will
usually not hide the address they are sending from and will publish a
physical address in the email. You can also verify in your web
browser the site who sent the email.
9. Fill out a form in an email.

NEVER, EVER fill out and submit a form which is directly in an email
message. Email is the most insecure medium there is, and you have
no way of knowing where that data is going. I've even gotten emails
in the past with forms in them asking for PIN #s. You GOT to be
kidding me!
And there you have it, 9 easy steps to give a gift of love to your
favorite hacker, identity thief or spammer.

Appendix
Sample HOSTS File for Blocking Spyware Sources
This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
This file contains the mappings of IP addresses to host names. Each

entry should be kept on an individual line. The IP address should be placed
in the first column followed by the corresponding host name. The IP
address and the host name should be separated by at least one space.
When you create a HOSTS file, you want each server specified to
redirect to your own computer (always 127.0.0.1). So, what you're telling
the computer is to redirect all calls to one of these servers back to itself.
The effect is that all calls to ads from these servers will be blank, thus
blocking any potential threat.
It is important to note, too, that this is a very expansive list of ad

services and spyware sources BOTH. Just because a particular server is
listed here does not mean that that company engages in spyware. Just
because they may place a cookie on your computer does not mean they
are practicing in spyware.
127.0.0.1 localhost
127.0.0.1 0dp.com
127.0.0.1 1.adbrite.com
127.0.0.1 1.primaryads.com
127.0.0.1 1118.ign.com
127.0.0.1 120x60.lt
127.0.0.1 2.adbrite.com

127.0.0.1 468x60.lt
127.0.0.1 a.adstome.com
127.0.0.1 a.as-eu.falkag.net
127.0.0.1 a.as-us.falkag.net
127.0.0.1 a1945.g.akamai.net
127.0.0.1 a248.e.akamai.net
127.0.0.1 ad.about.com
127.0.0.1 ad.adlegend.com
127.0.0.1 ad.adserver.adtech.de
127.0.0.1 ad.advisor.com
127.0.0.1 ad.bannerexchange.com
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.deviantart.com
127.0.0.1 ad.digitallook.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.espn.starwave.com
127.0.0.1 ad.free6.com
127.0.0.1 ad.freefind.com
127.0.0.1 ad.inetfast.com
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.linkexchange.com

127.0.0.1 ad.linkexchange.net
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.preferences.com
127.0.0.1 ad.ir.ru
127.0.0.1 ad.usatoday.com
127.0.0.1 ad.weatherbug.com
127.0.0.1 ad.yieldmanager.com
127.0.0.1 ad1.gamezone.com
127.0.0.1 adbrite.com
127.0.0.1 addserv.com
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 adlog.com.com
127.0.0.1 admanager2.broadbandpublisher.com
127.0.0.1 admanager3.collegepublisher.com
127.0.0.1 adremote.timeinc.net
127.0.0.1 ads.ad-flow.com
127.0.0.1 ads.addynamix.com
127.0.0.1 ads.aol.com
127.0.0.1 ads.bidclix.com
127.0.0.1 ads.businessweek.com
127.0.0.1 ads.clearchannel.com
127.0.0.1 ads2.clearchannel.com
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads5.canoe.ca
127.0.0.1 ads.collegepublisher.com
127.0.0.1 ads.crucialparadigm.com
127.0.0.1 ads.developershed.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net

127.0.0.1 ads.euniverseads.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.isoftmarketing.com
127.0.0.1 ads.jolinko.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.msn.com
127.0.0.1 ads.osdn.com
127.0.0.1 ads.pbs.bb.ru
127.0.0.1 ads.peel.com
127.0.0.1 ads.peoplesound.com
127.0.0.1 ads.pointroll.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.rediff.com
127.0.0.1 ads.revsci.net
127.0.0.1 ads.simtel.net
127.0.0.1 ads.spymac.net
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.thewebfreaks.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.weather.ca
127.0.0.1 ads.weather.com

127.0.0.1 ads.web.aol.com
127.0.0.1 adserv.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 adserver.orion.de
127.0.0.1 adserver.rgforums.com
127.0.0.1 adsfac.net
127.0.0.1 adserver.adtech.de
127.0.0.1 adserver.altruis.net
127.0.0.1 adserver.crunked.com
127.0.0.1 adserver.zeads.com
127.0.0.1 adtrak.net
#127.0.0.1 ai.pricegrabber.com #PCMech ad
127.0.0.1 ak.bluestreak.com
127.0.0.1 altfarm.mediaplex.com
127.0.0.1 anrdoezrs.net
127.0.0.1 www.anrdoezrs.net
127.0.0.1 ar.atwola.com
127.0.0.1 as.casalemedia.com
127.0.0.1 advertising.gfxartist.com
127.0.0.1 adz.afterdawn.net
127.0.0.1 affiliates.emaxhosting.com
127.0.0.1 backups.cd
127.0.0.1 banner.casinodelrio.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 banner.noblepoker.com
127.0.0.1 banners.ebay.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 banners.linkbuddies.com
127.0.0.1 banners.wunderground.com
127.0.0.1 bans.bride.ru

127.0.0.1 banserv.internetfuel.com
127.0.0.1 bestmagsdirect.com
127.0.0.1 bride.ru
127.0.0.1 bs.serving-sys.com
127.0.0.1 burstnet.com
127.0.0.1 www.burstnet.com
127.0.0.1 c.casalemedia.com
127.0.0.1 c.qckjmp.com
127.0.0.1 c.azjmp.com
127.0.0.1 c4.maxserving.com
127.0.0.1 c5.zedo.com
127.0.0.1 campaigns.fairfax.com.au
127.0.0.1 canbet.com
127.0.0.1 cd1.tribalfusion.com
127.0.0.1 chestrest.com
127.0.0.1 www.chestrest.com
127.0.0.1 click.linksynergy.com
127.0.0.1 clickthru.nbc.com
127.0.0.1 clicktorrent.info
127.0.0.1 clk.about.com
127.0.0.1 clk.admt.com
127.0.0.1 clkuk.tradedoubler.com
127.0.0.1 counter2.hitslink.com
127.0.0.1 dist.belnk.com
127.0.0.1 djbanners.deadjournal.com
127.0.0.1 doubleclick.net
127.0.0.1 dpbolvw.net
127.0.0.1 www.dpbolvw.net
127.0.0.1 ds.serving-sys.com
127.0.0.1 e0.extreme-dm.com

127.0.0.1 eastworldnetwork.com
127.0.0.1 www.eastworldnetwork.com
127.0.0.1 empiremovies.com
127.0.0.1 fastclick.net
127.0.0.1 fdimages.fairfax.com.au
127.0.0.1 focusin.ads.targetnet.com
127.0.0.1 gfx.statgfx.com #PCMech ad
127.0.0.1 global.msads.net
127.0.0.1 go.cdw.com
127.0.0.1 hb.lycos.com
127.0.0.1 hera.hardocp.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 hit-now.com
127.0.0.1 www.hit-now.com
127.0.0.1 hspinbox.versiontracker.com
127.0.0.1 images.blogads.com
127.0.0.1 images.fastclick.net
127.0.0.1 images.imgehost.com
127.0.0.1 images.trafficmp.com
127.0.0.1 images2.laih.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 img.mediaplex.com
127.0.0.1 img-cdn.mediaplex.com
127.0.0.1 install.xxxtoolbar.com
#127.0.0.1 itxt.vibrantmedia.com #PCMech ad
127.0.0.1 iv.doubleclick.net
127.0.0.1 jdoqocy.com
127.0.0.1 www.jdoqocy.com
127.0.0.1 jlist.com
127.0.0.1 juggler.inetinteractive.com

127.0.0.1 kqzyfj.com
127.0.0.1 www.kqzyfj.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liveadvert.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 m3.doubleclick.net
127.0.0.1 media.adrevolver.com
127.0.0.1 media.popuptraffic.com
127.0.0.1 media.fastclick.net
127.0.0.1 media13.fastclick.net
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediaplazza.com
127.0.0.1 mediats.lostfrog.com
127.0.0.1 mjxads.internet.com
127.0.0.1 multi1.rmuk.co.uk
127.0.0.1 n479ad.doubleclick.net
127.0.0.1 network.realmedia.com
127.0.0.1 noblepoker.com
127.0.0.1 novisearch.net
127.0.0.1 obdb4.ars.jupiterhosting.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 partypoker.com
127.0.0.1 pez.ign.com
127.0.0.1 pops.freeze.com
127.0.0.1 qksrv.com

127.0.0.1 www.qksrv.com
127.0.0.1 r.rediff.com
127.0.0.1 r.hotbot.com
127.0.0.1 randallmorse.com
127.0.0.1 realmedial.com
127.0.0.1 red01.as-us.falkag.net
127.0.0.1 rightmedia.net
127.0.0.1 rmedia.boston.com
127.0.0.1 rotator.juggler.inetinteractive.com
127.0.0.1 searchfeed.com
127.0.0.1 servedby.advertising.com
127.0.0.1 servedby.clickexperts.net
127.0.0.1 servedby.netshelter.net #PCMech ad
127.0.0.1 servedby.valuead.com
127.0.0.1 server.as5000.com
127.0.0.1 shareasale.com
127.0.0.1 smile.modchipstore.com
127.0.0.1 www.shareasale.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 spe.atdmt.com
#127.0.0.1 srd.yahoo.com
127.0.0.1 spinbox.versiontracker.com
127.0.0.1 srs.targetpoint.com
127.0.0.1 swjbx.com
127.0.0.1 t.extreme-dm.com
127.0.0.1 tkqlhce.com
127.0.0.1 www.tkqlhce.com
#127.0.0.1 us.lrd.yahoo.com
127.0.0.1 VTOT.proxy.aol.com
127.0.0.1 w3.aquent.com

127.0.0.1 www.180solutions.com
127.0.0.1 www.247realmedia.com
127.0.0.1 www.ad-flow.com
127.0.0.1 www.addserv.com
127.0.0.1 www.afcyhf.com
127.0.0.1 www.awltovhc.com
127.0.0.1 www.doubleclick.net
127.0.0.1 www.dpbolvw.net
127.0.0.1 www.ftjcfx.com
127.0.0.1 www.heathmedsonline.com
127.0.0.1 www.lduhtrp.net
127.0.0.1 www.myfreepaysite.com
127.0.0.1 www.n-case.com
127.0.0.1 www.partypoker.com
127.0.0.1 www.paypopup.com
127.0.0.1 www1.paypopup.com
127.0.0.1 www20.overture.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www4.contextweb.com
127.0.0.1 www.qksrv.net
127.0.0.1 www.quickquid.com
127.0.0.1 www.thefreecelebritymoviearchive.com
127.0.0.1 www.tkqlhce.com
127.0.0.1 www.va-bank.com

127.0.0.1 www.yceml.net
127.0.0.1 xads.zedo.com
127.0.0.1 xlonhcld.xlontech.net
127.0.0.1 z1.adserver.com

Digital Threats Unmasked

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Digital Threats Unmasked

Загружено:

Авторское право:

Доступные форматы

© 2009 PCMECH.COM - http://www.pcmech.

“PCMECH” is a registered trademark of PC Media, Inc.

Based in Tampa Bay, Florida, USA.

© 2009 PCMECH.COM - http://www.pcmech.com Page 2

Who Programs Computer Viruses? 11

How To Tell If You're Infected 24

Browser Helper Objects 40

© 2009 PCMECH.COM - http://www.pcmech.com Page 3

Effects & Telltale Symptoms of Spyware 51

What Kinds of Tactics Are Used? 52

Fake Removal Tools 54

Misleading or Enticing Advertisements 55

ActiveX Security and Safety 64

Block Adservers & Spyware Servers 65

Browsing & Downloading Habits 66

Hidden File Extensions 68

IE AutoComplete Security Risk 68

Software Updates & Patches 72

Use an Alternative Browser 72

Problem Specific Tools 76

© 2009 PCMECH.COM - http://www.pcmech.com Page 4

The Last Word 81

Javascript in Message Bodies 100

Random Characters 100

Email Addresses in Links 101

Dirty HTML 102

Use of Affiliate Sites 102

How Did You Get Spam In the First Place? 103

Spam Damaging Your Computer? 104

Spam Laws 107

How To Stop Spam 108

Spell Out Your Address 109

Contact Forms 109

Email Images 110

Using Javascript to Hide Emails 110

But, I Already Get Spam! 110

© 2009 PCMECH.COM - http://www.pcmech.com Page 5

Don't Ever Reply 111

Keep Your Cool 111

Don't Open It 112

Report Spam 112

Read Website Privacy Policies 112

Check the "Do Not Mail" boxes 112

Secure Your Email Client 112

Spam Filters 113

Reporting SPAM 117

Detective Work 119

And That is Spam 125

Handing Your PC to Hackers in 9 Steps 128

© 2009 PCMECH.COM - http://www.pcmech.com Page 6

With that pipeline to the internet comes a lot of freedoms. Freedoms

That is where this book comes in.

The threats today that you need to worry about are:

© 2009 PCMECH.COM - http://www.pcmech.com Page 7

I am going to address each of these in an in-depth fashion. And I will

Well, staying safe online is the same way.

Read on to learn how to stay safe at your digital wheel.

© 2009 PCMECH.COM - http://www.pcmech.com Page 8

What is a computer virus?

© 2009 PCMECH.COM - http://www.pcmech.com Page 9

So, a computer virus would be defined as:

1. A program which is specifically designed to replicate itself. Copies

2. The replication is done on purpose.