(Rev-7/12/04) Spyware detection, removal and other tips
Jul 06 '04 (Updated Aug 02 '04)
The Bottom Line Detect, remove and prevent spyware from your computer will improve computer performance greatly. Make sure you update the software frequently
BEWARE. THIS REVIEW IS LONG. And, since I constantly keep adding and updating this, I will mistakenly repeat myself so please bear with me if something I've discussed gets discussed later on in the article. Just skip it if you encounter it.
I decided to write an article on detecting, removing and preventing spyware, worms, viruses and other nasty stuff from taking over your computer mainly because it's becoming such a worrisome problem, especially with the vulnerabilities exposed in the Internet Explorer browser. First of all, like my other computer related articles, I am not a computer wiz. So I am not responsible for what may happen to your computer. Before you start changing things, make sure you back up important files, folders, software programs and serial ids. That means, going through your computer and making copies of your excel, word, bookmarks, email, registry, etc files and save them onto a different drive, a floppy, CD, etc.
Even if you don't think you've got any spyware on your computer, download any of the anti-spyware programs I've discussed belowed and do a scan. You may be surprised. You know that Related button which re-directs you to Alexa? That's spyware. What about those form filling programs like Gator (now Claria)? That's spyware too. And if you download shareware or even some freeware, some spyware is bundled in it. That's where the Gain Trickler, Save and all those other stuff that's installed when you installed KaZaa or Bearshare or Grokster, etc. If you have ever used any freeware or shareware, you MUST scan your computer for spyware.
If you or someone you know, can't access the internet anymore due to spyware or virus, or worse yet, your computer has been hacked and become a "zombie" computer, you may as well try to unplug the internet from your computer and try to disinfect and remove all the nasty stuff. At least, only you have control of the computer once you're disconnected from the internet. Get someone to download all the anti-virus, anti-spyware and firewall software and burn it on a CD and then install them and hopefully, you can get it to work again. If you can't even boot up Windows, you might want to consider wiping out the hard drive and re-installing and loading Windows and all your other software back and start from scratch, this time, installing all the anti-spyware, anti-virus and firewall software BEFORE you venture out to the internet. And get another browser to surf the net.
Before I continue, let me warn everyone who is currently using Microsoft's Internet Explorer browser is at risk of having spyware, worms and other nasty keyloggers installed. Here are a few links that discuss the latest worms and vulnerability of the IE browser:
BBC: Web browser flaw prompts warning
http://news.bbc.co.uk/2/hi/technology/3840101.stm
Pop-up program reads keystrokes, steals passwords
http://zdnet.com.com/2100-1105_2-5251981.html?part=rss&tag=feed&subj=zdnet
Home PCs rented out in sabotage-for-hire racket
http://www.usatoday.com/tech/news/computersecurity/2004-07-07-zombie-pimps_x.htm
So, if you're using IE, you have no idea whether your personal information has been compromised. Here are some browser alternatives for Windows users: (actually all of them are available for Mac and Linux as well)
=====
July 12th
There was a Mozilla browser vulnerability that was discovered on July 8th by the Mozilla team and they've already supplied a patch HOURS later (NOT WEEKS OR MONTHS OR LONGER AS IN MICROSOFT'S CASE). Those who have Mozilla installed on their computer, please download and install the patch. It's very easy. Just download the file and it will immediately ask if you want to install it.
That's the beauty of open source software: it's freely distributed and everyone can view and make changes to the coding and program to make it their own. Although there will be virus writers that will try to write code to exploit any holes or vulnerability, there will be millions of Mozilla users who are programmers that can write a code to patch or close it.
For more on the Mozilla hole:
http://news.zdnet.co.uk/software/developer/0,39020387,39160016,00.htm
And download your Mozilla patch here:
http://update.mozilla.org/extensions/moreinfo.php?id=154
And keep yourself informed about everything to do with Mozilla, including potential holes and patches by checking out the MozillaZine, ( http://www.mozillazine.org/ )or Mozilla News ( http://mozillanews.org/ ), or via the main website, Mozilla.org ( http://www.mozilla.org/ ). If you have a news feed reader/aggregator for rss/rdf/xml, you can add this feed ( http://www.mozilla.org/news.rdf ) and be informed.
=====
Mozilla's Firefox (standalone browser)
http://www.mozilla.org/products/firefox/
Mozilla (suite with email, newsgroup and composer)
http://www.mozilla.org/products/mozilla1.x/
Netscape
http://channels.netscape.com/ns/browsers/default.jsp
Opera
http://www.opera.com/
For Macs, try Safari
http://www.apple.com/safari
All of the above browser have pop up blockers in it as well as tabbed browsing, allowing all web windows to be inside the browser, and yet accessible via tabs. This keeps the web browsing neat and uncluttered. And, you won't get tons of browser windows on the bottom. Mozilla has a lot of extensions that add to the browser, such as ad blocking, image enable and disabling, flash blocking, and a jump link (which for those hotmail users will love since you get rid of the top frame), etc. More extensions are available here:
http://texturizer.net/firefox/extensions/
Even if you use an IE add on such as Avant Browser, MyIE2, etc that has the tabbed browsing, you are still vulnerable to the security holes that IE has since the underlying browser is Internet Explorer.
Time to reconsider whether it's worth it to cling onto a browser that is limited in features and has many holes that can easily be exploited. I have long stopped using IE due to this reason.
But, if you insist on using IE, change some of the settings so that you are somewhat shielded. In IE, select Options, Security tab, Internet, Custom level. Reset to Medium-low or even Low. And scroll down to Active Scripting and set it to Disable. While you're at it, go through all the settings and change them to a higher security, where you are prompted before you load plugins and javascript. And when you're browsing, when you are prompted for permission, first select no and see what happens. If you can't do anything, then, if you must go to the site, allow them to be loaded and run. Tedious and annoying, but it's for your security if you don't want to get infected with worms, spyware, etc. But then, there are still holes even if you change the settings to a higher security level.
And, one main point you MUST set is to empty the Temporary Internet folder and not allow automatic installations. Go to the Options, Advanced tab. under Browsing, make sure "Enable Install on Demand" is UNCHECKED. Under Security, make sure "Empty Temporary Internet files folder when browser is closed" is CHECKED. And go through the rest of the settings to make sure you're comfortable with them. If not, make the changes. Many worms and trojans are usually placed in the Temporary internet files folder, ready to be installed. So emptying it helps a lot. Many times I'd get a trojan notice but only found out that when the browser was closed that the trojan was gone.
If you are worried about that happening in your Mozilla, Opera or Netscape, you can always set the cache to 0. That way, nothing gets stored on the hard drive. Opera has an option to empty the cache and cookies when you exit the browser. This is a preventative measure. If you have a broadband connection (DSL, cable), having or not having cache isn't going to slow or quicken your internet browsing.
In the last few years, I've personally encountered spyware, virus and other nasty software installed on my computer, as well as on other friends' computers and taking over an hour and half removing them and installing the necessary software to prevent it from happening again. Nowadays, there's way too many bad software out there that's out there to take over your computer (backdoor software), record your keystrokes (keylogger), viruses, spyware (monitor websites you visit and transmit them back to the software vendor), cookies, etc. So, compared to even 5 years ago when we were more focused on just getting a good anti-virus software, we now have to get a good firewall and a good anti-spyware program since there's so many different ways that worms, viruses and other nasty stuff can easily infect your computer and make your life very miserable.
How can you tell if you've been infected with spyware, virus, or a backdoor or keylogger? Sometimes, it's quite obvious. Something funny may happen to your computer and maybe something will pop up to tell you that you've been hacked, or that you're infected. Or, you'll notice programs you've never seen before in your system tray (bottom right hand corner, next to the clock). Or, you'll notice that Windows tends to take forever to load up, and it's almost impossible to surf the internet, or run any program since the computer's hard drive is constantly doing some task. Check out what programs are currently running. In Windows NT or 2000, press the Ctrl-Shift-Esc (Ctrl and Shift and ESC button at the same time) to bring up Windows Task Manager. In Windows 95/98, press Ctrl-Alt-Del and you'll bring up the list of currently running programs. Check out the real-time graph of CPU usage in the Performance tab. If it's going like crazy, check out what programs are running in the Applications tab. And then check out the actual process that is running in the Processes tab. You can see all the executable program names , the amount of CPU it's using, the memory usage. If you don't know what a program is, do a search and look it up. If you don't like what you see, then select it and click the End Process button. Then, go the process to search for it on your hard drive and delete that nasty program, or at least rename it to another name so that it doesn't run. And if you get some error message when you load Windows that it's looking for it, you'd better try to find the entry that is calling this file up. Most likely it's located in the registry at:
My Computer\HKey_Local_Machine\Software\Microsoft\Windows\Current_Version\Run
While you're at it, check for the RunOnce, RunOnceEx.
Don't delete anything until you've verified that it's spyware. And don't do anything until you back up your registry first.
Another instance of spyware notification is when you're trying to type in a search in google or whatever your usual search is, you get re-directed to some other search. And you can't go to many anti-virus or similar sites, instead, getting a page that says it's not found, a 404 error. In most instances, the last scenario is one way you'll notice that something is wrong. In this last case, your computer's browser has been "hijacked" and the hijacking software is preventing you to detect the spyware and finding a solution to remove it.
Browser Hijack
==============
First, make sure that your browser has been hijacked. Test it by going to www.google.com . Type in a search, let's say, anti-virus . If you discover that you're re-directed to another search site, or it pops up with a side search bar of another search site, you can be sure that your browser has been "hijacked".
Before you start to look for an anti-spyware software to remove it, you'll first need to be able to get rid of this hijack feature. Most times (and I'm no expert), it's due to your computer hosts file being tampered with.
In Windows 2000 or NT, the hosts file ( hosts )(it has no extension) is usually located at:
c:\winnt\system32\drivers\etc
In Windows 95 and 98, it's located at:
c:\windows
Do a search for hosts in your computer to make sure that you do or don't have the file. Search for hostsplain.txt . Then, if you don't have such a file, you may want to create one. First, open up your Notepad.exe program and do a copy of the following (with all the #) and save it as hosts and put it in the correct directory. You may also want to set the attribute of "read only" on the file, to prevent anything from changing and adding entries to it. Please only copy the lines with the # and don't copy the --COPY THIS and --END COPY. The stuff below is an exact copy of the contents in the hostsplain.txt file.
--COPY THIS
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
# The following comments have been added to Microsoft's:
# To add entries that you wish to block:
# Place 127.0.0.1 and the host name of the
# server on the same line with a space between them
# as shown above. Do not remove the line above.
# You may remove this comment section if you wish.
# Then, place this file in the c:\windows directory
# (if you use Windows 95/98)
# and rename it from "hostsplain.txt" to "hosts" -
# Make sure you do not have a txt extension on it after
# you rename it.
# Place the file in the c:\winnt\system32\drivers\etc
# directory if you use Windows NT/200
--END COPY
If you do have a hosts file and you open it with notepad and find lots of entries in it rather than what I've got above, your hosts file has been tampered with. Either delete this hosts file and create a new one, copying what I've provided above, or wipe out what's in the hosts file by copying and pasting over whatever is in the hosts file so that you end up with the legitimate and default hosts file. Save it. Now, you should have the correct hosts file and shouldn't be re-directed away from your google search to other sites. Test it out and see if you can now do searches on google and surf to sites that were blocked. Most cases, this will take out the blocking. At least now, you can go and download the anti-spyware software, anti-virus and firewall software.
ANTI-SPYWARE SCAN AND REMOVAL SOFTWARE
======================================
There are a number of anti-spyware software that's out there on the internet. The popular ones are probably the ones you should consider downloading and installing since they are popular and will most likely be updated at an ongoing basis. Just like anti-virus software, there are new spywares popping up daily so you need to be up-to-date on the software. The two main ones are:
Ad-aware
http://www.lavasoft.de
Ad-aware will scan your computer for spyware and remove it. This is a similar software to Spybot Search & Destroy. They do offer a free version of Ad-aware, but previously Lavasoft has not been releasing consistent updates and for me, that's not good since I can't rely on a false sense of security when new spyware is out there. You may want to purchase their Ad-aware Plus if you want to be sure that you are getting some value for your money.
Spybot Search & Destroy
http://www.safer-networking.org
For me, Spybot Search & Destroy is a great anti-spyware software. Sometimes, due to the volume of people going to the site, it may be slow to load. You might want to go to CNet's Download.com or other mirror sites where they may host the file. But make sure you're downloading the correct file because many places may con you into downloading something else.
Spybot Search & Destroy is free, but you can make a donation to the developer for his time and effort in making such a great software. Spybot Search & Destroy will scan your computer for all kinds of spyware software installed on your computer and ask you whether you wish to "immunize" against it. If you've never done anything similar on your computer, you may be shocked to learn how many spyware software is installed on your computer. All those toolbar extras, PKZip, Download Accelerator, Real Player, etc may actually be "spying" on you, transmitting personal information such as where you've surfed, how long, etc and sending this information back to them. Once you've installed the program and run the initial scan, be prepared to wait a while since your entire computer's hard drives will be scanned. So, go ahead and make yourself a pot of coffee or whatever. Once the scan is over, you will be given a list of spyware installed. And you can choose to immunize yourself against it. Be prepared that your Download accelerator may not work once you've immunized against it since sometimes that may happen. But, you can go back and recover from the immunization should you discover that you need this spyware software. But most times, it works fine. Once you've immunized against spyware, there may be some spyware that loads in Windows that Spybot can't remove properly because Windows won't allow deletion of files that are loaded into memory. The only way to remove it is to run Windows in Safe Mode and remove the file.
REMOVING FILES THAT ARE LOADED IN WINDOWS MEMORY
=================================================
First of all, jot down the information of the file, the name, the location. Sometimes it's in the registry. Sometimes it's somewhere on your computer. Exit out of Windows and reboot into Safe Mode. Most times, pressing the F8 or F3 button will stop the loading of windows and give you a prompt on how you wish to load into Windows. Select the one with Safe Mode. Once you're running Windows in Safe Mode, find the file and delete it. If you're one of those who don't ever want to make a mistake, you can first create a directory called DELETED or something similar and then move the file into there. And then, once a week or so has passed and nothing bad happens, you can safely delete the file without worrying. Reboot into Windows. Now, you've removed the nasty problem file and hopefully things will be running more smoothly. This can be done for any nasty file that gets run in Windows, whether it be spyware, virus, etc.
Once you've installed anti-spyware software, done the scanning, removed the spyware, you should consider making sure that you don't get hit again. That's where the extra preventative anti-spyware software comes in. For me, I think Spyware Blaster does a great job.
ANTI-SPYWARE PREVENTATIVE SOFTWARE
==================================
Spyware Blaster
http://www.javacoolsofware.com
Spyware Blaster is mainly a "preventative" anti-spyware software. They will put in security measures to prevent spyware from being installed on your computer. The program will go through your computer and find all the different security holes in your computer which may be exploited by spyware software and you can patch them or close them so that they don't get installed. For me, I think this is a great software that you can install once you've cleaned up your computer. In essence, it creates a barrier to prevent spyware from installing.
And while you're at it, if you're as paranoid as I am, install something that runs while Windows is running that will monitor whenever a software makes changes to your browser, registry, start up menu, etc. In this case, for me, Win Patrol is what I use. Win Patrol will be running in the background and will notify me whenever the homepage in my browser gets changed, the start up menu has an added entry, and IE helper (BHO) has been installed. As well, it provides a list of running apps and cookies that I can easily view and remove if I wish. The Plus version of Win Patrol will provide details of files or programs that I inquire and other features. For me, the free version works well enough.
Win Patrol
http://www.winpatrol.com/
Okay, so your computer is now spyware free. What about viruses? Do you have an up-to-date anti-virus software? Forget about Norton Anti-virus or McAfee anti-virus. They have become so bloated, expensive and in many cases, cause too many conflicts with other software that it creates too many false positives and makes things worse than before. I've known a few people who have installed Norton Anti-virus and run Zone Alarm and somehow, suddenly, it's telling him that he's got tons of viruses and to remove them. To make the story short, the Norton Anti-virus destroyed a lot of important and harmless files and only made things worse, breaking Windows to the point where it can't be loaded anymore. It may very well be a combination of spyware, virus and software conflicts, but in the end, it was a mess. If you don't have Norton Anti-virus or McAfee anti-virus and haven't bought it, I'd suggest you save your money and get something that is free and works well.
ANTI-VIRUS SOFTWARE
===================
AVG Anti-virus
http://www.grisoft.com
I've been using AVG Anti-virus for several years ever since I got fed up with the McAfee Online clinic. At the time, I would have problems getting into and logging into my account at McAfee so that I can just download the anti-virus update. After frustratingly dealing with this for many times, I stopped renewing my McAfee subscription and searched for an alternative. And then I found AVG Anti-virus and I have never looked back. AVG Anti-virus is free, although they provide a paid version which gives you more advanced features but for me, I'm fine with the free version. You register at the website and wait for an email from Grisoft with a link where you can download the free version, as well as a serial number, which you need to enter when you go through the installation. Once you install the program, there's not much you need to do. Just make sure that you have the program check for new updates every few days or so. If you want to automatically scan your computer periodically, you can set that up. Take a moment of your time to go through the settings in the program (much like you should for every program you install) so that you make sure that certain settings are enabled or disabled. Make sure that all your emails are scanned. Make sure that you have a scheduled time when you get updates (of course, make sure you're on the internet at that time so that it can retrieve updates).
Sometimes, you may be informed by AVG that there's a trojan on your computer. It will usually pop up a window that will tell you what trojan file is on your computer. Jot down the name of the file and its location (if you know it). Get AVG to scan and disinfect it. What AVG does is rename the file and put it in the $VAULT$.AVG folder. My suggestion is to delete the files in that folder once a week has passed since you technically still have the virus file on your computer. Depending on the circumstances, you may have to delete the file in Safe Mode (as I've mentioned before) because the virus is running in Windows.
There are other free anti-virus software out there such as F-prot, Panda and Trend Micro. But I am a bit uneasy about what Trend Micro puts on my computer since I once used their free online scan and ended up with a lot of files that Trend Micro left behind on my computer.
SOFTWARE FIREWALL PROGRAM
=========================
Now that you're anti-spyware and anti-virus free, the last software that you should have installed if you haven't already, is a software firewall program. For me, it's ZoneLab's ZoneAlarm. There's a free version of it and they provide occasional updates. I've been using Zone Alarm for years. Check out my review on Zone Alarm:
http://www.epinions.com/cmd-review-363D-C2231B1-39A54FE8-prod6
Zone Alarm
http://www.zonelabs.com
The latest Zone Alarm has an anti-virus monitoring feature. If you have an anti-virus program installed and running, I'd suggest turning this AV monitoring off to prevent any software conflicts. That way, your AV software won't start telling you that Zone Alarm is harmful and vice versa. If you can trust that your AV software is working well, why add anything else into the mix that might compromise its effectiveness? And, if you're like me and don't want Zone Alarm to connect to ZoneLabs every time I load Windows to check for updates, then you can change it. Just go into Overview, Preferences tab. Change the "Check for product updates" to Manually instead of Automatically. That way, you can manually connect to Zonelabs for update checking once every few days. But if you don't mind letting Zone Alarm to connect to the internet whenever, they leave it on automatic so that you don't have to remember to check. The great thing about Zone Alarm is that it monitors what programs are connecting to the internet. Most times, you aren't even aware that certain programs are connecting to the internet. With Zone Alarm, you can be notified whenever some program is asking for permission to access the internet. Zone Alarm is like a gate. It won't allow anything to go out if you don't allow it. If it's a program that you trust, then you can click on the bottom left corner checkmark "Remember this decision" or "Don't ask me again" or something similar. Then, it won't keep popping up everytime some program is accessing the net. But only do so for programs you know. Otherwise, you're allowing a lot of spyware, back door programs to access the net, download updates and transmit whatever information it wants from your computer to them.
I am pretty much near the end of the review since I've covered how to scan, remove and prevent nasty software from your computer but there are a few more things I want to add before I end this review.
MONITOR STARTUP PROGRAMS
=========================
Make sure you are aware of which programs are automatically loaded and run on your computer.
Open up the file Regedit.exe . They usually are located at: C:\Windows or C:\WINNT .
Go to:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
You can then see all the programs that are automatically run when Windows loads up.
Make note of the name of the file and the location. Then, go through the internet and search on the file to determine whether it's a valid file that you would want to run in Windows, or whether it's spyware.
Here are some sites that lists a lot of known startup programs:
http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
Do a search and you'll find more.
And before you delete the keys in the registry, make sure you back up the registry first.
Under the Registry menu, select Export Registry file and provide a location where you wish to create the backup. So, if you do end up having a problem loading Windows, you know where the backup is so that you can get back to the way it was.
DON'T OPEN EMAIL ATTACHMENTS
============================
Regardless of how cute of an ecard or a joke or whatever a friend has forwarded to you, DON'T OPEN ATTACHMENTS. You have no idea whether it is spyware, or whether it's a virus or worm, or a backdoor program that will take over control of your computer (they can do whatever you can do, many miles across the world) or other unknowns. What you miss by not opening the attachment is losing out on what the attachment does, what the picture looks like, the funny joke, the macromedia flash, etc. But, if you do open it, you may open a world of nasty stuff onto your computer. Be careful. Just delete it and purge the trash bin. That way, there's no way you will change your mind and want to open it later. And tell your friends that you don't open attachments so they won't send you any attachments anymore. That way, they won't get upset that you didn't open their attachment. If you have to open it, make sure you scan the attachment first with your anti-virus program. It only takes a few extra seconds to scan it. So what if you're delayed in opening it by a few seconds.
DON'T OPEN SPAM EMAILS OR REPLY TO SPAM EMAILS
===============================================
Many viruses and worms and phishing occurs in spam emails. Don't open anything that looks suspicious. Nowadays, many spam emails aren't the usual obvious ones with the subject headings of "Hi" "Get your free degree" or whatever. Nowadays, many have made their return address as the mailer daemon, or the returned mail server, to persuade the recipient that his email was returned or undeliverable. You open what seems like an undeliverable email and then discover it's spam. Gotcha! How do you know which emails are legitimate ones and which ones are spam? You can set up filters in your Outlook. Or get something like Mailwasher, which will search through its database of known spam senders and filter them out for you. There are a lot of such software that will help you filter through emails. Mailwasher is a great free software that I've used before. Or, some email accounts only allow those in your address book to go into your Inbox. All others will go to a Junk Mail folder which will get emptied after a specified period of time. Or, others will flag it as a potential spam. Hotmail, although it only has 2MB (supposedly they're going to up it to 250MB soon) has a spam filter that you can set as Exclusive, meaning that only those emails coming from those in your address book will go into your Inbox. That's one good thing about Hotmail that I love. Otherwise, I'd drop my hotmail a long time ago. If something seems like a spam, I'd test it out by moving it to my inbox and let my ePrompter program open it and then I'd figure out whether it's legit or spam.
Are you aware that every time you open up an email with graphics in it that you can easily be tracked to your personal ip address? Most spammers have images served from their server and provide a link in the email that will request for the image loading whenever the page is loaded (ie.email opened). At any one time when you're on the internet, you are making connections to another computer or ip address. To show you what I mean, on your computer, go to Start, Programs, Accessories, Command Prompt and select it. You should see a DOS screen. Type in:
netstat (and the Enter key)
And you should see all the current connections your computer has.
netstat -n (and the Enter key)
And you should see all the ip addresses and the ports that currently has connections open.
Netstat merely shows all the current connections your computer has with another computer or server on the internet. Most of the connections are valid ones. In order to get the picture from your news site like CNN, MSNBC, etc, you need to make a connection to that server so that you can retrieve the data. But what you should be worried about is when you start seeing connections of servers you're not familiar with. If you've ever installed and used p2p programs like KaZaa, Napster, etc. There's a risk that someone is still making connections to your computer. How to tell what this connection is? Go to one of those Whois search type sites where they will show you a bit about the ip address or the dns.
www.internic.net/whois.html
Or check it up at:
www.network-tools.com
There, you can ping, do a traceroute and get more info on this ip address.
And, if you notice in the email headers of any email you receive, that there's a whole bunch of ip addresses. And guess what? If you reply to someone, your ip address will be shown in the reply email. Spam email will have fake ip addresses in the headers but usually, if you do a bit of research and sleuthing, you can track down the ip address of the spammer. So, next time, make sure you're only replying to people you know, who won't sell your email address or ip address to others.
That's how many spam emails can detect whether you've opened their spam email. And once they've figured that you've opened their spam email, guess what? You'll get lots more spam. And, if you decide to reply back to the spam email to be asked to be removed from their email list? Same thing. More spam. The same also happens if you decide to click on the link at the bottom where they state that you can automatically be removed from their list. Guess what? They don't and you'll get more spam. And once a spammer realises that one email address is "live", they'll not only spam you more, they'll sell your email address to other spammers and you'll get more spam.
So, if you have to open up a suspicious email, disable image loading on your web browser first and then view it. Or, use a mail retrieval software that will only display text and won't load anything else. Opera and Mozilla (with the extra pref button extension) allows you to disable images from loading. That way, you won't unknowingly install spyware, viruses or whatever worm by just opening up the email. Personally, I use ePrompter to alert and open up many of my emails. Only the text will be shown so if the email is in html or has graphics of requires a plugin, you won't see anything. But, it's certainly one way to view the email without loading anything suspicious.
So, how to stop spam? First of all, don't sign up for contests and freebies and newsletters from unknown sources. That's where the majority of spammers get the email addresses. So, what can you do if you've got tons of spam? Maybe consider getting another email address. Ask your ISP to allow you to create another email address. Or sign up for another web based email account and tell all your friends, companies, and start moving all your emails to the new email address. And of course, don't sign up for newsletters, freebies, etc from sites that seem suspicious.
Another way is prevent even friends from unknowingly forwarding your email address to spammers is to tell them to stop forwarding jokes or chain letter or other similar type of emails to you. Why? Most people who forward these jokes or warnings or whatever (to support a dying child in wherever or to advise them of the latest worms, viruses, or for a contest, etc) to 10 friends will only later find out that they're starting to get more spam in their inbox. Guess why? Because most people usually forward these by putting all their friends' emails in the CC: (Carbon copy) field. So, if you're one of the people who are in the CC: field, you can view who else will be getting the same joke, attachment, etc. And, if the originator of the email, joke, gets a hold of this, he'll have lots of email addresses to spam. So, the next time someone tells you to be one of those "pass it on to 10 friends" and continue the chain with your name on the forwarded list, guess what? You and all those on the list as well as your friends will be getting spam. That's how you or your friends can unknowingly give your email address to spammers.
If you have to forward something to somebody, at least put the recipients' email address to the BCC: (blind carbon copy). That way, everyone that you've sent the same email won't see who else you've given the same email to.
Most times, if you don't forward it to your friend, I don't think they'll mind too much. After all, we are starting to get way too much emails in our email inbox daily anyway so getting a useless joke email or whatever only clogs up the account and wastes our time. If you do find something interesting, rather than sending an attachment, just send a link to the site. That keeps emails small in size and if the recipient really wants to view it, he can click on the link and view it.
Think about it the next time you send a friend an email joke. Would you want to receive it? Even if you do, maybe ask your friend whether he wants it? You might be surprised. And your friend might actually thank you for lessening up his inbox.
MAILWASHER
http://www.mailwasher.net
Open up web-based email accounts to receive newsletters and reserve your main ISP email for friends and business. There are many free web-based email accounts available. The main names are Hotmail ( www.hotmail.com )(currently 2MB but will soon have 250MB), Yahoo ( mail.yahoo.com )(was 4-6MB now 100MB), GMail ( gmail.google.com )(not publicly available yet, 1GB), Aventuremail ( www.aventuremail.com )(2GB), Rediff ( mail.rediff.com ) (1GB), Spymac ( www.spymac.com )(1GB) and many more.
Or, set up a disposable email account where a disposable email is created and will be re-directed to whatever email address you specify. Very cool. This is best for signing up for contests, newsletters (which may sell your email address), freebies sites, etc. That way, you can still get emails, but if you ever decide that company A has sold your name out because you're getting spam, you can easily delete the email address and the spam stops.
Here are a few places where they offer free disposable email address accounts:
Spamgourmet
www.spamgourmet.com
Mailblocks
www.mailblocks.com
Mailinator
www.mailinator.net
Jetable.org
www.jetable.org/en/index
Sneakemail
www.sneakemail.com
There are other services. Just do a search and you'll find lots.
AVOID BEING A "PHISHING" VICTIM
===============================
Lastly, as is there isn't enough stuff out there, there's a new thing called "phishing", which is an identity scam where your identity is "phished" out of you and used against you. They will scam money out of your bank account, credit card, paypal account, etc.
Most of the phishing occurs from spam emails, looking very authentic and as if they were actually coming from your bank, PayPal, Ebay, etc. What they do is ask you to verify your information. They usually say that it's an email to make sure that your account isn't breached. Or, they'll say that your account has been breached and there's fraud activity on your account. You will need to verify your information or your account will remain frozen. And, in the email, the link looks like it's actually from Ebay, or Citibank, or US Bank, or whoever. And if you click on the link, it will look like you are on the actual bank site. You type in your name, address, account number and information and then, you can say goodbye to your money, because they now have everything to log into your account and empty it out for you.
A few well known email subject headers that are phishing emails include:
Visa - 'Protect your debit card from fraudulent online transactions'
http://www.antiphishing.org/phishing_archive/06-28-04_Visa_(Protect_your_debit_card_from_fraudulent_online_transactions).html
Ebay - "Question for seller -- Item #...."
http://www.antiphishing.org/phishing_archive/04-19-04_eBay_(Question_for_seller).html
US Bank - "U.S. Bank Fraud Verification Process"
http://www.antiphishing.org/phishing_archive/06-21-04_US_Bank_(U.S._Bank_Fraud_Verification_Process).html
So, as you can see, they look very realistic. But one thing to remember is that, if your account has been breached, they will contact you via regular mail, or call you. Actually, many scammers nowadays are calling victims up pretending to be bank or credit card employees and verifying your account information. One way to prevent scammers from getting the info is to tell them that you'll call back your credit card company or bank back at their regular number to verify this security breach. Remember, most times, you have no idea whether the person on the other line is really who they claim to be. Better to be safe than sorry.
Keep yourself informed of new phishing scams by daily checking out the Anti-Phishing website:
http://www.antiphishing.org
There are new phishing scams discussed daily so be informed.
One important thing to remember when you're not using your computer or browsing the internet. TURN OFF YOUR INTERNET CONNECTION. Unless you're running a server or website and need to have your computer running all the time, turn it off when you're not using it. Why? If you're on broadband, most times, you have a static ip address assigned to you. Hackers love to spend time finding computers to hack into. If you leave your computer on all the time, that gives the hacker all that time to hack into your computer. If you turn it off, it's not as easy. And, if you use DSL, it's equally important to disconnect your internet since there are so many dialer scams that dial out to remote locations in the world and rack up a hefty long distance bill for you. Do a search on the net for dialer scams and you'll find more info. The easiest way to disconnect from the internet is to turn off the computer. Or, if you still want to use the computer but aren't using the internet, physically, remove the phone jack, or ethernet cable from your computer or from the outlet. Just make sure that no one from the internet can ping you. By doing that, at least, you've prevented someone even if your computer has been hacked from accessing and controlling your computer. That is the easiest way of prevention, even if you don't do anything I've discussed above.
And, although I've provided links and info on many software, there are others out there that will do as good a job. But, be careful that there are many sites that will provide a software that claims to be Hijack This or the name of the software you're looking for. If you're searching in google, make sure there is some legitimate description for the site. If there isn't any, it seems like a fake site that will re-direct you somewhere else or may install spyware or worms. And, if you're curious, take a look at the "Cache" of the page that Google has taken a snapshot of. And, of course, try to do the search in CNET's Download.com and you will be given the correct download rather than some fake file. So, be careful.
Thanks for reading another of my lengthy reviews.
 |
|
|
|
|
|
|
Epinions.com ID:
maceyr
|
 - Top 500 |
|
Location: Canada
Reviews written: 129
Trusted by: 150 members
About Me:
I hardly have time for Epinions anymore but do try to read and rate.
|
|
|
© 1999-2009 Shopping.com, Inc.