Can any one give me any pointers as to when not to open an email?..is there any indication as to weither there is a vrs inside of it?..i know there are some porno namd viruses going around..but ive never gotten one..
do any of you know of any other subjects the eail might be titled as?

Any help is much wanted/appreateated

Regards
David

Right.... Practice email security. Scan every message. Do not download attachments unless you have spoken to the sender via another mode of communication (ex, real life, or AIM, that idea. Something that is not email) and confirmed they sent the email. Set it so that when you open email you see the HTML, not a web page/script that activates. There is probably a bunch more stuff, but I can not think of more right now.

-Cheers-

would it say it is from one of your friends?

can anyone else gve ay more pointers?...and thnx for the info

would it say it is from one of your friends?

Yes it could.

Many viruses create email lists from address books and html pages it finds on infected machines and then pairs off the names it finds.

I.E. if your friend A has an address book with you, friend B, friend C, and friend D all in it, then you likely will get an email saying its from friend B, and friend C will get an email saying its from friend D.

Another common thing will be for it to insert a random name infront of 'your' domain name.

I.E. if you use AOL (god forbid, and my appologies) then you could get email viruses saying their from people like admin@aol.com, james@aol.com, fred@aol.com, mike@aol.com, etc...

Another thing to keep in mind, if you use either Outlook or Outlook Express I'd highly recommend that you both turn off auto-preview and the preview-pane and that you make sure to update to the current patch level of I.E. 6 (even if you don't use IE to browse). Otherwise there are multiple viruses written into email headers that can infect your machine as soon as you receive it...

Just as a few extra thoughts for you,

RRP

oh....well....thnx..ill have to start being more careful!

I use my common sense as my first line of defense against viruses.
A: Dont open Em@il on a Root account!
B: If it looks suspicious it probably is suspicious!
C: It doesn't matter if the Em@il comes to you from someone you know, most viruses do!
D: Anti-virus software is no guarantee of safety!


The following file extensions can contain executable code. This means they can potentially carry a virus to infect your computer!

.ade: Microsoft Access project extension
.adp: Microsoft Access project
.bas: Microsoft Visual Basic class module
.bat: Batch file
.chm: Compiled HTML Help file
.cmd: Microsoft Windows NT Command script
.com: Microsoft MS-DOS program
.cpl: Control Panel extension
.crt: Security certificate
.exe: Program
.hlp: Help file
.hta: HTML program
.inf: Setup Information
.ins: Internet Naming Service
.isp: Internet Communication settings
.js: JScript file
.jse: Jscript Encoded Script file
.lnk: Shortcut
.mdb: Microsoft Access program
.mde: Microsoft Access MDE database
.msc: Microsoft Common Console document
.msi: Microsoft Windows Installer package
.msp: Microsoft Windows Installer patch
.mst: Microsoft Visual Test source files
.pcd: Photo CD image, Microsoft Visual compiled script
.pif: Shortcut to MS-DOS program
.reg: Registration entries
.scr: Screen saver
.sct: Windows Script Component
.shs: Shell Scrap object
.shb: Shell Scrap object
.url: Internet shortcut
.vb: VBScript file
.vbe: VBScript Encoded script file
.vbs: VBScript file
.wsc: Windows Script Component
.wsf: Windows Script file
.wsh: Windows Script Host Settings file

Add any extension for a document that contains macros, including Microsoft Word, .DOC, Microsoft Excel, .XLS, and Microsoft Powerpoint, .PPT. Beware of .HTM and .HTML files; they may not be safe because they can access the Internet to download unsafe files.

http://www.mailwasher.net/

Just to add one quick thing to the executables files thing, make sure that in explorer you change it so that you always see the extension. One trick virus writers use is to merge the virus with a picture or something. ex: picture.jpg.exe. That way, you think you're opening a picture, when it's really an executable. Also, it's a good idea to save any attachments to disk without opening them so that you can get a better look at them. If they look suspicious, just delete them.

wow....thnx for the heads up!

Yeah, something I would like to add as well. Not only do you have too look out for attachments, you also have too watch out for social engineering and such. I'm sure most of us heard about the email telling you to delete that icon looking like a teddy bear from your windows directory? Well, this is what I do, (in hotmail anyways):

1) Is it from someone I know? If not, then I really don't trust it, (mind you I don't trust anything in my inbox...)
2) Is the subject line right? Usually its stated like a title, with proper capital letters, etc. I find that virus emails tend to have it messed up slightly, like there are a few typos probably to try and bypass some filtering systems out there.
3) What is the size of the email? A message with a subject line saying, "Read this!" that is 123kb large doens't seem to match up. THere is likely something in there, though it could be a really long doc or one decorated with some pics...
4) Does the header look messed up? Some viruses try to mask the return address and mess up the headers, take a look at one sent from a friend or something, it should look proper. (won't include examples now, but if you want some, let me know.)
5) Reading the email, does it make sense? This is where social engineering usually strikes. For example:
http://securityresponse.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html
I won't quote the whole thing here, cuz its a little long. But something to watch for is when they quote antivirus companies. They said: I followed the direction below and eradicated the virus easily. The virus (called jdbgmgr.exe) is not detected by Norton or McAfee anti-virus
systems. If this was more legit, wouldnt that at least call the companies by their proper names? Legit ones usually say 'Symantec' who makes Norton AV, and give a link for more information. Also, watch out for things saying, "You may be infected!!! Microsoft says to apply this patch IMMEDIALTELY!!! DON"T WAIT, NORTON DOESN"T WON"T FIND IT! IT WILL ERASE EVERYTHING!!!" Um, its kinda obvious this isn't originating from a professional representitive of a large security organization. Spelling errrors are a comon thing two look out four. (like that sentence, though I made it a little more obvious. ;))
6) Scan the attachment (and check the extentions already quoted by !mitationRust above).
7) Before you open it, (once its on your harddrive) scan it again.
8) If its zipped, unzip it and scan it again. (Yeah, I'm paranoid)

As already mentioned, if you are using Outlook or something similar, make sure you turn of the auto preview feature. I don't know much about it the risks involved other than you no longer need to actually open the attachment, as emails these days can be made in HTML and we all know about them crazy web-exploits using web pages right?

I hope my info was accurate, any corrections, please tell me. I'm a little sleepy :)

Note: The quotes I took were from http://www.symantec.ca/ and I looked up some virus hoaxes and such. The one about Microsoft security patch I made up, but it was inspired by one I got a few months ago. Just gotta give credit ya know! ;)

Peace

Dave

wow...its going to take me 3 hours to open an email if i have to check for all of that shiznit that you all posted above!

In short- dont download stuff you aren't expecting, Update everything regulary AntiV, op sys, Turn off preview/view as webpage options in your email software, and dont read obvious spam.

wow...its going to take me 3 hours to open an email if i have to check for all of that shiznit that you all posted above!


Actually, your anti-virus program will perform a lot of those tasks if it is up to snuff.

Symantec and McAfee both will scan the mail on the way in and on the way out, and they will protect you from the majority of the problems. They won't protect you from yourself. That's up to you.

:)

To make life simpler you could only accept mail in plain text.

If you are using outlook I'm sure you can set up the filters to remove HTML and all file attachments

Then, if you need someone to send you a file you can arrange it with them and add a filter for their name that allows the file through, and the remove it afterwards.

HTH
Steve

wow...thnx guys

All I have to say here is just one of my rules (Rule no. 11) :" Prepare your computer for the a specific purpose and not for a general one"

This is just to say that I make use of different machines, for instance, for programming and developing stuff I have a computer for such operations.
For testing the strengths of malicious codes/scripts (viruses in this case) I have another one (specifically designed, administered, and modified for such tasks)

If for ****my private data***, I have one that never go online or on a network.

Well, it all depends on you. Note as far as security is concerned, never depend on say antiviruses, security experts....just make sure that you run programs on a computer mearnt just for it!

Hi Intellihacker,

I would firstly like to point out that this is a very old thread...........if the date at the top flashes, this tells you :)

Secondly, you are quite correct.............I agree entirely, and have said so a number of times: I work this way:

1. "labrat" a laboratory rat machine.........for any experimentation..........be prepared with a mirror..........you will be formatting and re-installing a lot............in fact you SHOULD do this to get a valid test environment each time?.......you need several of these with different operating systems.

2. "ARV" armoured reconnaisance vehicle..........to go to bad places or examine bad stuff..........all the defence mechanisms that you have on this one ;)

3. "Reference Box" this has a mirror of various user departments' systems and is used to verify updates and new software compatibility.

4. "sheep dip" This is purely a malware detection box..............full range of malware detection software on this one.

5. "sacrificial goat" this is a deliberately weak and unprotected machine, so that you can trace what happens when something bad gets loose.

6. "normal machine" this is what you use for your day-to-day activities.

7. "game box".........could be merged with #6? but you do need the better components.

8. "Museum" old stuff that people give you.......very useful for showing youngsters what things were like back then................?


Well, that's the way I look at it

Cheers

kinda paranoid dont you think tho nihil?I mean..8 machines?(or atleast 7)?makes for difficult buying if you're low on cash lol..but yes...the idea's fundamentally sound

8. "Museum" old stuff that people give you.......very useful for showing youngsters what things were like back then................?

Interesting you say that.. I have a 2Mhz Z80 C/PM box that I am trying (for the past year as time permitts) to give access via a 486 dos/win3.1 box to my network.. this is more for file storage.. .. The problem is when ever i stsrt to work on this project all I can do is remember the phreaking (old) days..


BTW therenegade, give it a couple of years, and a collection builds up.. besides what I use for repair work and training, I have two cel 400's on Seti@home, 4 more pIII -600-800's on BOINC/S@H and a box each for RH9 and Slackware9.. ALL of these as well as the Crash test dummy, and the "file recovery" box were all built from recovered parts from dead or written off machines.. (bigest hassel here is getting a good Mobo and CPU).

cheers