EZArt - E-mail Virus Protection Tips

E-mail Virus Protection Tips

EZArt.com Domain "Spoofing"

Recently, EZArt, like many other legitimate businesses on the Net, has been the victim of numerous spam mailers who are spoofing domains. These spammers simply forge my domain dot com name (@ezart.com) into their mass mailing spam software and hit the send button. Because of this, I receive several "User Unknown" returned emails from other IP's such as AOL, NetZero... etc. Because of these forgeries, the "spoofed" e-mails are showing they are "From" noreply@ezart.com, staff@ezart.com and several other bogus names using my dot com. And most have attachments piggybacking on them. Do Not Open these, or any attachments, if you are not expecting them. There is only one e-mail address active at my domain and none of the e-mails you may have received from: "administrator", "admin", "info", "service", "register", "webmaster", "support", "noreply", "security", "ezartteam" (and on and on) came from here. I turn dozens of full e-mail header info sheets into my e-mail server techs weekly... but these parasites move their illegal operations from server to server within a few hours. So finding them and shutting them down is a major task.

Rest assured these spam letters are not originating from EZArt.com..!

EZArt.com has been a domain since 1994. And because it is my established interNet business name, URL and e-mail address, I do not have the luxury of being able to change it and hide from the multitude of spammers on the Net today. And... because many of you have bookmarked my Website, or saved my e-mail address somewhere on your system, when one of you gets a computer virus, it either sends me a copy of the virus (as well as everybody else's address it can find on the computer) or it uses my e-mail address on the "From" line on all of the e-mail that it automatically sends out from the infected computer. Although many people are aware that the "From" line is spoofed on virus e-mail, many new users are not, and I have received angry e-mail in response to something I did not do. At the height of the recent SoBig.F virus attack, EZArt was receiving up to 75 "User Unknown" e-mails per hour and sometimes almost locking up my e-mail server. I have always used spam/virus protection program that deletes most of this type of e-mail from the server but, unfortunately, it doesn't catch them all.

DO NOT OPEN any attachment from someone claiming to be "somename@ezart.com" unless you and I have been in contact about reviewing a clipart piece or talking about a scene layout. I never ramdomly send out any attachment unless you and I have communicated about it earlier. Should you receive one from ezart.com... contact me and I will let you know if it is a legitimate attachment or not. Most likely it's a spoofed e-mail stealing my company name and dot com.

I don't sell Viagra, re-mortgage your house or offer body part enlargement. The full header data on the e-mail will show that it did not come from EZArt. I run AVG Anti-Virus and F-prot Virus protection software every morning, and throughout the day, to protect my system and make sure I'm not the cause of these spam attacks.

Hide your e-mail address from "Harvestors"

Here is a method to "encode" your e-mail address that you have posted on your Website. It will definitely help in keeping the spam e-mail "harvestor" robots from finding your "plain text" written e-mail address that you have listed on your Webpage(s). Simply type in your e-mail address below, hit the "Encode" button... and this script will convert it into hexi-decmal code that you can now "copy & paste" in place of your "plain text" e-mail links. All newer browser can simply convert the hexi-decimal code back into the english text version of your e-mail spelling when your visitors move the cursor over the e-mail link to contact you.

Just remember to NOT use your real e-mail spelling on the Webpage. IOW... change any spellings of "myname@mybiz.com" to something like "e-mail link", "contact us here"... etc.

To double my "harvestor" protection... I use a "text" .GIF graphic (which "harvestors" also can not see) and then use the hexi-decimal code to make the .GIF graphic a "hot-link" for any e-mail link on my page(s). To see an example... move your cursor over the text graphic e-mail link below and look at the bottom of your browser screen and you will "see" the actual e-mail address.

E-mail Encoder

Recommended Basic Security Steps

The SoBig.F virus episode was a marathon. The next one will probably be even worse. Which is the purpose of this page. Please take a minute and consider using the following security steps on your computer! Also, please note that I am not an expert at Windows security! These are very basic, commonly recommended steps that you can take to limit the vulnerability of your system.

Basic 'Outlook Express' Security Steps

If you are using Outlook Express, go to View > Layout and uncheck (deselect) the Show Preview Pane checkbox. When that is deselected, you will have to double-click on an e-mail for it to open. It will not automatically open when you click on it. This allows you to delete e-mail without opening it.

After you have done that, I know many of you are someday going to get e-mail that you think might be something you want to open, but you're not sure. To see what is in an e-mail without opening it, right-click on the mail (don't double-click). From the menu that appears, choose Properties. In the Properties dialog, click on the Details tab at the top of the box. In the Details dialog, click on the Message Source button. Once the message source is showing, drag on the lower right corner of the box to expand its window and scroll to find the message text, if any. This is also where you can see the message header that I mentioned above, showing the route and source of the mail (though spammers use many tricks to obscure their true source).

You'll have to scroll down quite a bit to get past the headers and find the email body text. If there is no text from someone you know, then it's not something you want to open. Close the source window and the properties window and delete the mail.

The above procedure applies also to all e-mail (including that from people you know) that has an attachment. E-mail with an attachment will show a little paperclip icon to the left of the e-mail's name in your Inbox. Never, ever open e-mail with an attachment until you are sure that it is legitimate. This means checking the text contents of that e-mail using the method described above, and if in any doubt, e-mail the sender and have them verify that they have sent an attachment and that it is clean, and virus-free. And then only open it if you know and trust that sender.

If you want to avoid the possibility of getting a virus via an attachment (you may have small children using your computer who like to open everything!) you might want to make a message rule that either deletes all messages over a particular size (most, though not all, viruses range from 31 to more than 60 Kb in size). Or you can simply delete all messages with any attachment from the server. The disadvantage of the latter is that when one of your own e-mails is bounced due to a typo in the address, or any other reason, the returned e-mail contains an attachment. If you delete that from the server, you won't know that your e-mail did not go through.

To do either of the above, click on an e-mail in your Inbox (or in any of your mail folders). Doesn't matter which e-mail message you use as a starter. Then choose Message > Create Rule from Message.

In the Create Rule dialog, in the top text box (1.Select the conditions for your rule) deselect (uncheck) the item that is checked by default, then choose (check) "Where the message size is more than," or choose "Where the message has an attachment."

In the second box (2. Select the actions for your rule) scroll all the way to the bottom of the list and choose "Delete from server."

In the third box (3.) if you chose the "Size is more than" choice in box 1, you'll need to enter a size. Click on the highlighted text in the box to open a small dialog where you enter your size limit.

In the last box, at the bottom of the Create Rule dialog (4.), highlight the text, delete it, and enter a descriptive name for your rule so you can find it later.

If you want to change or remove this message rule, go to Tools > Message Rules > Mail and click on the message rule's name and then click the Modify button. The Create Rule dialog will open and you can edit your rule. Be sure and edit the rule name to reflect the change in the rule.

Or, if you want to get rid of the rule, click the Remove button. To temporarily disable the rule (so the family can send you those vacation pictures...) uncheck the rule in the list window. Remember to go back and recheck it after you've gotten the attachment that you are expecting.

Basic 'Internet Explorer' Security Steps

Another security measure you may consider, is set Internet Explorer security to High. This disables just about everything! Many Websites simply won't work at this setting (no javascript, no Flash, no cookies, no downloading ...). You'll often get a message telling you that you can't even look at a site's pages until you allow cookies.

To set IE (Internet Explorer) to High security, at the top of your IE window choose Tools > Internet Options. Click the Security tab at the top of the dialog. Click the Custom Level button.

In the Custom Level dialog, in the Reset To menu, scroll up to find the High setting. Choose High, then click the Reset button. Click OK in the alert that appears. Click OK to get back to the main Internet Options dialog.

Basic 'Netscape' Security Steps

In many of the Netscape browser versions, there is a View tool at the top of your browser screen once you are in the e-mail window of your browser. Click it and see if you have the option to deselect (remove checkmark) from the View Attachment inline option. Leave it in the "deselected" mode at all times unless you know and trust the sender. If left in the View Attachment inline mode... ALL attachments will auto open when you click on the e-mail name to read the note and could possibly introduce a virus hidden within the attachment.

Should an expected attachment come in from a friend or family member, simple click your View tool and click (apply checkmark) to the View Attachment inline option. Remember to deselect the option once you have the trusted attachment read or filed away.

'Windows' Security Steps

A security option that is highly recommended, but may be scary for beginners is to deactivate Windows scripting. Do a Google search for "disable Windows Scripting" to find out how it's done.

In addition to the above, there are two more things to limit your system's exposure to intruders. I don't believe Windows 98, Windows ME users have this option (not sure about XP Home), but Windows 2000 and Windows XP Pro users can make new accounts with limited rights/access to the system. you can always log on as a limited User when you're connecting to the Internet. Limited users can't do much of anything, in particular, they can't install anything. Some of the Microsoft updates require administrative rights to install, so in those rare instances, you can log on and connect as Administrator, but at all other times, and I mean all other times, you should log on with the limited User account before connecting to the Internet.

"Spoofing" Legitimate Company Names

If you ever get any e-mail from anybody, including (what looks like) your bank, your ISP (for example, AOL), or any other institution (PayPal for example), asking for (or demanding) your password, your social security number, your account number or any other personal information, do not respond or click any links embedded in the e-mail. Do not save or open any files attached to such e-mail.

There are many very convincing ways to make an e-mail, and a linked Website appear to be genuine when in fact, they are not. If you feel the e-mail may be genuine, telephone the place of business, or open your browser and go there directly by typing the appropriate URL into the browser. I repeat... Do not respond to the e-mail or click on any links within that e-mail or NEVER, EVER open any attachment contained with such an e-mail...!!!

Viruses From Websites

The Blaster worm that infected so many computers in 2003 did not arrive via e-mail. If your computer was connected to the InterNet, not patched (Microsoft had issued the patch a month earlier), and not behind a firewall, you almost certainly got infected by just visiting a Website you went to by clicking a link in the forgery e-mail (see above).

If you did, you don't need me reminding you must keep your computer patched if you're going to be connected to the interNet. I'm sure you've learned your lesson. A firewall (see below) will help protect you the next time this happens... and there will be a next time!

Personal Firewall Protection

I highly recommend a Firewall program called ZoneAlarm. It's free (at this writing), seems to be bug-free and non-intrusive and is highly rated by people who know more about these things than I do. Get it. Install it. Leave the Alert Events window on for a while just to see how many times people try to access your computer! You will be shocked! I NEVER go online without ZoneAlarm activated on my system.

NOTE:
When you install new software on your computer, make sure you turn off ZoneAlarm and any virus protection software that you are running before installation. And then be sure and turn both back on after the install.

To turn ZoneAlarm off, right-click the ZoneAlarm icon in the lower right system's tray and choose "Shutdown ZoneAlarm". To turn it back on, find ZoneAlarm in your Programs list. It is also automatically on after you first turn on your computer, or after any reboot.

I hope these tips help keep your computer more secure. Remember to keep up with all of the Microsoft security updates, don't open any unexpected e-mail attachments, and get a personal Firewall such as ZoneAlarm. Always keep a good Anti-Virus software program in operation on your computer. If cost is a factor, here's a great Free program from GriSoft called AVG Anti-Virus and another program called F-prot that offers a Free DOS version. I personally utilize both of them and highly recommend each one. Professional versions of each are available.