How to Avoid -

[wenwilder]

How to avoid virus infection:

1) Turn off and remove unneeded services. By default, many operating
systems install auxiliary services that are not critical, such as
an FTP server, telnet, and a Web server. These services are avenues
of attack. If they are removed, threats have fewer avenues of attack.

2) Always keep your patch levels up-to-date, especially on computers
that host public services and are accessible through the firewall,
such as HTTP, FTP, mail, and DNS services.
The Microsoft Update site (http://windowsupdate.microsoft.com) is
the place to start for getting the patches. The best download is
the Critical Update Notification. This tool will alert you to the
existence of new patches, as they become available.

3) Enforce a password policy. Complex passwords make it difficult to
crack password files on compromised computers. This helps to prevent
or limit damage when a computer is compromised.

4) Configure your email server to block or remove email that contains
file attachments that are commonly used to spread viruses.
This is the list of attachment suffixes that are considered by
Microsoft to be potentially malicious (are blocked by Outlook XP):
.ade, .adp, .asx, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc,
.msi, .msp, .mst, .pcd, .pif, .prf, .reg, .scf, .scr, .sct, .shb,
.shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh

5) Train employees not to open attachments unless they are expecting them.
Also, do not execute software that is downloaded from the Internet
unless it has been scanned for viruses. Simply visiting a compromised
Web site can cause infection if certain browser vulnerabilities are not
patched.

6) Remove unneeded shares. If you don't want people to access your
files, then disable the File and Printer Sharing from the Control Panel.

Some points about your existing tips:
- Can you get a virus from just viewing the mail? YES. If you have not
installed the Outlook security patches from Microsoft, then simply by
previewing or opening the mail, an attachment can execute without any
interaction. No click required.

- Preventing viruses from "seeing" scripting:
JS (aka Microsoft JScript or ECMAScript) is another scripting type.
However, removing the registry associations is no guarantee that the
script will not run. The way to stop scripts from running is to remove
or rename the scripting host. To do that, rename or delete WSCRIPT.EXE
and CSCRIPT.EXE.

7. Today's web sites contain active content and often it is necessary to download a special [script] viewer or plugin to view this content. In Internet Explorer especially, the plugin / viewer can be automatically downloaded! You can set your "Internet Options" in your Control Panel to warn you when a plugin / viewer is needed to download to view the web site content. Many of these plugins can contain destructive ActiveX or JavaScript controls that WILL take control of your computer with hurricane force!

Listed here are some SAFE plugins to download:

· Macromedia Flash / Shockwave [upgrades too] [much of Bowzer Bird Design is created with Flash MX and you will need this plugin to view it]
· Real Audio [upgrades too]
· Windows Media Player [upgrades too]

Let your tuition warn you when you enter a site that requires you to download a viewer / plugin. DON'T DO IT!!

8. Microsoft Security Notification Service

This service provides summary information from every Microsoft security bulletin. Security bulletins are technical documents discussing newly discovered security vulnerabilities, and provide information on what products are affected, the risk the vulnerabilities pose, and how to eliminate them. Click the link to subscribe. You will have to register first with Microsoft Net and then on the Newsletters page, choose the Microsoft Security Notification Service.

In OutLook, Window's programs and Windows OS's, there are many vulnerabilities a hacker/cracker can find and enter you system withevil intentions. Here, you will find what "patches" "fixes" or "SP's" to download and install to close the "loopholes."
The Security Notification can be directly emailed to you or you can choose from the left side bar which ones you want info for and than download them individually.

[wenwilder]

The FBI offers the following tips for Internet users:

·If you encounter an unsolicited e-mail that asks you, either directly, or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.

·If you need to update your information online, use the normal process you've used before, or open a new browser window and type in the website address of the legitimate company's account maintenance page.

·If a website address is unfamiliar, it's probably not real. Only use the address that you have used before, or start at your normal homepage.

·Always report fraudulent or suspicious e-mail to your ISP. Reporting instances of spoof web sites will help get these bogus web sites shut down before they can do any more harm.

·Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.

·Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long string of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.

·If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the request is legitimate.

·If you've been victimized by a spoofed e-mail or web site, you should contact your local police or sheriff's department, and file a complaint with the FBI's Internet Fraud Complaint Center at www.IFCCFBI.gov.

[wenwilder]

How to protect yourself against scams.

You can reduce your chances of being swindled by knowing whom it is you are dealing with. This will help to protect you against getting involved with scam operators who set up companies, rack up debts then close up shop leaving their debts behind.

Keep these points in mind:

·Ask for the name of the person you are speaking to and whom they represent.

·Take notes of conversations, including dates, times, names and important points.

·Ask for an explanation of anything you don't understand.

·Read letters carefully and seek professional help (e.g. an accountant or a solicitor) if significant money, time or responsibilities are involved.

·If you want to check out the bona fides of a company, contact [Companies House or the Financial Services Authority].

·Find out whom you are dealing with. Independently verify any claims made by a sales person, investment adviser or advertisement.

·Make sure that any company you deal with complies with the applicable legislation. (In the UK, all companies must be registered with Companies House).

·Only do business with companies you know and trust.

·Make sure you fully understand all the terms and conditions of any offer made to you.

·Take your time before you make any decision.

·Don't provide any financial or other personal information before you establish whether the company is legitimate.

·Understand and monitor your investments and ask frequent questions and map out your financial goals before you meet with a financial planner.

·Don't judge the credibility of a company or sales person by how 'professional' they or their promotional material or web site seems.

·Don't fall for high-pressure sales tactics.

·Don't let embarrassment or fear keep you from reporting fraud or abuse to the appropriate authorities.

·Don't ever be afraid to ask questions. In fact, the more questions you ask, the better.
In all situations, the old maxim applies,
"If it sounds too good to be true - it probably is"!

[wenwilder]

Tips on how to avoid the internet scam known as Phishing:

·If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body.

·Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.

·If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

·If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.

·Suspicious e-mail can be forwarded to uce@ftc.gov, and complaints should be filed with the state attorney general's office or through the FTC at www.ftc.gov.

Notes:

The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The most common ploy is to copy the Web page code from a major site — such as AOL — and use that code to set up a replica page that appears to be part of the company's site. (This is why phishing is also called spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user's credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.

[wenwilder]

Top Five Signs That a Message is a Hoax

The next time that you receive an alarming e-mail calling you to action, look for any one of these five telltale characteristics before even thinking about sending it along to anybody else.

Urgent
The e-mail will have a great sense of urgency! You'll usually see a lot of exclamation points and capitalization. The subject line will typically be something like:

URGENT!!!!!!
WARNING!!!!!!
IMPORTANT!!!!!!
VIRUS ALERT!!!!!!

Tell all of your friends
There will always be a request that you share this "important" warning by forwarding the message to everybody in your e-mail address book or to as many people as you possibly can. This is a surefire sign that the message is a hoax.

This isn’t a hoax
The body of the e-mail will contain some form of corroboration, such as a pseudoquote from an executive of a major corporation or from a government agency official.

Sometimes the message will include a sincere-sounding premise. For example:

My neighbor, who works for Microsoft, just received this warning so I know it's true. He asked me to pass this along to as many people as I can.
It's all a bunch of baloney. Don't believe it for a second.

Watch for e-mails containing a subtle form of self-corroboration. Statements such as "This is serious!" or "This is not a hoax!" can be deceiving. Just because somebody says it's not a hoax doesn't make it so.

Dire Consequences
The e-mail text will predict dire consequence if you don't act immediately. The message may inform you that the virus will destroy your hard drive, kill your houseplants, or cause green fuzzy things to grow in your refrigerator.

History
Look for a lot of >>>> marks in the left margin. These marks indicate that people suckered by the hoax have forwarded the message countless times before it has reached you.

[wenwilder]

If you have any links you would like to add please feel free to post them. The more information available the better prepared we will all be. :)


P.S. The information provided has been a WPW community effort. Thank you for the donation of time and information everyone who has contributed and everyone who will :)

[mushroom]

If you have a permanent internet connection and suspect an infection you may goto http://www.dshield.org/ and click on here (Are you cracked? Click here to see.) a data base will be searched to see if your IP is listed as an attacker.

If it is do something about. if is not listed means only lack of evidence.

I report in excess 1000 attacks on my IP every day to dshield and at times 1000+ per hour.

[mikmik]

Tech tip: Before You Connect a New Computer to the Internet

Ever wondered what is proper procedure to safegaurd yourself when installing a new OS, or starting up a new computer?

I have updates curned to a CD, and I install them, plus my anti-virus (also on CD) before I plug in the connection.

These guys have it all, for all OS's, not just windows:
http://www.cert.org/tech_tips/before_you_plug_in.html

Quote:

This Tech Tip provides guidance for users connecting a new (or newly upgraded) computer to the Internet for the first time. It is intended for home users, students, small businesses, or any site with broadband (cable modem, DSL) or dial-up connectivity and limited Information Technology (IT) support. Although the information in this document may be applicable to users with formal IT support as well, organizational IT policies should be followed.

[mikmik]

Protect Your E-Mail Address

Quote:

Professional spammers constantly scan the Web using high-speed programs known as harvesters to capture visible e-mail addresses. Harvesting addresses in this way is illegal in the U.S. under the CAN-SPAM Act, which became law on January 1. But that hasn't stopped the practice.

[kgun]

Then you enter the emailaddress on that image and paste it into the page.

Then a human being has to read the emailaddress. As far as I know, emailharvesting robots can not yet scan a picture for an emailaddress?

If possible, they have to be advanced, so there should not be many at present.

Kjell Bleivik
http://multifinanceit.com/

[sushil]

Code:

originally posted by wenwilder
Configure your email server to block or remove email that contains
file attachments that are commonly used to spread viruses.
This is the list of attachment suffixes that are considered by
Microsoft to be potentially malicious (are blocked by Outlook XP):
.ade, .adp, .asx, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc,
.msi, .msp, .mst, .pcd, .pif, .prf, .reg, .scf, .scr, .sct, .shb,
.shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh

your post is great. but I am not able to understand this statement can you explain it.
thanks for that.

[weegillis]

A good place to start would be to identify the extensions and their associated application(s):
FILExt.

By default, most modern mail clients come with built in attachment filtering turned on, but this is not a fail safe, just a first line of defense. A good, properly configured firewall is a must in today's high tech world, as is a reliable anti virus. Both will scan incoming mail for indicators, such as file extensions, common patterns and other heuristics.

[mikmik]

Quote:

Originally Posted by joyblogs

my PC also has been infected and i am working to find a way
for the solution!

atleast i ve got something useful info here..

I always get to safe mode (with networking to use online scans) if commputer is bogging down:

Quote:

Running Virus Scan in Safe Mode
Running Virus Scan in Safe Mode
Thursday, March 13th, 2008


Virus Scanning in Safe Mode
If you have a virus you can not delete or if your system will not boot up correctly and you suspect a virus is the problem, a recommended solution is to start your computer in safe mode and run a virus scan. By running your computer in safe mode, non-essential processes do not start and non-core components are disabled. In other words, only the minimum necessary programs will load. Tough to remove viruses, spyware and other malware usually have no chance to run and disrupt your system and can more easily be removed.
**To run a virus scan in safe mode, you must have active anti virus software installed on your computer.
To run a virus scan in safe mode, follow these steps:

1. If your computer is on, shut it down
2. Power on your computer
3. Immediately after you power on your computer, repeatedly press the [F8] key (about once per second)
4. In the Windows Advanced Options Menu screen, use the arrows to select Safe Mode and presss [Enter]
5. Select your current operating system and press [Enter]
6. Select the user you would like to login under (if applicable)
7. When your system finishes booting, click the Start button on your task bar
8. Move your cursor over All Programs and navigate to your anti virus program
9. Click on your antiv virus program to run it and follow the anti virus program’s normal steps to run a virus scan
10. After the virus scan is complete, Delete all detected viruses
11. Close out of your anti virus software
12. Restart your computer (it should start in normal mode)

The easiest way to clean your computer is to restore it to a time before it got infected - but only if you when it started acting up.
Hmm, maybe not the best to use restore, but here is an interest thread:
Using System Restore to get rid of Virus
Using System Restore to get rid of Virus [Archive] - Explosm Forums

[mikmik]

Quote:

Originally Posted by sushil

Code:

originally posted by wenwilder
Configure your email server to block or remove email that contains
file attachments that are commonly used to spread viruses.
This is the list of attachment suffixes that are considered by
Microsoft to be potentially malicious (are blocked by Outlook XP):
.ade, .adp, .asx, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc,
.msi, .msp, .mst, .pcd, .pif, .prf, .reg, .scf, .scr, .sct, .shb,
.shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh

your post is great. but I am not able to understand this statement can you explain it.
thanks for that.

I feel priveledged to help wenwilder, but we go way back.

All these 'file extensions' are basically classifiers that tell windows what program to open the file with. For instance, files with a '.doc' extension with call the Word program which will then open that document. '.Txt' will call notepad, and '.mp3' will call Windows media player(or perhaps Apple quicktime/iTunes if you have that installed).

The above file extensions are called 'executables' and will call, for example, windows installer, windows scripting host(have you heard of script kiddies?), and many programs native to windows that run commands.

Here is an explanation for '.msi' at a particularily good site: fileinfo.net - MSI File Extension - Open .MSI files

Here is an explanation on why to show file extensions and how to do it:

Quote:

Displaying File Name Extension in Windows

Quote:

Windows is set by default to not show extensions on filenames. This is done presumably to make lists of files less cluttered to read -- a definite plus.

Although it is very important to know what kind of file a file is, most of us are familiar with the icons of many files and don't think we really need to see the extensions to know that a Word file's icon has a big blue "W" in it and an HTML file's icon has a big blue "e" in it.

However, many of us are not familiar with the blue scroll of a .vbs file or the yellow scroll of a .js file. This is important, because the current round of virus/worm attacks on Windows machines by script attachments use filenames like

loveletter.txt.vbs

Most mail clients will filter these and give a warning, but wenwilder meant that to protect yourself from (most likely) harmful attatchments, it is best to just filter these(do be deleted) to begin with.
It is those hidden file extensions, like 'somepicture.jpg.vbs' where it looks like it is a picture - .jpg - but you don't see the .vbs extension that makes it very, very important to enable file extensions view, as explained in the link above. It is always almost the first thing I enable on my computers and also clients, with an explanation.

Hope this helps. I am not always very clear, so please, do ask questions!

>edit< Sheet, now I see weegillis! Don't tell him I said that he has more common sense than most, haha buddy!