How to Avoid -

[wenwilder]

How to avoid virus infection:

1) Turn off and remove unneeded services. By default, many operating
systems install auxiliary services that are not critical, such as
an FTP server, telnet, and a Web server. These services are avenues
of attack. If they are removed, threats have fewer avenues of attack.

2) Always keep your patch levels up-to-date, especially on computers
that host public services and are accessible through the firewall,
such as HTTP, FTP, mail, and DNS services.
The Microsoft Update site (http://windowsupdate.microsoft.com) is
the place to start for getting the patches. The best download is
the Critical Update Notification. This tool will alert you to the
existence of new patches, as they become available.

3) Enforce a password policy. Complex passwords make it difficult to
crack password files on compromised computers. This helps to prevent
or limit damage when a computer is compromised.

4) Configure your email server to block or remove email that contains
file attachments that are commonly used to spread viruses.
This is the list of attachment suffixes that are considered by
Microsoft to be potentially malicious (are blocked by Outlook XP):
.ade, .adp, .asx, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc,
.msi, .msp, .mst, .pcd, .pif, .prf, .reg, .scf, .scr, .sct, .shb,
.shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh

5) Train employees not to open attachments unless they are expecting them.
Also, do not execute software that is downloaded from the Internet
unless it has been scanned for viruses. Simply visiting a compromised
Web site can cause infection if certain browser vulnerabilities are not
patched.

6) Remove unneeded shares. If you don't want people to access your
files, then disable the File and Printer Sharing from the Control Panel.

Some points about your existing tips:
- Can you get a virus from just viewing the mail? YES. If you have not
installed the Outlook security patches from Microsoft, then simply by
previewing or opening the mail, an attachment can execute without any
interaction. No click required.

- Preventing viruses from "seeing" scripting:
JS (aka Microsoft JScript or ECMAScript) is another scripting type.
However, removing the registry associations is no guarantee that the
script will not run. The way to stop scripts from running is to remove
or rename the scripting host. To do that, rename or delete WSCRIPT.EXE
and CSCRIPT.EXE.

7. Today's web sites contain active content and often it is necessary to download a special [script] viewer or plugin to view this content. In Internet Explorer especially, the plugin / viewer can be automatically downloaded! You can set your "Internet Options" in your Control Panel to warn you when a plugin / viewer is needed to download to view the web site content. Many of these plugins can contain destructive ActiveX or JavaScript controls that WILL take control of your computer with hurricane force!

Listed here are some SAFE plugins to download:

· Macromedia Flash / Shockwave [upgrades too] [much of Bowzer Bird Design is created with Flash MX and you will need this plugin to view it]
· Real Audio [upgrades too]
· Windows Media Player [upgrades too]

Let your tuition warn you when you enter a site that requires you to download a viewer / plugin. DON'T DO IT!!

8. Microsoft Security Notification Service

This service provides summary information from every Microsoft security bulletin. Security bulletins are technical documents discussing newly discovered security vulnerabilities, and provide information on what products are affected, the risk the vulnerabilities pose, and how to eliminate them. Click the link to subscribe. You will have to register first with Microsoft Net and then on the Newsletters page, choose the Microsoft Security Notification Service.

In OutLook, Window's programs and Windows OS's, there are many vulnerabilities a hacker/cracker can find and enter you system withevil intentions. Here, you will find what "patches" "fixes" or "SP's" to download and install to close the "loopholes."
The Security Notification can be directly emailed to you or you can choose from the left side bar which ones you want info for and than download them individually.

[wenwilder]

The FBI offers the following tips for Internet users:

·If you encounter an unsolicited e-mail that asks you, either directly, or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.

·If you need to update your information online, use the normal process you've used before, or open a new browser window and type in the website address of the legitimate company's account maintenance page.

·If a website address is unfamiliar, it's probably not real. Only use the address that you have used before, or start at your normal homepage.

·Always report fraudulent or suspicious e-mail to your ISP. Reporting instances of spoof web sites will help get these bogus web sites shut down before they can do any more harm.

·Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.

·Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long string of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.

·If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the request is legitimate.

·If you've been victimized by a spoofed e-mail or web site, you should contact your local police or sheriff's department, and file a complaint with the FBI's Internet Fraud Complaint Center at www.IFCCFBI.gov.

[wenwilder]

How to protect yourself against scams.

You can reduce your chances of being swindled by knowing whom it is you are dealing with. This will help to protect you against getting involved with scam operators who set up companies, rack up debts then close up shop leaving their debts behind.

Keep these points in mind:

·Ask for the name of the person you are speaking to and whom they represent.

·Take notes of conversations, including dates, times, names and important points.

·Ask for an explanation of anything you don't understand.

·Read letters carefully and seek professional help (e.g. an accountant or a solicitor) if significant money, time or responsibilities are involved.

·If you want to check out the bona fides of a company, contact [Companies House or the Financial Services Authority].

·Find out whom you are dealing with. Independently verify any claims made by a sales person, investment adviser or advertisement.

·Make sure that any company you deal with complies with the applicable legislation. (In the UK, all companies must be registered with Companies House).

·Only do business with companies you know and trust.

·Make sure you fully understand all the terms and conditions of any offer made to you.

·Take your time before you make any decision.

·Don't provide any financial or other personal information before you establish whether the company is legitimate.

·Understand and monitor your investments and ask frequent questions and map out your financial goals before you meet with a financial planner.

·Don't judge the credibility of a company or sales person by how 'professional' they or their promotional material or web site seems.

·Don't fall for high-pressure sales tactics.

·Don't let embarrassment or fear keep you from reporting fraud or abuse to the appropriate authorities.

·Don't ever be afraid to ask questions. In fact, the more questions you ask, the better.
In all situations, the old maxim applies,
"If it sounds too good to be true - it probably is"!

[wenwilder]

Tips on how to avoid the internet scam known as Phishing:

·If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body.

·Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.

·If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

·If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.

·Suspicious e-mail can be forwarded to uce@ftc.gov, and complaints should be filed with the state attorney general's office or through the FTC at www.ftc.gov.

Notes:

The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The most common ploy is to copy the Web page code from a major site — such as AOL — and use that code to set up a replica page that appears to be part of the company's site. (This is why phishing is also called spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user's credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.

[wenwilder]

Top Five Signs That a Message is a Hoax

The next time that you receive an alarming e-mail calling you to action, look for any one of these five telltale characteristics before even thinking about sending it along to anybody else.

Urgent
The e-mail will have a great sense of urgency! You'll usually see a lot of exclamation points and capitalization. The subject line will typically be something like:

URGENT!!!!!!
WARNING!!!!!!
IMPORTANT!!!!!!
VIRUS ALERT!!!!!!

Tell all of your friends
There will always be a request that you share this "important" warning by forwarding the message to everybody in your e-mail address book or to as many people as you possibly can. This is a surefire sign that the message is a hoax.

This isn’t a hoax
The body of the e-mail will contain some form of corroboration, such as a pseudoquote from an executive of a major corporation or from a government agency official.

Sometimes the message will include a sincere-sounding premise. For example:

My neighbor, who works for Microsoft, just received this warning so I know it's true. He asked me to pass this along to as many people as I can.
It's all a bunch of baloney. Don't believe it for a second.

Watch for e-mails containing a subtle form of self-corroboration. Statements such as "This is serious!" or "This is not a hoax!" can be deceiving. Just because somebody says it's not a hoax doesn't make it so.

Dire Consequences
The e-mail text will predict dire consequence if you don't act immediately. The message may inform you that the virus will destroy your hard drive, kill your houseplants, or cause green fuzzy things to grow in your refrigerator.

History
Look for a lot of >>>> marks in the left margin. These marks indicate that people suckered by the hoax have forwarded the message countless times before it has reached you.

[wenwilder]

If you have any links you would like to add please feel free to post them. The more information available the better prepared we will all be. :)


P.S. The information provided has been a WPW community effort. Thank you for the donation of time and information everyone who has contributed and everyone who will :)

[mushroom]

If you have a permanent internet connection and suspect an infection you may goto http://www.dshield.org/ and click on here (Are you cracked? Click here to see.) a data base will be searched to see if your IP is listed as an attacker.

If it is do something about. if is not listed means only lack of evidence.

I report in excess 1000 attacks on my IP every day to dshield and at times 1000+ per hour.

[mikmik]

Tech tip: Before You Connect a New Computer to the Internet

Ever wondered what is proper procedure to safegaurd yourself when installing a new OS, or starting up a new computer?

I have updates curned to a CD, and I install them, plus my anti-virus (also on CD) before I plug in the connection.

These guys have it all, for all OS's, not just windows:
http://www.cert.org/tech_tips/before_you_plug_in.html

This Tech Tip provides guidance for users connecting a new (or newly upgraded) computer to the Internet for the first time. It is intended for home users, students, small businesses, or any site with broadband (cable modem, DSL) or dial-up connectivity and limited Information Technology (IT) support. Although the information in this document may be applicable to users with formal IT support as well, organizational IT policies should be followed.

[mikmik]

Protect Your E-Mail Address

Professional spammers constantly scan the Web using high-speed programs known as harvesters to capture visible e-mail addresses. Harvesting addresses in this way is illegal in the U.S. under the CAN-SPAM Act, which became law on January 1. But that hasn't stopped the practice.

[kgun]

Then you enter the emailaddress on that image and paste it into the page.

Then a human being has to read the emailaddress. As far as I know, emailharvesting robots can not yet scan a picture for an emailaddress?

If possible, they have to be advanced, so there should not be many at present.

Kjell Bleivik
http://multifinanceit.com/