CASEScontact - solutions, tools & skills against latest security, cybercrime, hacking & malware threats

What's up?

Real life scenario

Internet & PC scenario

What is the threat or vulnerability?

Grandpa's newphew Leo is really annoyed about the phone calls he gets from direct marketeers on his mobile phone. In contrast to grandpa, he does not want to:

unlist his phone number, because

this would make it impossible for his many pals wanting to find his phone number in the directory - not an option considering his social life and large circle of friends.

Instead he has chosen to take the opportunity given to him by privacy legislation (PS: he hangs out in Switzerland) by having a star * put right next to his name.

This indicates to every telemarketing firm that he neither wants a phone call nor having his number used for any other unsolicited marketing purpose.

Regarding his junk mail (i.e. adertising brochures, offers, etc.) coming via snail mail to his mailbox, however, Leo decided to have none of it anymore. He got a sticker from the post office saying something similar to 'no junk mail wanted.' This stopped junk mail in its tracks and he rarely if ever gets a flyer.

But Sandra his sister did not chose this option because she appreciates junk mail for keeping her posted regarding sales and other special offers from her favorite retailers.

Sandra, Leo's sister has had a serious problem with spam mail. She began fighting back by asking to have her e-mail marked with a star * next to it in the telephone directory. This indicates that she does not want unsolicited e-mail whatsoever, an option given to consumer under local privacy legislation.

Since then, Sandra experienced a drop in spam from local sources. However, she continued getting tons of spam from senders with weird domains or bogus/fake From: e-mail headers.

Hence, she saw no other choice than to change her e-mail address having it no longer listed in the directory and giving it only to her friends.

In addition, she went to an Internet Service Provider (ISP) that offers spam filtering. Unfortunately, Friday two of her boy friend's e-mails were identified as spam and one mail from her best friend also got marked as spam. Not receiving these e-mails caused a bit of a confusion during the weekend ... :-)

Hence, Sandra decided to change her tack and manage her spam filtering in a way that mimimizes the risk of:

getting much spam, and having

important mail identified wrongly as spam (so-called false positives)

Problem & Solution

What does it mean to me? Am I vulnerable?

So why should one care about spam? Because:

A) The Threat is that once you get spam, it is likely that the flood of spam will increase very rapidly and therefore, take you ever more time to get rid of unwanted mail in your inbox.

Spam comes in a variety of forms, including fraudulent messages. This mass-messaging is called 'spoofing' or 'password phishing.'

B) Vulnerability is that with the ever greaters pread of your e-mail address by spammers, you are also likely to receive malicious code that may contain viruses or spyware -- all things that will annoy you as these two tips show:

Reducing the virus risk - http://casescontact.org/tips/210002

Avoiding spyware - http://casescontact.org/tips/210006

C) Impact is simply the nuisance it creates and with the ever larger number of e-mails you are ever that more vulnerable to miss important e-mails from such people as your key customers or your wife/husband asking you to pick the children from school this evening.

Fraudulent messages or spam can appear to be from a legitimate source, or the creation of an official-looking webpage that asks you to provide your username and password or other personal information. Such messages or pages could ask for your bank account number, PIN number, credit card number, mother's maiden name, or birthday.

Spammers often ask for this information in an attempt to steal your money, credit, or your identity.

If I fix the problem - will it help me?
How

The best defense is following good security practices to get a triple benefit by:

saving time (i.e. not having to sort through spam),

money (spam costs bandwidth and disk space), and

grief (e.g., avoid missing the most important message in your with spam overflooded in box)

Finally, once a spam message is in one-s in-box, inadvertently opening it and clicking on a URL may also result in more grief as outlined under Threat and Impact above, something we all surely want to avoid.

How can one describe the solution?

Good security practices and effective risk management help to minimize the amount of spam you get. These steps include, but are not limited to:

Separate your e-mail accounts, whereby you have at least five e-mail addresses, such as:

a) an e-mail for private use only (e.g., family) - use something a bit unusual and not FirstName.LastName@Domain.com but something similar to FirstName1985@domain.com (Numbers cannot as easily be figured out by a spammer).

b) have an e-mail for business use only, this one you might have been given by your employer

c) have an e-mail for subscribing to news content, newsletters, etc.

d) have a 'throw away' e-mail address, which you use when you must register to get a report for free downloading or something else, such as e-Bay or Amazon, finally

e) have a so-called throw-away account that ceases to exist after a certain period (e.g., site you do not know or trust), most big sites provide you with this option for free (e.g., Yahoo offers these to subscribers)

The above strategy allows you to spread the risk, whereby if one e-mail becomes useless you simply make no longer use of that address. After not having logged in at hotmail or Web.de for a while, the account will simply expire. You have to make your contacts aware of this change, of course, to avoid a few misgivings :-)

You may use another strategy but at least make sure you have a different address for family members and a throw away one for registering your name for any type of service or e-commerce activity on the Web. Failing to do so increases the risk for trouble

Does Microsoft offer me a solution?

There is really now solution available from Microsoft at this stage and Outlook has difficulty in handling several e-mail accounts in one program, again the options are:

1) Install your favorite e-mail program (e.g., Eudora) several times with different names, such as having a privateEudora and a BizEudora to handle these accounts separately. Not too difficult considering today's amount of disk space one has, and

2) You can run a program such as Thunderbird which allows you to have several accounts and various personalities and filters in one program. Others do also but this one works probably the easiest for most users (easy to configure, easy to install, safe to run), see at:

http://www.mozilla.org (it also has spam filters and the program is free)

if you are an Outlook / Express user check out Tidbit 2 below for a special free tool to fight off spamm for these 2 programs.

Where can I get more help?

For more definitions regarding buzz words and computer security check out:

http://security.weburb.dk/frame/show/news/3510

What is the solution to this problem ?

Tip 1		Fighting Spam - Getting it Filtered Before it Reaches one's PC One smart way is to use any of the free e-mail services that provide you with plenty of space for your Web-based e-mail. The trick is to find those that offer 2.5 GB and counting (e.g., Gmail - was not yet public on August 15, 2005 - if you need to get an account, get one here: http://security.weburb.dk/frame/show/news/3623 1GB so far is offered by Yahoo!, to get it free use mail.yahoo.dk or mail.yahoo.de The above services do not only offer a lot of disk space for your e-mail that you can download to your PC while still keeping them online. More importantly, they also use a spam filter and put any of the mail identified as spam in a: spam or bulk mail box. All you have to do is go through the mail that has been identified as spam and unmark mail identified wrongly as spam and it will be moved into the in box so you can download it to your PC. It will also be saved online unless you have not checked this option. Similarly, you go through the inbox or the folder called something similar to 'all mail' (stores all the mail received and mailed out 'forever'unless you checked the option that these mails are removed once you download them to the PC) and mark those mails that the spam filter missed as spam. The accuracy of these filters is good. What is the catch? you may ask. Well, if your mail provider does the spam filtering for you, to check and increase effectiveness of the filter for your purposes you still have to go online and log onto the web-based mail service at least once a week. Only this will allow you to manage the spam filter. Most important is that this way you can make 100% sure that you have not missed any of the important mails because they were misidentified as spam. Onc of our CyTRAP members gets hundreds of mails and claims that less than 1% are wrongly marked as spam or missed when they should have been put into the spam box. More importantly, if spammers find a new trick, these filters learn very quickly. For instance, after correcting these these one or two mails that were put in the wrong category, the filters adjust and the next one coming your way using the same approach will be caught and labelled correctly as spam, thereby not filling your in-box. Pretty convenient.

Tip 2		What other Options are Available? The above options are just a few. If you want a lot of space for storing your information than there are not too many providers that will accomodate you in addition to the ones listed above. Nonetheless, many firms offer one a free e-mail account with web-based and pop access features, however, these may range from 3 - 15 megabytes only. In such an instance, you may want to download your messages to your PC and remove them from the server to save disk space. Important is that the service offers you this option, since having to do e-mail on the web is not always the option one wishes to take advantage off. To get an e-mail address with a provider including listing the ratings from such groups as Consumer Report, Stiftung Warentest and others, for free e-mail accounts : http://vopage.ch/freemail.htm Important is to choose a service that enables one to view the spam box online, in order to correct possible errors (e.g., email that was wrongly identified as spam or vice versa). This also stops spam from being downloaded to your computer where you do not want it. A Small Tip You may use one of these services in addition to the provider that provides you with your broadband connection from home. The latter may charge for spam filtering or not offer a good system. In either case, the ones discussed above are as good as a paid service if not better and they are free. Most people are surprised to learn that spam filters can sometimes prevent them for receiving important e-mail. This false-positive error (i.e. misidentifying a legitimate e-mail as spam) is particular worrisome if you do not have a spam mail box that you can access to see what might have been isidentified as spam. As long as your provider gives you access to what filters identified as spam so you can correct an error made, the system will progbably learn quickly and thereby making it okay for you. arrives in their in box. Hence, if spam filters are not perfect what is a user to do? Read on.

Tip 3		But You Prefer to Install a Spam Filter on your PC Instead? We do not have to get into technicalities but, generally spam filters are based on: 1) using filter rules, or 2) creating a black list or white list (pass through), for messages from certain domains, or a 3) combination of the above. Spam Filter Needed Now? - Here is One The spam filter listed below is one of the CyTRAP choices, however, we have a few more choices listed further below. All are free and we have tested them for your convenience before presenting them here. They all work nicely and it will be a matter of preference (e.g., interface with your e-mail program, and feel). http://security.weburb.dk/frame/show/news/3718

Take another 2 minutes - More tricks to safeguard your information better

Tidbit 1		Figthing off SPIM the SPAM Version for Instant Messaging 'SPIM,' as people are beginning to call unsolicited instant messages, is the latest installment in the growing epidemic of unwanted electronic ads. You can eliminate SPIM while still being able to use your instant message service by running this utility, it does not affect the operation of your instant messaging software/service but eliminates unwanted electronic ads for sure! http://security.weburb.dk/frame/show/news/3203
Tidbit 2		Getting a Spam Filter for Outlook / Express If you use either of the above two programs there is a spam filter available that interfaces very nicely (look and feel) and, more importantly, it is very good at catching spam without really slowing down the program too much - meaning very little indeed. http://security.weburb.dk/frame/show/news/3208
Tidbit 3		Getting a Filter that Works with a Few More Tricks If you want to be able to run your own spam filter, this open source one called SpamPal is a very good one and available in many languages. Moreover, it is constantly being updated and improved upon. http://security.weburb.dk/frame/show/news/3722
Watch out		You can reduce the risk of having your e-mail sent to one of your friends or associate identified as spam and thus blocked by a spam filter by following these best practices regarding e-mails, such as: sending in text format, not html one, sending a message to a few recipients only (avoid sending it to more than 10 recipients), send about three attachments max with an e-mail message, avoid using capital letters in a message and more than one exclamation mark when ending a sentence, do not use non-existent headers or e-mail addresses (goofy@nomountain.hallo.death.com) or confusing number and letter combinations (e.g., xxxxYYY1234CASEScontact), add a sensible and descriptive Subject Header to your e-mail message Following the above suggestions mimimizes the risk of having one's e-mail identified as spam by a scanner that is set to be very restrictive. Get Updates for CASESContact Tips and Latest Advisories via E-Mail or RSS subscribe for e-mail updates visiting http://casescontact.org/subscribe.php, get RSS feed from http://casescontact.org/rss.php or else from any major RSS news aggregator such as http://www.readafeed.de (Reed a Feed) Watch Out For Next Tip When: 2005-09-27 - Tuesday What: Windows Update 101 - Yes Virginia - Follow these THREE Rules and Secure Sailing is all Yours for the Taking Get More Tips and Tricks - Latest Security Tips (ISSN: 1603-9866) http://casescontact.org/tips_list.php

CYTRAP resources - check it out - because it will help you better protect yourself

Administrative

Author		Urs E. Gattiker - CyTRAP Labs

Revisions		1.0 - 2005-08-23 - First Version
Contact details		Web: http://CASEScontact.org E-mail: support01@CASEScontact.org Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036 Fax: +44(0)70-9237-6036, dial 3 send fax

--END of ADVISORY - Important Info Below--

We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert.

NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via: 1) e-mail 2) RSS feeds, or else, just get a 3) free skills tune-up

NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. Full DISCLAIMER notice at: http://www.casescontact.org/terms.php

UNSUBSCRIBE If you no longer wish to receive this TIP ADVISORY, please Unsubscribe at: http://www.casescontact.org/unsubscribe.php QUESTIONS, comments, ideas? Cheer us up at:Tips-Comments at CASEScontact.org CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise - --currently hosted by Flashcable

-- END of TIP & Tricks ADVISORY-- Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved.

Just the facts

Title		Rather 100 SPAM Msgs Than ... Check Grandpa's 101 on Avoiding & Getting Rid of Spam
Description
CyTRAP LABs ID		CT210008
Date		2005-08-23
Systems affected
Version number		1.0
ISSN		1603-9866
Verify tip		http://casescontact.org/tips/210008
Risk assessment		High
Impact/Severity		High

Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient: Your email: or press here.

Fighting Spam - Getting it Filtered Before it Reaches one's PC

What other Options are Available?

A Small Tip

But You Prefer to Install a Spam Filter on your PC Instead?

Get Updates for CASESContact Tips and Latest Advisories via E-Mail or RSS

Watch Out For Next Tip

Get More Tips and Tricks - Latest Security Tips (ISSN: 1603-9866)