Stopping spam tip.

1st. USE GMAIL. Then enable ‘SmartLabels’ in Gmail’s labs portion of the ‘Settings’. This alone will cut bulk and spam to next to zero!

You can set up Gmail to retrieve just about any other type of email account you have. Read about that here.

If you don’t want to use Gmail the next part is still just as important.

2nd. DO NOT click on the ‘unsubscribe’ anywhere within a spam email. That just lets the spammer/scammer know that your email account is not only active, but you actually took the time, read and acted upon the email they’ve spammed you with!

Doing that only means your email address just got put onto the priority confirmed working spam list!

More Maleware in the wild ‘E-Card’

Hi folks just thought I’d pass this on.
The folks at Shadow Server have found this propagating.
There are loads of new security threats – many using tried and true vectors.
This one uses the ‘E-Card’ email route.
One that STILL somehow get people! Please NEVER, EVER, EVER open up these type of links!
They often look like this.

botspam

Microsoft also has information on this latest threat here:

http://blogs.technet.com/b/mmpc/archive/2010/12/31/unhappy-new-year.aspx

Please folks be careful and exercise caution when opening email or ‘clicking’ on links. and  keep your systems up to date.

Bogus and Malicious emails

Here is a reminder.

Let’s all keep ourselve and our data and systems safe.
I have just recently seen numerous emails comming in supposedly from UPS containing trojan/infected files!!
If you are not expecting and ‘EXPLICIT’ file in an email from a TRUSTED person.

DO NOT OPEN/RUN OR DOWNLOAD IT!!
Info on some here.

Legitimate vendors – eBay, ups, fed-ex amazon etc. will send you notice that you have invoices, receipts, shipping info etc. ready for you viewing.

BUT do not click on links provided in emails requesting personal information – they can contain links to bogus/phishishing sites! [sites that mask as legitimate but instead ‘steal/get you to give them your personal information]

If the email is from a true valid vendor you should be able to go to the appropriate vendor site by typing in the web address into your web browser and logging into your account and checking ‘messages/status etc.

I have spent a lot of time recently cleaning up systems that people inadvertently infected with spy ware/malware. And by trying to ‘fix’ the problem by themselves many of these folks have only infected/wrecked their machines more dramatically.

There are LOADS of malicious emails out there claiming to be ‘security updates/upgrades’ or Outlook system updates etc. that are cleverly (dastardly actually) masked (spoofed) as comming from within your organization, or some other trusted entity (often Microsoft).

Here is a good article on what some of these look like. Here is another. And still another.
You get the idea I hope.
They vary but the result is the same – you infect your system and your entire network with a ‘backdoor’ trojan.
These types of emails are very dangerous ‘phishin’ attacks designed to place a trojan silently onto your machine.

Once again please NEVER click on a link with in an email! From anyone.

The safest thing to do is call the person suposedly sending the email and verify it’s validity, or simply type the address directly into your browser.

As always I hope that any of you who read this have current Antivirus and Anti spyware software installed and most importantly keep them updated daily. And have them currently running.
While there may be advertisements listed on my site for anti-spyware and anti-virus protection, I can’t always control who or what they are for. I can however, recommend the links below.
My recomendations are as follows:

For a very, very good Antivirus and spyware solution (and free at that):

http://free-antivirus.eeye.com/

Their solution – Blink is fantastic.

You may also have Symantec/Norton, McAfee or AVG installed – Great!! but is it updated daily?

http://www.symantec.com/business/security_response/definitions.jsp

http://us.mcafee.com/virusInfo/default.asp?cid=45702

http://www.grisoft.com/us.download-update

Another super free and great anti-spyware is Spybot Search and Destroy (Spybot S&D;).

I have used this to successfully fix/repair dozens of machines.

Beware though there are many ‘bogus/extortion’ appliations that are trying to trade off the ‘Spybot’ name.

The home to the one and only freeware SpyBot Search & Destroy is:
http://www.safer-networking.org/en/spybotsd/index.html

And a very highly rated anti-spyware package by PCWeek is Spyware Doctor. Not free but worth the price:
http://www.pctools.com/spyware-doctor-antivirus/

Stop Spam Calls

Ok, how many of you have gotten calls that were dialed by an automated system?
You know the kind. Your phone rings and if you pick it up there is a ‘pause’ before someone gets on the line.
Who then proceeds to tell you that,
”the FBI needs your information..”
“your car warranty is about to expire..”
“you owe money to such and such and we can reduce the amount…”
“we are in the neighbor hood doing x for the Jone’s etc.”

The list is just about endless.

Or how about getting messages on your voice mail or answering machine that tell you “to call 800-xxx-xxxx ext. xxx for a very important matter.” Or “you have an outstanding balance please call 800-xxx-xxxx etc.”

These calls and nearly all like them are made by ‘dialing programs’. There are two types most in use today.

The first and most common is the programs that actually dial a whole set of numbers for a given area code and prefix.
Example: 310-473-xxxx from 0001 on up.

The second is used mostly by fraudsters, bill collectors (illegitimate and some times legitimate) and other scammers.
The program dials a given set of numbers the same way.

HERE IS THE KICKER:
Since the calls are made by machine they follow rules! And we can exploit them to our advantage!
The programs were designed to save money by dialing fast and not wasting the time of (expensive) people. Although one could argue that wages in Bangladesh aren’t that high, you still need real people, even if they don’t speak proper English, to carry on a real conversation.
So when the dialer get’s an out of order or line disconnected ‘tone’ it marks the number as ‘no good’ and moves on.
If however you pick up the phone the system knows the number is valid and puts you through to a person who will then annoy the crap out of you.
Same goes for the calls on answering machines and those going to voice mail – if the dialer get’s an out of order or line disconnected ‘tone’ it marks the number as ‘no good’ and moves on. If your machine or voice mail answers with a ‘message’ like, “hello we are not here ……” the call then plays the message to call a certain 800 number back etc.
With any of these calls the absolute worst thing you can do is actually call that number!!
Your phone will be marked as ‘valid’ and ‘worth calling’ forever!
[This also applies to spam email too!! Never respond to spam email to ‘be removed from list..’]
So how do you we beat the machines?
Quite simple actually.
By playing the ‘call could not be complete’ or ‘number disconnected’ tone before your answer message.
That’s right by simply placing that ‘beep beep beep the number you are dialing…’ tone before your message you will kill the auto dialed call. If you are like me you can even play the tone before you answer a live call!
Just play the tone then record your message.
Make sure you tell people who should be calling you – family friends – that they should ingnore/wait for the actual message.

So where to find the ‘tone’.
Here are a couple links to the tones with the associated message.
Remember you only need the ‘tone’ at the beginning to make the dialer think the number is bad.
You can find them here:
Disconnected number:
Wave format:
Call not completed as dialed:
Wave format

I have created a looped tone with out the message that I use. It plays the ‘beep beep beep’ twice in a row. I will try and find a ‘place’ to put it when I can for easy download. Check back.