Useful information, interesting links, and much more.
You are visiting  
Please choose a

Use the menu to view your

Choose an article with these menus. To return to your last choices use your browser's BACK button.
Special Links
American Patriotism
Short Cut Menu
God Bless America
 
Home Page

Click Picks
Internet & Security
Loading

   • Enter search text below.
   • Press the "Search" button.
   • Click "X" to return here.

4. A Typical Spam
This is a typical spam that appears to be from an amateur. It probably is not.
Next Page
See also

A Typical Spam

This Spam from "Paul", offering a "Christian search engine", serves as a good example of how to avoid trouble.

The sender is Paul. The subject line is F.r e e C.hristian search engine. The periods are there to fool spam software that searches for certain key words, such as "Free" and "Offers" and "Value".

Below is the text, with comments at the right. The "Click Here" address has been disabled; it now links to itself but it used to link to a user's free Web space on a Tripod site.

If there were such thing as a F-r-e-e family based and C.hristian search engine on the internet, with ONLY the things you wanted to see, read, hear or do, would you search with it?

W h o   W o u l d n ' t?

Check this out! ! !  Its a free tiny little applet that installs seamlessly & automatically, no guesswork - right into your IE browser, and easy to remove should you ever decide too - all you have to do is click here and it adds a little search feature to the top of your toolbar.  Whenever you want to find something of good value, try searching with it, you wont be sorry.  After going to the link, just say yes to the Verisign approved security message.

8492niAK9-617nTiQ6920UNVV6-931quWa4591pTSo8-079qfmo4657omuY5-180IDQT8997mqwo3-207l76]B/~6÷ζ

Problem Areas

  1. This message is from an unknown and untrusted source, known only as Paul.
  2. The subject line is designed to be deceptive to spam filters.
  3. It's free. What is in it for the sender if it is truly free?
  4. It offers something that may be of value, however, its function is not really defined.
  5. All you have to do is "click here" to get started. That will take you to a free Tripod Website, not a commercial server at a known company.
  6. This is an "applet", which is really a program. If you install it your browser will be modified.
  7. It promises to be easily removed if you don't want it. This should help convince you that this is safe.
  8. You are instructed to simply click OK if the authenticity of the program is challenged.
  9. The MIME encoding at the bottom of the page suggests that someone does not know how to write code.

Questions

How long have you lived without this? Why do you need it now, or do you really need it?

Why is Paul targeting Christians? Is there a special need among that group, are they considered more gullible than others, or did Paul just latch onto a mailing list from a Christian forum or chat room?

Are you a member of the group Paul is targeting? We are not members of any such groups so why did we receive this letter? That raises suspicions right away.

This text is laced with bad grammar and typographical errors. There is a piece of extraneous MIME encoding at the bottom that should not be there. If Paul's spam is this sloppy, do you want to install his free software?

Before you install any software consider its source. This software came to you. You did not go to it. Something should smell fishy right away.

The "Click Here" address is a page on a free Tripod Website. These sites can go away at any time and it is easy to open an account in a false name. If there is a problem, how do you find Paul again?

If you do install this software how do you know you can really remove it? Can you really remove ALL of it or will it leave something behind, like a Trojan Horse or a Zombie?

Once Internet Explorer has been modified will the latest Microsoft patches work properly? Or will you have an unsupported browser with potential security leaks?

What happens if you try to install it on Netscape or Opera? Will the installation fail, or will it damage your browser?

Why bypass the Verisign security message? Does Paul know something you don't? Our guess is that this download does not have a valid certificate of authenticity. Why not?

One must wonder what Paul will get out of this. If this is really a good package he can get it distributed, with full recognition and possibly some Shareware payment, by submitting it to any number of shared software sites such as Tucows and C-Net.


Notes

The Click Here link is rather revealing: http://ihuw8397h.tripod.com.br/ins.html, which is currently an invalid address.

  • User IDs at free services can be untraceable. It is easy to open an account using falsified information.
  • The .br suffix indicates that Paul is (or was) in Brazil. How will you find him if you need him?
  • Many countries do not prosecute spammers and virus writers.
  • The Web page name, ins.html, gives the impression it could run an installation script.

This spam could do untold damage to your machine or it could do exactly what it says, which is not really well defined. Do you know how to reinstall Windows if the former is the case? Are you willing to take that chance?

A Trojan Horse will wire back private information to the "mother ship". This could include your surfing habits, data from your accounting program, or the keystrokes you use to log on to your e-mail, chat rooms, and other secured areas. Paul might be able to find your resume, your social security number, your credit card number, your bank accounts, and your passwords. Lucky Paul!

A Zombie lays in wait until it is activated remotely, at which point the computer could be used for just about any purpose. Would you knowingly help to take down the Pentagon's computer system? Would you want to learn the passwords of the key users at a large company? Maybe not, but your computer could be doing just that.

This program may modify the Browser code today so a leak can be exploited at a later date, one that future Microsoft patches won't address. It could be a year before you learn what / if this program really does.

So, is this a good deal? We think not.


Next Page
See also

   
www.Eagle-Wing.Net