This week, I thought I'd take a different turn with the first article — and look at one of the nasty emails that arrived this week. No, not one of those emails, one of the emails that brought malware along with it. Of course, let's see what they're trying to do to me (and to you, if you get these, too).

First, the malware-infested email is trying to use "social engineering" to get us to open the emails. What's social engineering? It's designing emails to mislead you into a gullible, unthinking response to do exactly what the bad guy wants. Sometimes, he wants your personal information. Other times, he wants to infect your computer. The name of his game is "money."

The first one that made me think of this article was one that claimed to be a notice from the UPS delivery service. It read like this:

From: "UPS Mail Support"
To: <feedback@terryscomputertips.com>
Subject: Your Tracking # 9473631090

Sorry, we were not able to deliver postal package you sent on October the 19th in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
If you do not receive package in ten days you will have to pay 6$ per day.


Your UPS

Attachment: UPSInvoice8771.zip

First, let's take a look at some of the email headers, especially ones that email users don't normally see unless they look for them.

X-Spam-Checker-Version: SpamAssassin 3.3.0-r613124 (2008-01-18) on  xxxxxx.hostgator.com
   —We see that my web host's mailserver ran the SpamAssassin program to evaluate how likely this was to be spam

X-Spam-Level: ******
   —And it got a 6 rating

X-Spam-Status: No, score=6.5 required=8.0 tests=DOS_RCVD_IP_TWICE_B,
   FH_HELO_EQ_D_D_D_D,FORGED_RELAY_MUA_TO_MX,HELO_DYNAMIC_IPADDR,
   KB_RATWARE_MSGID,RDNS_DYNAMIC shortcircuit=no autolearn=disabled
   version=3.3.0-r613124
—First, we see that the spam-score wasn't high enough to trigger the filter. We see which spam tests the email failed, including that it used a forged email relay, that it was from a dynamically assigned IP address, and that it had a known "ratware" message-ID.

Received: from rrcs-74-218-83-26.central.biz.rr.com ([74.218.83.26]:1809)
   by xxxxxxx.hostgator.com with esmtp (Exim 4.68)
   (envelope-from <ptmniyey@bodybuilding.com.sg>)
   id 1KxpV4-0007FH-TG
   for feedback@terryscomputertips.com; Wed, 05 Nov 2008 15:01:21 -0600 Received: from [74.218.83.26] by m1.dnsix.com; Wed, 5 Nov 2008 16:01:15 -0500
—74.218.83.26 is a dynamically assigned (DHCP) address on RoadRunner's business network, which tells me that someone's business mailserver is probably being used to relay spam emails<

Message-ID: <01c93f5f$bb161780$1a53da4a@ptmniyey>
From: "UPS Mail Support" <ptmniyey@bodybuilding.com.sg>
—Notice that the idiot is probably using Outlook or Outlook Express, as both of those hide the return address. I've never understood why Microsoft thought it was helpful to hid the email address. Of course, in this case, the address could be have been faked, but perhaps not — after all, if they were going to go so far as to fake the return address, why didn't they fake it with something consistent with the scam?

To: <feedback@terryscomputertips.com>
Subject: Your Tracking # 9473631090
Date: Wed, 5 Nov 2008 16:01:15 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_01C93F5F.BB161780"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
—and it was sent by someone using Outlook Express 5.

One of the first indications of trouble was that my anti-spam program changed the Subject line from
   Subject: Your Tracking # 9473631090
so that it it read
   Subject: [spam] Your Tracking # 9473631090

So, right off the bat, the bad guy's attempt fell prey to my anti-spam system. If nothing else, this would make me more wary.

However, he made me stop and think for a second, when he referred to a specific shipment date. I sometimes send stuff by UPS, but the date wasn't right.

The second factor was that he sent the email to an invalid email address. That's another giveaway, although you have to have your own domain name to see this kind of error.

Notice the last line of the body, in which he tries to boost our interest in the email's contents — if I don't go get my package in ten days, they'll charge me 6$ per day. Of course, we SAY "6$" but we write it as "$6."

The payoff was in the attachment UPSInvoice8771.zip. If I unpacked the zip file, I would find an executable file to double-click (remember, Windows by default hides the file extension, so most people wouldn't see the .exe even after they saw the .zip in their email program. When you use Windows' unzip program, the final step is to show you the unpacked files in Windows Explorer (where the default setting is to hide file extensions of known file types.

So, what was in the zip file? VIPRE Antispyware+Antivirus identified it as Trojan-Downloader.braviax and as High Risk, and quarantined the zip file. Vipre's report on the risk details advised that Braviax is a trojan that displays alarmist alerts on the user's computer to coerce the user into payig for rogue anti-malware applications to clean up the purported infections. Vipre recommended immediate removal of the file from the computer (at this point, the removal would be from Vipre's Quarantine).

Related articles:

• Showing Hidden Files and Folders
• my Sunbelt VIPRE Review
• download a free 15-day, fully-functional trial of VIPRE
  (that's what convinced me...)

This week I received several phishing emails that were designed to get me to open them. Again, social engineering is matching the content and topic to the interests of the recipient (us), in hopes that we will unthinklingly take the actios the bad guys want.

The first email looked like this:

From: "Bank of America Support" <provisor05@bankofamerica.com>
To: <earhart@terryscomputertips.com>
Subject: Bank of America Don't share access to your computer with strangers.

BANK OF AMERICA CORPORATION NOTICE:

New certificate is designed to help customers troubleshoot security problems associated with potential risk during online operations.
If you plan to update your online SSL banking, we suggest to install the SSL certificate first.

Read more about installation of SSL Certificate>>

Sincerely, Deanna Donnelly.
2008 Bank of America Corporation. All rights reserved.

First, they did a better job of looking real. The return email address at least looked like it might be real.

Again, fortunately, my anti-spam program flagged this, added "[spam]" and threw it into my spam folder.

Also, I don't have any accounts at Bank of America, so it's definitely not real. Another hint is the To address, which is to a non-existant address that has gotten on someone's spam list.

Interestingly, the "Read more about..." was a link as might be expected. Unexpectedly, though, it had a long, long URL address that ended at a domain called fhievs.com (looks like "thieves" when you read the address doesn't it. I suspect (I'm not going to try it) that instead of telling me about what an SSL certificate is, it would have tried to download some nasty to me — or perhaps download an SSL certificate for the site in hopes that I would install it.

Of course, their goal was money, by getting my userID and password.

In this case, there was nothing for my antivirus + antispyware program or my firewall program to catch. They would have been called into service if there had been a program downloaded and installed, if I clicked on the email in the link. But, remember, my anti-spam program did spot the email as bogus and flagged it as spam.

That's one of the reasons why I recommend all of the following: a two-way firewall program, an always-running antivirus program (I don't know of any in today's world that are not), an always-running antispyware program (I don't know of any free ones that are always-running), and an anti-spam program.

What anti-spam program do I use? PopFile — and it's a free, open-source program.

Related articles:

• Getting Control of Your Inbox
• How Can I Prevent spam?
• Keeping spam out of your Inbox
• Another Look at spam Filtering

3.  My Computer Security Software Recommendations

Anti-Virus

I'm often asked about several other popular anti-virus or anti-virus combination packages. Yes, I realize that they are not in my recommendation list. "Enough said..."

For the last five years, until very recently, my personal choice has been ESET's small, fast NOD32 anti-virus program, which offers a FREE 30-day evaluation license. I consider NOD32 one of the best in anti-virus protection. Unlike some of its competitors, ESET offers multiple-year licenses also, and includes program updates in the multiple-year license.

Now, I've changed from my long-time programs NOD32 (antivirus) and CounterSpy (antispyware) to Sunbelt's new VIPRE Antivirus + Antispyware.

I've found that VIPRE puts even less load on my computer than the speedy combination of NOD32 and CounterSpy. I've also been impressed with the way its "deep scan" has found and eliminated risks that were stored in zip files, which is one of the latest malware email tricks.

Read more about anti-virus programs on my web site.

Related articles:

• Anti-Virus Programs and Online Scanners
• Free Online Antivirus Scan
• NOD32 Anti-Virus Review - A Look at NOD32
• VIPRE Antivirus + Antispyware Review

Click here for more information about VIPRE.

Firewall Software

While the Windows XP firewall is much better than no firewall at all, don't count on the Windows XP firewall to meet your needs. You need a two-way firewall, which the Windows XP firewall is not!. Microsoft woke up and supplied a two-way firewall with Windows Vista.

The Windows XP firewall does not control outbound communications originating from your computer — and you should want to have control if adware/trojans/spyware or even commercial products want to talk to the Internet. Whether they are calling home or spewing spam, you want to be able to control your computer.

Do you want Windows Media Player to call home every time you play something? It does! Do you use the Search function in Windows Explorer to find things on your hard drive? Did you know that every time you search, Windows Explorer talks to Microsoft?

I didn't know that when I ran ZoneAlarm, but the Sunbelt Personal Firewall flags that to me, and I can stop it or allow it to happen. Many other programs try to call home when you run them, too.

I recommend my choice for a firewall program, which is Sunbelt Personal Firewall.

You can try the full-featured "paid version" of Sunbelt Personal Firewall free for 30 days — after that, you can register it or, if you're using it on a home non-business computer, you can let it revert to the free, lesser-function license.

Sunbelt Personal Firewall is regularly $19.95 (with discounts for multiple computers and/or multiple years!) for a non-expiring license for the program and includes one year of their updates subscription.

Related articles:

• The Internet Versus You
• Do I Need a Firewall Program?
• My Sunbelt Personal Firewall Review

Anti-Spyware / Anti-Adware Software

CounterSpy, from Sunbelt Software, has received many kudos from the computer press for its always-running and periodic full system scans. It has been my personal choice for my PC's and my family's PC's.

Sunbelt's CounterSpy v2.5, both improved CounterSpy's performance against malware and reduced its impact on system resources and responsiveness when its scanning.

Sunbelt continues to release updated program versions — the current version is v3.1. Nicely, they do NOT install the updated programs automatically. You have to use the Update process in the program, which means that you'll know that something significant has changed.

Now, I've changed from my long-time programs NOD32 (antivirus) and CounterSpy (antispyware) to Sunbelt's new VIPRE Antivirus + Antispyware.

I've found that VIPRE puts even less load on my computer than the speedy combination of NOD32 and CounterSpy. My computer seems to have much more pep and power than it had previously. I've also been impressed with the way its "deep scan" has found and eliminated risks that were stored in zip files, which is one of the latest malware email tricks.

Related articles:

• Fighting Against Spyware & Malware
• My CounterSpy Review
• My VIPRE Antivirus + Antispyware Review

Anti-spam Software

In today's Internet world, the question is not "if" you will get spam, but "how much will you get?"

I use and now I recommend POPFile as my first choice for handling spam. POPFile sits on your computer, between your email program and your ISP mailbox, and handles emial as it downloads.

POPFile uses a different approach to handle spam than some other programs do — it does nothing to reduce spam. It is designed as an email classification tool — you train it to recognize spam and any other type of email that you want to classify. These classifications can help you sort your emails into appropriate folders in your email program.

Sunbelt Software, who makes the anti-spyware program CounterSpy (which I use and recommend) and the firewall that I use and recommend (Sunbelt Personal Firewall) also has a well-regarded, award-winning anti-spam program called iHateSpam for Outlook and Outlook Express. Since I don't use Outlook or Outlook Express for email, I haven't tried iHateSpam.

Mailwasher Pro would be my first choice to handle spam before it ever gets into your computer's Inbox. Mailwasher Pro uses on-line Realtime Black Lists mail servers sending spam recently, "training" by you of what you think is spam, and your own "friends" and "blacklist" lists. Note: I found that PopFile generally meets my needs and stopped using Mailwasher Pro, even though PopFile works AFTER the emails have been downloaded. If I used a dialup connection, I would be more interested in Mailwasher Pro.

Mailwasher Pro can even bounce spam messages, as if your email address was not valid, although the usefulness and appropriateness of this is questionable. There is a free version called "Mailwasher," but it omits the functions that I consider critical for this purpose -- such as safely previewing the emails safely before they ever get to your email inbox.

Related articles:

• Spam Filtering
• Keeping spam out of your Inbox
• Getting Control of Your Inbox
• How Can I Prevent spam?

Cable/DSL Router

If you have a cable modem or a DSL modem, you need to have another layer of inexpensive protection between you and the Internet. A cable/DSL router isolates your computer from direct connection to the Internet. Your computer can easily request your email, web pages, etc. through the router. The responses come back to the router and are smoothly routed to your computer. But, someone on the Internet side of the router can not initiate a connection to your computer — they can only respond to your request.

Even if you only have one computer to connect to your cable or DSL modem, I recommend that you purchase and use a cable/DSL router because of the protection it can give you against attempts to attack through some flaws in Windows itself.

A router isolates your local network, whether it is only one computer or several, from the Internet by actually making it a separate network. The router gets the "public" IP address and handles all your outbound communications and the responses to them. But, it blocks computers on the Internet side from being able to initiate communications with your computer! This will prevent you from falling prey to many worms that try to attack security holes in Windows itself.

For a wireless router, I recommend the Linksys WRT54G wireless router. I'm using the relatively new version 6 of this router.

If you don't want wireless, I recommend the Linksys BEFSR41 wired router, which I also use. Either way, based on my experience, I recommend Linksys routers for price, reliability and Linksys' habit of releasing updated firmware for their products..

See these related articles:

• Wireless Security
• Wi-Fi Hotspots and Computer Security
• Wireless Networking Problems & Wireless Networking Security

Subscriber Art Root wrote to ask about a problem he was having with Outlook Express breaking outbound videos into smaller pieces. Since these are causing problems to his recipients, he wants to know how to make it stop:

Thanx 4ur newslttr. Luv it. Q- Outlook Express breaks up messages (videos) larger than 128 kb on my Dell Inspiron 9400. How can I reset the config?

I wrote back to Art to tell him that, indeed, this is a configuration setting in Outlook Express. If you've accidentally turned this feature on, or if you intend to turn it on, you can find it by following these steps.

First, open Outlook Express. Then, from the main Outlook Express window (not from a separate windows with an individual message), click on Tools.

(click on the image for a larger version)

When you click on Tools, OE will open a dropdown menu for all the Tools choices.

Click on Accounts...

(click on the image for a larger version)

Now, you need to select the account that you want to change. This would be the one for your email address.

Then, click the Propeties button so you can change the configuration options that are specific to that account.

(click on the image for a larger version)

This will open the Properties dialog box for that account.

Click on the Advanced tab, then Uncheck the "Break apart messages larger than" checkbox.

Click Apply to make the change take place and click OK to close the dialog box.

(click on the image for a larger version)

Now, Outlook Express will stop breaking your large out-going emails into small pieces.

Sponsored Advertisement VIPRE Antivirus + Antispyware Tired of old antivirus software that makes your PC slow down to a crawl? Try High-Performance VIPRE security software free for 15 days $29.95 for One Computer Multi-computer and Multi-year Discounts Unlimited Home Site License $49.95 for all your home PC's Vipre is my choice for my computers and my family's computers

5.  Recommend my Terry's Computer Tips Newsletter to Your Friends

If you like my  Terry's Computer Tips email newsletter or the online edition, you can help me increase the number of subscribers to my free emailed newsletter.

Tell a Friend about Terry's Computer Tips!

With my email newsletter, not only do you get notices that the newsletters are available and content that is not in the online newsletter, but subscribing is the only way to get my Special Edition Newsletters which go only to subscribers.

If you get my free Terry's Computer Tips email newsletter, please feel free to forward your copy of the newsletter to a friend or friends that you think would be interested. Be sure to forward the entire newsletter, including my copyright notices and any advertising.

Of course, if you do not get my free email newsletter, I invite you to subscribe, too!