Valentine’s Day = Cyber Crooks And Malware Love

Love in Your Inbox – Malware on Your Computer

It’s only a few weeks until Valentine’s day, so it’s not to early to get ready for the deluge of  “I love you”, “Wish you were mine”, and of course the proverbial “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day, but you won’t if you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year. Much of it designed to drop malware on unsuspecting users machines.

Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users, just prior to this day, culturally set aside as a “celebration of love”.

In previous years, starting just about this time, we saw abnormally high rates of this type of spam, and since cyber crooks are “opportunity driven”, we can expect much more of this type of cybercriminal activity this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. Things like MP3 files, screensavers, cartoons, YouTube videos and the like. You get them so often, that you just automatically click on the email attachment without even thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.

Last year at this time, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.

Fortunately, common sense prevailed and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan, which can connect to remote command and control sites.

Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter

Facebook

Chat forums, etc.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Valentine’s Day: Love in Your Inbox – Malware on Your Computer

It’s only a few weeks until Valentine’s day, so it’s not to early to get ready for the deluge of  “I love you”, “Wish you were mine”, and of course the proverbial “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day, but you won’t if you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year. Much of it designed to drop malware on unsuspecting users machines.

Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users, just prior to this day, culturally set aside as a “celebration of love”.

In previous years, starting just about this time, we saw abnormally high rates of this type of spam, and since cybercrooks are “opportunity driven”, we can expect much more of this type of cybercriminal activity this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. Things like MP3 files, screensavers, cartoons, YouTube videos and the like. You get them so often, that you just automatically click on the email attachment without even thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.

Last year at this time, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.

Fortunately, common sense prevailed and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan, which can connect to remote command and control Web sites.

Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ransomware in Your Browser

Ransomware, a vicious form of malware, is nothing new. It has been around in one form or another, since the late 1980’s.

Once installed on a victim’s computer, the Trojan will generally encrypt the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

The ever creative cyber criminal community has now gone one better, with the release of Trojan.Ransompage. This piece of malware is designed to kidnap the victim’s Internet browser, including Internet Explorer, Firefox and Opera.

Note: The latest update of Firefox is apparently unaffected. Another good reason to update.

According to Symantec, Trojan.Ransompage “uses scare or nuisance tactics – similar to rogue antivirus programs, in an attempt to demand ransom from its victims. Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits”.

Roughly translated from Russian, the ransom demand reads in part:

To remove the informer, send SMS message with text [5-digit number] to number [4-digit number].
Enter the code, received in response, MC

Affected Systems: Windows 95, 98, NT, 2000, XP, Vista, Server 2003

System Impact:

Deletes Files: Deletes Web Browser files.

Modifies Files: Modifies Web Browser files.

Releases Confidential Info: May send confidential information to a remote location.

Degrades Performance: Displayed image may degrade Web Browser performance.

Action you can take if infected:

According to Symantec, “the ransomware is designed to expire in 30 days, so anyone who falls victim to the infection can remove it simply by setting their system clock forward one month”.

Common sense security precautions:

Make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

The authorities need to kick some ass here, and determine who owns the contact phone number and close it down. How hard is that?

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Hey Sucker – Read This! Michael Jackson’s Not Dead!

The Web is the success it has become at least partially due to the fact that it can satisfy our curiosity about almost anything we can think of, including the sensational death of Michael Jackson .

We have learned to satisfy this curiosity simply by a mouse click here, and a mouse click there. In a sense, we have developed a conditioned response to “just click”. You are reading this article, in all likelihood, because the title roused your curiosity.

Using the Internet we can snoop, probe, and pry; and question, or confirm, virtually any statement, fact or opinion. We now have access to a quantity, and quality (some might dispute the quality), of information as never before. Sensational news alerts are a particularly delicious enticement.

Naturally of course, sensational news alerts, will continue to be one of the methods cyber-crooks will use to capture Internet users’ attention, particularly in emails, Google search results, and on social networking sites like Twitter and FaceBook.

Michael Jackson email scams

Since Michael Jackson’s death, email inboxes have been flooded with enticing scam emails, along with the usual emails offering pharmaceuticals, expensive watches, and other knockoff products with which we are all familiar.

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity – the reason you clicked on this article. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational topics.

Knowing this, email scammers (cyber-crooks), will continue to exploit our natural curiosity, to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

With the worldwide Internet population now estimated to be 1.08 billion users, email scammers (cyber-crooks), have a huge playing field in which to practice their crafty scams.

Cyber-crooks, I’m convinced, must feel as if they are in cyber-crooks paradise given the opportunities such a large number of generally unaware potential victims present for illicit monetary gain.

Security experts (including me), argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

It continues to be true  that the majority of typical users, that I meet, are unaware of the very real dangers that spam emails and social networking links, hold for their safety, security and identity protection.

On the other hand, I’ve noted that aware Internet users rely on their own experiences and common sense to avoid malware infections. Generally, they are well aware of the hidden dangers on the Internet and have overcome that natural tendency to “just click”.

While on the Internet keep the following tips in mind:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Despite the title of this article Michael Jackson is dead. Yes, I know you knew this.

Elsewhere on this site there are additional articles dealing with current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

Best Spam Story Ever! Thanks Pastor Mike

Earlier this year I wrote an article on home networking “Your Electric Wiring Is a Wi-Fi Network Alternative”, which proved to be fairly popular with readers outside of North America.

Just two days ago I wrote an article “Email Spammers Are Smarter than You Think”, in which I stated – “I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it”.

Then, this morning, I received the following spam email offering to provide me with a contract worth $2.5 million, provided I am prepared to engage in fraud, graft and government corruption. Now, I could use $2.5 million, but I’ll pass!

The connection between the networking article, and this carefully crafted spam email, points out how spammers can modify their criminal activities to seek out a specific target market, rather than rely only on the more general broadcast, and non-specific targeting method, we are more familiar with.

I’m posting the email in its entirety since I found it very funny, and you may too. I consider it more than ironic, that the apparent sender is a pastor, given that he is advocating fraud, graft, and corruption. Halleluiah , brother!

Dear Sir,

RE: CONTRACT SUPPLY OF NETWORK WIRES WORTH USD2.5 MILLION FOR INTERNET ACCESS TO SECONDARY SCHOOLS

We are much delighted to enter into business relationship with your company of which we request for your full cooperation in order to achieve this goal.

I am a commission agent and consultant and there is a business I want to introduce to your company and if everything goes well, at the end, you will pay me 1% of the total value of the deal as commissions. Briefly, let me explain to you the nature of the concerned business. A government department in Nigeria UNIVERSAL BASIC EDUCATION NIGERIA is looking for a reliable and trustworthy company that can supply the above.

The ministry wishes to award the contract for the supplies to any reputable company in your area with proven capability to supply the above quantity items within a period of 10 months against upfront payment by telegraphic transfer 60% advance by telegraphic transfer immediately the contract is sign while is delivery is by sea to Lagos seaport within 8 months upon you/ contractors receipt of full advance payment. I am writing you this letter because I want to know whether your company has the ability to undertake the contract from for the supply of the above listed items?

Really, it is sometimes difficult to get such a big order from government of any country especially when the term of payment is 60% advance deposit after contract signing and balance 40% before shipment. The good news is that I have friends in the UNIVERSAL BASIC EDUCATION NIGERIA office of the principal buyer and these friends of mine are willing to help me to convince the top official of the ministry in Nigeria to give the contract to your company if you co-operate with me.

The co-operation I need from is to agree to compensate me with 1% of the total value of the contract if we are able to make the transaction. I depend on the success of this transaction and the commission I will receive from this transaction as my own benefits and to uplift my standard of living.

If you are interested to get this contract and if you are capable to handle the contract and willing to give me 1% of the total value of the contract, please contact me by email to enable to give you instructions on how you will apply for the contract.

As soon as you apply for the contract, I will contact my friends in the ministry for them to start underground works with the top officials of the ministry to give the contract to your firm. I am waiting for a speedy answer from you to enable show it my friends in the ministry for them to know whether it will stand a better chance of winning the contract as well on how you should prepare your tender documents.

Kindly treat urgent by confirming your interest, also send us your prices of the above products immediately by internet so that we will advice on how to prepare your tender documents.

Thanks for your kind cooperation also call me upon receipt of this mail.

Yours sincerely

Pastor. Mike Ukwu
NEW AGE TRADING
No. 120 Brass Street
Aba,
Tel: 00234-07056757161

Email Spammers Are Smarter Than You Think

I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it.

Mainstream advertisers and business in general, could take away some valuable lessons from the methods used by spammers to achieve maximum market penetration.

A case in point:

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily Spam going to my long established accounts.

Generally, the Spam aimed at the older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in. After all, how many “male enhancement” products, vitamin pills, or fake watches does a person really need?

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration. These emails are often designed to trick me into revealing financial information that can then be used to steal my money.

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not? In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience.

The following graphic illustrates just how pervasive this type of phishing Spam can be in a new email account inbox. Click on the graphic for a larger view.

Looking closely at just one of these fraudulent emails, it’s easy to see problems with the construction of the message. This misconstruction should always be a tipoff something is wrong.

“Dear B a n k (the spacing in this word is off) of America member,

Bank of America ask (missing letter “s”) you kindly to take part in our quick and easy question survey (missing punctuation – no period).

In return we will credit $50.00 to your account. Just for your time!

– In order to help us please spare two minutes of yout (misspelled word – should read “your”) time and take part in our survey.

– To contiunue (misspelled word – should read “continue”) please click on the link below:

http://sitekey.bankofamerica.com.survey.departament.djwjggh5.net/srv/survey.htm?id=5984 (a questionable site based on the URL) – The following graphic illustrates how FireFox handles this type of site – in this case based on my personal security preferences.

Thank you for your time!

B a n k of America Survey Department.

© 2001-2009 B a n k of America. All rights reserved”.

Clicking on the link (assuming my Browser had not warned me), would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

It’s possible, my financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent email who could then have used this information to commit identity and financial theft.

If you are a relatively new Internet user the following are the minimum safety precautions (familiar to regular readers), you should take:

Be kind to your friends, relatives, and associates, particularly new Internet users, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date.

Show Me the Money – I’ll Show You Your Files (Ransomeware is Back)!

Have you ever considered that your computer files could be a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it!

Ransomware is a vicious form of malware, given that that it encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.

Once again ransomware is on the loose; but a little bit different in this iteration. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.

According to PandaLabs, they recently discovered a new form of ransomware, Trj/SMSlock.A, which reportedly locks the victim’s entire computer, leaving the machine essentially unusable. In line with previous versions of this type of malware, a ransom, in this case in the form of a premium SMS, is demanded to allow the victim access to the infected machine.

While the original message on an infected computer is in Russian, the following English translation has been provided by Panda.

To unlock you need to send an SMS with the text

4121800286

to the number

3649

Enter the resulting code:

Any attempt to reinstall the system may lead to loss of important information and computer damage.

Infection methods: Floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Affected systems: Windows 2003/XP/2000/NT/ME/98/95/3.X

We should not relax our guard on this simply because this malware is currently affecting only Russian users. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

In the event that you become infected by this piece of nasty work, check out Dr.Web, where you can obtain a generator for deactivation codes.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

For additional information on this type of threat see “Gpcode Trojan Ransomeware Kidnapping Again!”, on this site.

IE7 Vulnerability Now Being Exploited

A number of Internet security providers, including McAfee, Trend Micro, and F-Secure are reporting that exploit code for the Internet Explorer 7 vulnerability, patched by Microsoft last week, is now circulating in the wild.

If you have not downloaded and applied this patch you should do so immediately. If you have Automatic Updates enabled on your computer, then this patch has already been applied. Careful users will verify that this patch, has in fact, been applied.

Security vendors have noted that emails which take advantage of this vulnerability, are now circulating on the net that have an attached MS Word document, which if opened, will allow a cybercriminal remote control over the now infected machine.

Consequences:

• Loss of personal data.
• Malicious application installation.
• Possible botnet connection.

Given the abysmal state of Internet security, there is no doubt that unpatched systems will be attacked! Take the time to ensure your system has been updated correctly.

Minimum email security precautions:

• Don’t open emails that come from untrusted sources.
• Don’t run files that you receive via email without making sure of their origin.
• Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Cupid Is Out To Get You – Valentine’s Day Spam Jumps

Happy Valentine’s Day – and hopefully it will be, unless you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year.

Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users just prior to this day culturally set aside as a “celebration of love”.

Last year at this time, we saw abnormally high rates of this type of spam, but this year according to MessageLabs, a Symantec company, the volume of Valentine’s Day-related spam has increased by 50 percent over last year. Current estimates place cupid style spam at nine per cent of this weeks spam activity.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.

A friend, who is an astute and aware computer user (I though), fell for one of these carefully crafted teasing emails earlier this week. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.

Fortunately, the common sense that I have been drilling into him, for ever it seems, kicked in, and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan which can connect to remote command and control Web sites.

Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date.

Need security solutions? Checkout “The 35 Best Free Applications – Tried, Tested and Reliable!”, on this site.

For additional timely advice on the scourge of spam, checkout “Make $6,513 a Day Doing This” from the pen of fellow blogger, TechPaul.

To help you keep ahead of cyber criminals, visit Scambusters.org, where you can get all the latest information on Internet Scams, Identity Theft, Internet Fraud, and more.

Gpcode Trojan Ransomeware Kidnapping Again!

Have you ever considered your computer files as a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it! Ransomware is a vicious form of malware, taking into account that it encrypts the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

Trend Micro Advanced Threats Researcher, Ivan Macalintal, recently reported that Gpcode ransomware is loose on the Internet once again. Regular readers of this Blog will remember two previous articles in which this virulent malware was discussed.

First encountered two years ago by Kaspersky Lab, Gpcode has undergone several incarnations, with this latest version being identified by Trend Micro as TROJ_RANDSOM.A

Reportedly, Gpcode is now using a 1,024 bit encryption key, as opposed to 660 bits in an early variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password.

According to Trend Micro TROJ_RANDSOM.A:

Can be downloaded from remote site(s) by other malware

May be dropped by other malware

May be downloaded unknowingly by a user when visiting malicious Web site(s)

(Fake error message upon malware execution. Courtesty Trend Micro)

As with previous versions of this malware, after installation, the victim is informed that the computer’s files have been encrypted and a decrypting tool must be purchased, for US $307, from the cyber-criminal, in order to decrypt the affected files. Email addresses are included in order to facilitate this fraudulent purchase.

Affected systems: Windows 98, ME, NT, 2000, XP, and Server 2003.

(Process illustration courtesty of Trend Micro)

If you should become infected by this Trojan your best course of action, assuming your installed malware scanners cannot remove the infection, is to take advantage of the multiple online scanners offered by the major anti-malware software developers.

For a review and list of online malware scanners please read “Free Online Spyware/Virus Scanners – Multiply Your Protection”, on this site.

References: Trend Micro

While it has been established how Gpcode infects the victim’s machine with the Trojan, none-the-less, the following precautions are critical to the security of your system.

Most importantly – make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments