Dangerous SPAM

A few months ago I received an e-mail from some (insert your choice of bad word(s) here) spammer. The e-mail sent sat happily on my host's mail server before being sent along the long journey from the UK to my inbox here on the east coast of the US.

Downloaded the e-mail and AVG antivirus happily let the e-mail though being free of any sort of virus. Being the last one to download MS Outlook Express happily displayed this last e-mail in the preview pane.

Ding! "Your current security settings prohibit running ActiveX controls on this page. As a result the page may not display correctly." [Ok]

A brush 2 months earlier with an ActiveX control from a website had SEVERELY infected my PC with a small sampling of the latest and greatest mass mailing worms, a failed Code Red infection, 4 active trojans, 5 keyloggers, and a nice little application that ran and downloaded 17 ad displaying pieces of adware. Basically severely crippling my beloved gaming PC and initiating a 72 hour long battle with one of the adware companies trying to get ANY sort of information on manually removing their (bad word here) application. They sent me an uninstaller (failed and installed several more adware applications and crippled my firewall) to "rid" my PC of their (bad word here). Eventually I had to wipe the drive and start anew, a painful process of install this, update that, patch this too.

Anyway, back to this e-mail...

I forwarded the e-mail to another e-mail account and ran it on a testing machine. BAM!! Popups and two keyloggers. The firewall I had disabled to see the effects of the embedded ActiveX control in the e-mail, and not suprisingly the firewall (software based) wouldn't restart when I tried running it again.

Windows XP Service Pack 2... sure I have my doubts about it, but without its ActiveX blocking tool this spammer (RealSavingz) would no doubt have a zombie machine to do someone's bidding.

Personally I think anti-spam laws are useless unless the spammers can be caught and given 5 years for every 10,000 e-mails sent. I can remember the days when all you had to worry about was going over the allocated free e-mails CompuServe gave you and you had to pay a little extra on the next bill.

Protect your computer by avoiding Outlook and Outlook Express. If you feel that you *must* use them for some reason, turn off the preview pane. Preview just ensures that every mail that's highlighted is opened. That ensures that your computer WILL get infected.

I've been looking for an alternative to Outlook/Outlook Express for many many months. So far, the only liable alternate would be Yahoo. But, a lot of registry accounts don't allow that as a main e-mail account due to fraud issues.

Microsoft, being the main target of attack, it seems utterly pointless to use any of its products.

Perhaps try Mozilla's Thunderbird v1.0 . I have used it to see how compatible it was with Exchange server, and it seemed to work well...

Get a new Apple! Next week at the Mac Expo they're expecting Apple to unveil a new headless (no monitor) computer aimed at Windows and iPod users for only $599. It's rumored to have an integrated KVM switch, which will allow it to share a keyboard, mouse, and monitor with a PC. This means with a touch of a button you'll be able to switch back and forth between your PC and a slim little Apple which can be tucked under your monitor.

How cool is that?

With that said, I use Apple's Mail program. Check out the link. Its best feature is that it supports message threading. I don't know how I lived without it. Oh yes, and no more ActiveX garbage or viruses.

~Ulrika~

Apparently you glossed over the part where Outlook Express is the only reasong her computer didn't get infected.

I second that... I've moved to using apple's mail as my primary mail client and except for some minor problems its by far the best mail client I've used.

Wow, thanks for sharing that story. I love to hear about stuff like that. Glad you avoided the payload!

That being said, Outlook is a horribly unsafe email program. Go GMAIL.

I'm planning to grab one for my work desk....but that's not sure fire to solve the spam/spy problem, but will help me bunches in tech support

MMM MMM GOOD!

Outlook is not a horribly unsafe email client if used correctly. Microsoft has recently addressed many security issues with Service pack 2, and also changed many default settings in Outlook to lock things down.

Just be smart about how you do things, and all will be ok. This is true for any email client.

That said, I sometimes like to check my email through a webmail client that is installed on our email server. I like SquirrelMail and Horde/IMP. The advantage is that since it runs in your browser, it takes advantage of your browser security settings, and making a mistake in downloading a malicious email is a bit harder to do.