Last post I promised I'd spend some time talking about safe surfing habits. I was considering where to begin when my wife received a suspicious email from a friend. As we deliberated the wisdom of opening the email, it occurred to me that I might as well start here.

The email seemed innocent but was inconsistent with the messages we typically get from this friend. It contained a link to a file on wesite known as "Rapid Share". Rapid Share is simple file sharing service open to the public for the purpose of easy file sharing when all you need is to share one file. Further tipping us off was the fact that the file was called "Install.exe". Without any word from our friend on what this file was supposed to install, it seemed spurious to me that we would be getting this. Finally, this email arrived cold turkey without any prior conversation. In other words, we weren't expecting an attachment from our friend.

Needless to say that despite the fact that all signs pointed to a virus, I still downloaded the file. Please keep in mind you should not handle known or suspected virus files. After downloading the file I submitted it to VirusTotal.com, a free scanning service that scans any file you submit against 41 major anti-virus products. My suspicions were correct - the file was infected.

Upon researching the email I found this forum post from a savvy user who figured out that his Gmail account had been hijacked (i.e. taken over by someone else) and similar email were sent from his account to everyone in his contact list.

Going back to the email my wife received, we looked at the how many other people had received the same email. Sure enough, the email addresses listed in the "TO" field read like a dictionary in alphabetical order. Even if our friend wanted to share this link with everyone on their contact list, they would likely have said something about it or shared their experience on Facebook.

So did our friend send us this email? Yes...and no. The email came from the account, but not from our friend specifically. This tells me that our friend was subject to the same Gmail hijacking scheme as the user in the post mentioned above. It also tells me that our friend likely used a weak password to protect their email as otherwise it would likely have not been hijacked.

From this simple example there are a number of lessons to be learned, beginning with the obvious...

1. DO NOT open unexpected attachments. Better yet, don't open any attachments. There are plenty of quality file sharing services (such as Rapid Share) to use if you need to receive a file.
2. DO NOT click on links in email you receive. Links can be disguised in innumerable ways to fool you into thinking you're clicking on something safe.
3. DO NOT open spam email... ever.
4. DO use strong passwords for all your email accounts. Simply recycling the same three passwords is not sufficient protection. Make sure your passwords are strong and above all, NOT in any dictionary - that includes foreign languages. The Gibson Research Corporation has a fantastic password generator.
5. For added security and safety, I encourage users to consider switching to browser-based email (i.e. using your browser to check your email instead of an email client like Microsoft Outlook or Windows Live Mail). While still open to browser based attacks, using a browser to check your email ensures that in the event your computer fails or becomes infected you avoid losing data because it's stored online.

Remember, security technologies are your last line of defense. The only way you can be sure of maintain a high level of security is by changing how you use the Internet.

Sven Thomas
Network Specialist
E-Z-TECH Computers Inc.