Trojan Horse Email and How to Avoid It

May 4, 2009

Yesterday Onsite Computer Services in New Orleans received an inquiry about Trojan horse email. Virtually everyone who receives email, probably receives a Trojan or two. Trojan horse email offers the promise of something you might be interested in and generally for free—an attachment containing a joke, a picture, or a security patch for a software vulnerability. When opened, however, the attachment may do any or all of the following:
Create a security vulnerability on your computer.

Open a secret “backdoor” to allow an attacker future illicit access to your computer.

Install software that logs your keystrokes and sends the logs to an attacker, allowing the attacker to ferret out your passwords and other important information.

Install software that monitors your online transactions and activities.

Provide an attacker access to your files.

Turn your computer into a “bot” an attacker can use to send spam, launch denial-of-service attacks, or spread the virus to other computers.

What to Look For
Trojan horse emails have come in a variety of packages over the years. One of the most notorious was the Love Bug” virus, attached to an email with the subject line “I Love You” and which asked the recipient to view the attached “love letter.” Other Trojan horse emails have included the following:
Email posing as virtual postcard.

Email masquerading as security bulletin from a software vendor requesting the recipient apply an attached “patch”.

Email with the subject line “funny” encouraging the recipient to view the attached “joke.”
Email claiming to be from an antivirus vendor encouraging the recipient to install the attached “virus sweeper” free of charge.

What You Can Do to Avoid Becoming a Victim

Filter Spam
Because most email scams begin with unsolicited commercial email, you should take measures to prevent spam from getting into your mailbox. Most email applications and web mail services include spam-filtering features, or ways in which you can configure your email applications to filter spam. Consult the help file for your email application or service to find out what you must do to filter spam.
You may not be able to eliminate all spam, but filtering will keep a great deal of it from reaching your mailbox. You should be aware that spammers monitor spam filtering tools and software and take measures to elude them. For instance, spammers may use subtle spelling mistakes to subvert spam filters, changing “Potency Pills” to “Potençy Pills.”

Regard Unsolicited Email with Suspicion
Don’t automatically trust any email sent to you by an unknown individual or organization. Never open an attachment to unsolicited email. Most importantly, never click on a link sent to you in an email. Cleverly crafted links can take you to forged web sites set up to trick you into divulging private information or downloading viruses, spyware, and other malicious software.
Spammers may also use a technique in which they send unique links in each individual spam email. Victim 1 may receive an email with the link , and victim 2 may receive the same spam email with the link . By watching which links are requested on their web servers, spammers can figure out which email addresses are valid and more precisely target victims for repeat spam attempts.
Remember that even email sent from a familiar address may create problems: Many viruses spread themselves by scanning the victim computer for email addresses and sending themselves to these addresses in the guise of an email from the owner of the infected computer.

Treat Email Attachments with Caution
Email attachments are commonly used by online scammers to sneak a virus onto your computer. These viruses can help the scammer steal important information from your computer, compromise your computer so that it is open to further attack and abuse, and convert your computer into a ‘bot’ for use in denial-of-service attacks and other online crimes. familiar “from” address is no guarantee of safety because some viruses spread by first searching for all email addresses on an infected computer and then sending itself to these addresses. It could be your friend’s computer is infected with just such a virus.

Use Common Sense
When email arrives in your mailbox promising you big money for little effort, accusing you of violating the Patriot Act, or inviting you to join a plot to grab unclaimed funds involving persons you don’t know in a country on the other side of the world, take a moment to consider the likelihood that the email is legitimate.

Install Antivirus Software and Keep it Up to Date
If you haven’t done so by now, you should install antivirus software on your computer. If possible, you should install an antivirus program that has an automatic update feature. This will help ensure you always have the most up-to-date protection possible against viruses. In addition, you should make sure the antivirus software you choose includes an email scanning feature. This will help keep your computer free of email-born viruses.

Install a Personal Firewall and Keep it Up to Date
A firewall will not prevent scam email from making its way into your mailbox. However, it may help protect you should you inadvertently open a virus-bearing attachment or otherwise introduce malware to your computer by following the instructions in the email. The firewall, among other things, will help prevent outbound traffic from your computer to the attacker. When your personal firewall detects suspicious outbound communications from your computer, it could be a sign you have inadvertently installed malicious programs on your computer.

Learn the Email Policies of Business Organizations Like the IRS
Most organizations doing business online now have clear policies about how they communicate with their customers in email. Many, for instance, will not ask you to provide account or personal information via email. Understanding the policies of the organizations you do business with can help you spot and avoid phishing and other scams. Do note, however, that it’s never a good idea to send sensitive information via unencrypted email. The IRS NEVER sends info via email.

Configure Your Email Client for Security
There are a number of ways you can configure your email client to make you less susceptible to email scams. For instance, configuring your email program to view email as “text only” will help protect you from scams that misuse HTML in email.

Generally, Onsite advises if unsolicited email attachments are free … hit the DELETE key. If you have any further questions, kindly email Onsite Computer Services in New Orleans for all of your Microsoft business security questions.

If you’re searching for New Orleans computer service or repair of your Microsoft based system or network, then call the Microsoft specialists at 504-469-6991. Onsite Computer Services, Inc. in New Orleans

You may also be interested in Onsite Computer’s Blog.

This New Orleans On-Site Computer Service post was provided by Eli Lucas. Eli can be reached at eli@onsitenola.com. Onsite Computer serves the Microsoft computing needs of small businesses throughout the Greater New Orleans area including Uptown, Lakeview, Broadmoor, Mid-City, Metairie, Jefferson, Kenner, Westbank, French Quarter, and the Warehouse District. Please visit our website for New Orleans Computer Service.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: