Beware of Bogus Hot Links in E-mail

by Judy Silberstein

(November 9, 2004) Alert: There’s a new virus on the loose this week. The virus is considered more dangerous than others because you don’t have to download any files or open any attachments to get infected. All it takes is a click on a malicious text link.

Beware of e-mail directing you to click on a hot link with the following message:

Don’t look now, but your computer could be a spam zombie. Find out how!

Another suspect message purports to come from PayPal and reads: "Congratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is A866DEC0, and your item will be shipped within three business days. To see details please click this link."

Other links have sex appeal and claim they’ll lead you to photos from an adult webcam.

Clicking on these links takes you to an infected machine, which then spreads the virus to your own PC. The virus makes use of any addresses it finds on your local files and then sends new e-mails which appear to be from these locations.

Symantec, that produces the popular Norton AntiVirus software, reports that some of the new messages contain the following text:

"Hi! I am looking for new friends."

"My name is Jane, I am from Miami, FL."

"See my homepage with my weblog and last webcam photos!"

It’s unclear what damage the new worm inflicts, other than slowing the Internet and clogging your email box. However, there is concern that techniques employed in this attack could be exploited for a more harmful infection in the next round.

The Internet is abuzz with word of the fast-spreading bug that targets a vulnerability in Microsoft’s Internet Explorer discovered only five days ago. Computers running the new Windows XP Service Pack 2 set of patches are less likely to be impacted, but Microsoft is outraged at the way its vulnerability was announced to the world before the company could plug the leak.

Experts are debating whether the new threat is a variant of an earlier destructive worm labeled “Mydoom”, or whether it’s a novel and even more malicious phenomenon. ZDNet labels it a “Swiss Army” worm that combines multiple attack techniques including spamming, social engineering, virus infection and Trojans.

This latest threat offers new motivation for Internet Explorer users to install Microsoft’s SP2, that includes a host of patches to problems with the popular browswer, and to be sure you’re up-to-date with your virus protection. You might even want to switch to one of the other browsers, such as Mozilla or Opera, which are not targeted by the worm.

In any case, every new worm or virus provides new incentive to follow safe e-mail practices.

• As always, if a message looks suspicious, better to delete and destroy.
  
  
• Avoid initiating or spreading “chain mail” that asks to send a message to everyone in your address book.
  
  
• Avoid the “forward” function. If you believe there’s a serious message that merits wide distribution, cut and paste the content into a new form before sending on.
  
  
• When sending to a list, use the “bcc” or blind carbon copy function so you’re not revealing addresses to everyone who receives the message in the first or subsequent rounds.
  

Questions on technology, the Internet, computers? Email us.