02-12-06

The past few years have seen an incredible increase in the spread of malware by email. Most of these threats are Trojans or Worms. Despite many warnings, many of us still fall victim to this problem and wind up with big problems in our computers. I’m not trying to say we are not intelligent, or ignore the warnings. The problem is that the malware writers have become increasingly clever when it comes to delivering their payloads. Many of the files sent have hidden extensions, and many computer users don’t understand file extension names anyway. This is what the malware writer is counting on.

Personally, I believe this trend will continue for the foreseeable future, and the number of attacks bundled this way will continue to increase. I also do not believe that trying to educate every computer on how to recognize and understand file extension names and types is a practical approach either.

Many computer users don’t even know their computer has been compromised. All they notice is that is seems to be running a bit slower than they remember as compared to when it was new. The usual reason is a Trojan, Worm, or combination of the two has found its way in, and the machine is being remotely controlled in the background, and being used for various nefarious reasons for monetary gain.

Keep in mind that I am not just talking only about Spam messages and spoofed email here. I am also talking about email messages that have come from somebody you know, and that person is probably on your email address list as well. Many Trojans and Worms have been written that have the capability of copying email addresses in your address book and sending them back to the malware writer. Then, this same malware writer can easily send you an email from someone already on your email or email safe list. You open the email, and the payload is delivered, often without you opening an attachment, and without your knowledge.

There are a few programs available to help protect you from these problems, and that is the subject of this paper. I will tell you about these programs that are often hard to find. Most of the solutions available to the non-corporate end user are included in a security suite from a major Anti-Virus vendor, but there are others available, some that do an even better job, and don’t require your purchase of an expensive all-in-one suite.

I feel there are two approaches to dealing with this problem for all email users. An expensive email-filtering program is out of the question, and most are designed for corporate use with literally hundreds of email addresses anyway.

The first approach involves using an email monitoring program that allows you to look at the email headers &/or attachments while they are still on the email server from your IP. This way, you can see what is in your inbox without having to download anything. You can select what you want to receive and read and simply delete the rest right from the server so they don’t get to you. It is also a great way to get rid of spam. There are many of these programs available. I have listed some of them below that I feel work well, are very easy to use, and are available either free, or at very low cost. One caution here – be sure you pick one that works with both your mail server (be sure you know what email type you have [pop3 etc] from your IP) and your operating system (not all will work with Windows XP.

<>Email programs-

Mail Washer
http://www.mailwasher.net/

pro version (recommended) from:

http://www.mailwasher.net/

Pop3 accounts only:
jetMail Monitor v 6.0

http://www.jetaudio.com/products/jetmailmonitor/index.html

Work with all Microsoft OS:
Letterbox v 4.3.4

http://www.ultima-thule.co.uk/

Magic Mail Monitor 3

http://sourceforge.net/project/showfiles.php?group_id=69252

Mail Washer

http://www.pcworld.com/downloads/file_description/0,fid,20000,00.asp

The second approach I recommend using is the same I have used personally for the last 5 years and can assure you it has never let me down. First, you need an email client program. Microsoft has both Outlook, and if you have Office, Outlook Express is available as well. I don’t use a PDA, so synchronization is not an issue for me, and I personally don’t use either one.

My personal preference is Thunderbird from Mozilla because it is very fast, very secure, and contains a built in news reader as well for all my RSS and XML feeds. The program is open-source, so the program is free. The program allows you to look at everything first in header form without having to do anything more. Messages can be viewed as headers only, and the program has a learning feature to help weed out spam and junk mail. Messages suspected to be either have an icon of a trashcan icon, indicating Thunderbird thinks it is junk mail. You can delete them right from the header window without having to open them.

The second program in my personal approach to email problems involves using a program named Email Sentinel Pro. The program looks at all incoming email at the packet level to determine content. I have the program set to convert all incoming email to plain text. I also have it set to process all attachments. There is also a security setting in the program that I use to prevent opening of email or attachments with certain file type extensions. You have to tell the program which file extension types to prevent by typing them in under the security window. My personal list of file extension types to prevent is:

.ani
.b64
.bat
.bhx
.bmp
.cmd
.com
.cur
.dll
.doc
.exe
.gif
.hgx
.hlp
.ico
.jpeg
.mim
.mime
.ocx
.pif
.scr
.uu
.uue
.vbs
.wav
.xxe
.zip

If you would like to use my personal approach to email, Thunderbird (current version is v 1.5) is available from Mozilla.org at the following address:

http://www.mozilla.com/thunderbird/

Email Sentinel Pro is available in the earlier version v 2.5 for free at:

http://www.gold-software.com/download2442.html

If you like my approach with these two programs as a combination, I strongly advise you upgrade Email Sentinel Pro to the latest paid version v 2.7 as soon as possible. The newer version only costs $14.95 (shareware) and operates better, faster, and has more features. The latest version of Email Sentinel Pro is available here:

http://www.freedownloadscenter.com/Email_Tools/Anti-SPAM_Tools/Email_Sentinel_Pro.html

If you need help setting up the security features of the program, just open it by double clicking the icon in the tool tray at the bottom of your screen. Then click on the + sign in the left pane to expand security, and click on ‘Incoming Emails’. Next, click on the circle to ‘Convert all emails to harmless plain text’. This prevents anything from happening because unlike a word processor document (.doc), no file or code can be executed from within plain text. Then, left click on ‘Attachments’ in the left pane. You want to check both boxes to ‘Prevent receiving emails having the following extensions’ and ‘Allow Email Sentinel Proto process messages attached to incoming emails’. Now, left click the ‘New’ button, and begin typing in the file extension type list from above. Hit ‘Enter” after typing in each entry, followed by clicking ‘New’ again for each entry you want to add. Yes, I’m afraid you have to type them in because the program will not allow copy and paste. When you are done with the list, click ‘OK’ to save your settings.

One other thing I would like to cover is why I chose this approach over using the built in programs available from Microsoft. After all, they are already on my system for free, right? I chose my approach above because these programs are not connected to my operating system in any way, and have no direct access to it. I feel this is a far safer approach to use. By the way, I also use AVG Pro as my anti-virus program of choice, so all incoming and outgoing email is also scanned.

Before leaving the subject of email, I want to mention one other neat little program that helps clean things up. Have you ever received an email where all the lines are proceeded by those annoying angle brackets? Worse yet, if you forward the email, it also contains all those annoying brackets? There is an easy way to clean all this up without spending a lot of time deleting them from each and every line. Try this little free program called ECleaner v 2.02 available from:

http://www.pcworld.com/downloads/file_download.asp?fid=6492&fileidx=1

Although no longer supported by the vendor, the program still works, and hey, it’s free!

I hope this information helps keep you safe from email threats in the future. Stay safe, and enjoy your email.

Regards,

Dave

[Top]

Use the above information at your own risk.  See "Terms of use"