Anyone who has spent any time on the net or has an email account has had to deal with evildoers. Viruses, worms, spam and hacks are an unfortunate aspect of the Internet, and an entire industry has evolved to meet the challenges of protecting our online experience.

The point of this editorial is to illustrate potential threats and to suggest ways to protect yourself and your computer. Anyone who connects to the Internet is exposed.

Here are a few examples of what can happen.

A couple of years ago, I began receiving several email messages a day from a former member. Each of these messages contained large file attachments. I’ve grown accustomed to spam and annoyingly large file attachments, and I know how to effectively deal with them (more about this later). However, the file attachments I received from this former member turned out to be accounting databases, client lists, and cash-flow spreadsheets. Certainly not the sort of information most people would want broadcast on the net.

After receiving several additional messages and attachments, I sent him an email, indicating that a problem existed at his end. He did not reply. A day or two later (and after receiving several more messages/attachments), I called him. As it turned out, he was a realtor in Alabama, and was unaware (shocked, horrified) that his private information was being broadcast to the Internet. His computer (which had an “always on” high-speed connection) had been infected with a virus that had accessed his MS Outlook address book, and then sent copies of all files in one particular directory to everyone on his address list.

Most viruses circulating on the net are not quite so pernicious. Most simply affect some operational aspect of the infected computer to one degree or another. Others, are ad driven, directing the PC user to web sites or products. Commandeering one’s Internet browser is a related class of bugs.

The most sinister of all are those hacks who deliberately target a specific web site or email address to do harm. Microsoft, eBay, google, yahoo, and many other well-known online sites have all had to deal with attacks, even including The Diesel Page.

In August 2003, our BB forum server was hit with a highly destructive worm that devastated forum topic threads and member registration files. All of these files have file names with a numeric prefix. The worm randomly chomped its way through the various server directories deleting tens of thousands of files in a single night. The program files required to make the BB forum operate (the BB forum “engine”, as it were) were left untouched. This was a worm designed for a single purpose, to destroy a bulletin board forum. It came awfully close. This was a deliberate act.

The attacks continued throughout the fall of 2003 and periodically through 2004, but they employed a new strategy. The new server and ISP (we had begun operating the BB from in early September of 2003) had sufficient resources to protect against a repeat of the August worm attack. The new approach taken by the evildoer was to employ what is know as a “DOS” attack (acronym for “Denial Of Service”), where a server is overwhelmed with traffic to a point of shut-down. This was effectively dealt with as well.

In October 2003, I began receiving bogus email messages that managed to get by the spam blocker I use. My spam blocker traps lots messages, but the ones that managed to get through listed my email address as the sender…. Hmmm… I obviously didn’t send them, which meant someone else had placed my email address in the sender field to send spam. These extremely unique and nonsensical spam messages (they contained no working links or contact information within the message) were simultaneously sent to an unknown number of email addresses that were somehow related to The Diesel Page (members, advertisers and BB participants, i.e. anyone who posted their email address in our bulletin board). We determined this spam barrage was yet another deliberate attack targeting The Diesel Page and its members. I dug deeper. The IP address used by the actual sender originated at a Comcast Internet Service Provider in Cherry Hill, NJ.

Back in the mid-90’s, I began using a Windows based ASCII email program for all my email correspondence. Even after years of use, that computer had never been infected with a computer virus. However, that changed within a few hours after upgrading my ASCII email program with a newer version that displayed in HTML and automatically opened attachments. After wiping the hard drive, and restoring Windows, I reinstalled the original ASCII email program. I’m still using that same email program today.

MS Outlook is a popular email interface that is bundled with all versions of MS Windows. Its popularity has made Outlook and Microsoft a target. A number of viruses have been created and distributed expressly to take advantage of MS Outlook’s popularity. Many viruses created for MS Outlook access the address book, then send copies of itself to everyone on that list. Aside from simply replicating itself, the virus can be programmed to do all sorts of things, such as interfere with the Windows operating system or even participate in a group effort where hundreds or thousands of similarly infected computers coordinate an attack. A recent article in the Wall Street Journal concerning hackers illustrates this capability. Microsoft was attacked using this method about a year ago, where thousands of computers world-wide simultaneously attempted to download a large file(s) from MS’s server. I would recommend you install a third-party email program, and not utilize the built-in email address book (I use a separate database).

At a minimum, everyone on the net should be using a firewall and virus protection. Zone Alarm offers a range of PC protection, including firewalls, spyware/adware detection, and a choice of security packages. Their products range from free to very reasonable.

Firewalls protect your computer from destructive code downloaded from web sites, and from a class of virus programs that may already reside on your computer - that may be accessing the net (without your knowledge). In today’s e-environment, it’s foolish not to have a PC firewall. Once a firewall is first installed, you’ll likely be shocked at how prevalent these problems are.

If you have any questions, input or related advice, please feel free to post that information in this thread.

MP

[ 12-29-2004, 01:47 PM: Message edited by: More Power ]