Alot of word has been going round about how certian virii (or viruses) use your own outlook address book against you - but I hear you cry that you can't do without it........I know I can't!

I used to be a die hard no outlook fan but now i use it for work i can't do without it. So how d you stop malicode progs from misusing it and making everyone in your dressbook think your trying to send them the latest nasty virus doing the rounds

well the first and most simple way is dont get infected - no there are 101 different posts on the best AVP etc hee on AO so I aint going to go through that - also there are alot of posts about common sense (which aint common at all) and how you should only open attachments you ahve requested.

So lets forget about those types of things and pretend you have been affected how do you stop the virus using your email list to its own spread...........first thing you could do is not have a address book on your machine!!!!

Buit i need my addy book i hear you scream! So add people to Hotmail - an online safe addy book you can check form anywhere problem solved


but what if you dont want to o on hotmail? then store your email addys not in outlook ut in a txt file but change the extension to a non normal one

most virii only scan for certain file types for email addys (html etc) so save it as myemail.kuoij or something


next thing is to stop web bugs - if you dont know what one is then google - simply though it is a way of spammers checking if email is actibve

just set your Email client to fwd anything not from a name on your client list to another account and open email there - that way if it does have a webbug it will find the bug but not your real email addy :)

v_Ln

so you can check is this email a fake with webbug or do i add it to my addy book?

next thing is I'm driunk good night will write more in morning...........

lol... hope you sober up tomorrow and fix that "tutorial" :D

Neg, Maybe in the new FAQ you should add "do not attempt to write a tutorial while under the influence of alcohol" :D

do not attempt to post anywhere but in the addicts forum while under the influence..

an other option might be to store the emails in an encrypted file..

If anyone was interested in a short tutorial on spyware, ad-ware and webbugs, check out this page: http://www.granite.mb.ca/newsletter/takecontrol2.html It seems pretty good and gives links to some removal tools.

Regards,
Xierox

omg i swear that wasn't me - well i dont remember it.........Neg or someone move this outta the Tutorial forum into GCC or something for comical value - I'll rewrite it tonight when sober :)

v_Ln

Yeah, comical value is right :D Thanks val for taking the "cake" away from me :D

Hmm...I blame it on Canada. ;)

So hey, idea -- Is there anyway to rig Outlook up so that it's address book exists on removable media? That way you could just keep it removed except for when you're using it. I dunno, thought just popped in there...No clue if that's actually doable.

you can import/export the address book so yeah that would be an option but yoiu would mean having to do that every time :)

v_Ln

Val:

That actually depends. Since you apparently forgot to mention whether you are talking about Outlook or Outlook Express in your tutorial ;) you didn't note that they work in slightly different ways.

Outlook Express keeps the address book location in a registry key that can be changed if you are careful - but it's often a pain and you stand to lose it all, (theres a KB article out there on M$'s site if you are interested).

Outlook keeps the same information in he PST file which, unless there is a restriction I am unaware of, would allow you to place the .pst file on a removable drive. That would allow you to easily defeat a virus harvesting from the address book.

Of course most of the more modern viruses don't just harvest from the address book but also look through cached web pages and other places, (I don't recall the file extensions but a quick look at any modern virus write-up on Symantec's site will show them), so it will still function perfectly well.

The best way to prevent a virus propagating through email is to use a firewall that denies access to all outbound port 25 attempts except to the IP of the service provider. Even then the emails to people within your own ISP will go through. In a corporate environment you can disallow all port 25 outbound except from your mail servers themselves. That stops virus propogation dead in it's tracks since no virus I have come across in the last 2-3 years has used the default mail server as it's "way out" because they all carry their own SMTP engine.

Best yet, get a firewall that can strip all executables from SMTP traffic.... Bingo.... No virus, even unknown, can enter..... That's what I do at work.... love it.... Yeah, I know, It might not be feasible for a home user but it works for me.....

What about alternate programs such as Thunderbird (what I use)? Will a virus that spreads through an Outlook address book also spread through Thunderbird's?

Angelic:

Once you are silly enough to execute the virus itself it may not get your address book but it will harvest from the other locations. So, yeah, it will work perfectly well.... It just won't get your best buddies.....

Fortunately not even I'm that silly. ;)

Other locations...You're referring to .txt files that the virus looks for containing addresses, right?

Angelic:

Netsky.D scans the following file extensions:-

.dhtm
.cgi
.shtm
.msg
.oft
.sht
.dbx
.tbb
.adb
.doc
.wab
.asp
.uin
.rtf
.vbs
.html
.htm
.pl
.php
.txt
.eml

Per Symantec (http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html)

So, on a Win32 system, regardless of the mail client's address book, it's going to activate on one or all of these files..... One way or another you are infected.... and you will propagate.... Unless you can stop "arbitrary" port 25 egress.

Tiger : You can also set up rules in Outlook for those peoople who do not hav a firewall capable of stripping atachments so that all emails with attachments on them are deleted/moved or whatever upon arrival before they can be viewed

v_Ln