SitemapBack to home pageLTSearch


Home  Home   Home   SN CERT   Home   Recomendations

Unsolisited e-mails

Basic Rules for Dealing with Spam


  1. Do not respond to spam. Any kind of response, whether you intend to unsubscribe or complain, informs the sender that the address is valid and a real person is reading the email.
  2. Do not click "unsubscribe me" at the bottom of most spam. All this does is confirm your address with the spam source. Once they know your address is valid, your volume of spam increases.
  3. Do not buy anything offered via spam. Doing so simply supports the spam industry, and an increasing percentage of spam is fraudulent. If you're really interested in the product that you see, try buying it from a related web site, but don't click on any links in the email.
  4. Filter incoming email. Black listing and white listing are two types of filtering.The most common is a black list, which blocks incoming mail that matches a list of emails that you specify as spam. Some black list programs like MailWasher also have a "friend" list where you can specify addresses that should never be blocked, even by the black list.A white list blocks ALL incoming email, unless you've specifically listed the email address in your white list (kind of like the friend list mentioned above). White lists are riskier to use, as you will likely end up blocking an important email from a source you didn't think of, but they do a more thorough job of nabbing spam.
  5. Use the delete key. Simply delete that pesky email.

What can Spam viruses do?


  • Slow down email.Viruses that spread by email, such as Sobig, can generate so much email traffic that servers slow down or crash. Even if this doesn't happen, companies may react to the risk by shutting down servers anyway.
  • Steal confidential data. The Bugbear-D worm records the user's keystrokes, including passwords, and gives the virus writer access to them.
  • Use your computer to attack websites. MyDoom used infected computers to flood the SCO software company's website with data, making the site unusable (a denial of service attack).
  • Let other users hijack your computer. Some viruses place “backdoor Trojans” on the computer, allowing the virus writer to connect to your computer and use it for their own purposes.
  • Corrupt data. The Compatable virus makes changes to the data in Excel spreadsheets.
  • Delete data. The Sircam worm may attempt to delete or overwrite the hard disk on a certain day.
  • Disable hardware. CIH, also known as Chernobyl, attempts to overwrite the BIOS chip on April 26, making the computer unusable.
  • Play pranks. The Netsky-D worm made computers beep sporadically for several hours one morning.
  • Display messages. Cone-F displays a political message if the month is May.
  • Damage your credibility. If a virus forwards itself from your computer to your customers and business partners, they may refuse to do business with you, or demand compensation.
  • Cause you embarrassment.For example, PolyPost places your documents and your name on sexrelated newsgroups.
Website defacement


Open resolvers: A resolver is a name server that processes DNS queries for client hosts and applications. Criminals or hacktivists use open resolvers to facilitate distributed denial-of-service (DDoS) attacks or to resolve names for their botnet-facilitated criminal acts. Open resolvers are also cache poisoning targets. Best practices and resources for eliminating this threat exist. Test your resolver today.


An open resolver is a DNS server which will allow a recursive query of a arbitrary domain from any IP address. An open resolver can be used in a reflectionDDoS. Only Subnets controlled by the organisation should be allowed to conduct recursive queries on a DNS server.


More info about openresolver you can find here:


Protection against Bots

To understand botnets, we first need to know more about 'bots'. The term 'bot' or 'robot' program refers to a program that: 

  •  Performs repetitive tasks OR 
  •  Acts as an 'agent' or user interface for controlling other programs 

Bots can be very beneficial programs when they are designed to assist a human user, either by automating a simple task, or by simplifying a user's control over various programs or systems. 
Unfortunately, bots can also be created to perform malicious tasks that compromise the system or any information stored on the machine. The 'bot' in botnets definitely refers to the second type, as these bots are used by an attacker to 'hijack' and control a computer system. 
These malicious bots can arrive on a victim machine in many ways. The most common method involves dropping the bot in the payload of a Trojan or a similar malware. Other methods include infecting the computer via a drive-by download, or distributing the bot via spam e-mail messages with infected attachments. 
Once installed, the bot can take control of the sytem. A remote attacker can then give commands to the infected computer via the bot and force it to perform malicious actions. In this context, a bot is very similar to a backdoor program, which is also forcibly planted on a computer and used by a remote attacker to direct the infected machine. 
When more than one computer has the same bot installed on it, the multiple infected machines form a network, which is under the direct control of the attacker. This network is a botnet – a network of 'enslaved' computer systems infected with malicious bot programs. A single machine in a botnet can be referred to as a 'bot', a 'zombie' or a 'zombie computer'.


Protect Against Bots

To safeguard against malicious bots, security experts at Symantec offer the following advice:

  1. Install top-rated security software (such as Norton 360) and Norton Internet Security.
  2. Configure your software's settings to update automatically.
  3. Increase the security settings on your browser.
  4. Limit your user rights when online.
  5. Never click on attachments unless you can verify the source.
  6. Ensure that your system is patched with the most current Microsoft Windows Update.
  7. Set your computer’s security settings to update automatically, to
    ensure you always have the most current system patches.