Notes from underground

يارب يسوع المسيح ابن اللّه الحيّ إرحمني أنا الخاطئ

Archive for the tag “malware”

The proliferation of unreadable e-mail

I’m getting more and more unreadable e-mails.

About a month ago I noted that WordPress’s response forms, which used to be a useful feature, are now unreadable and unusable.

More and more people seem to be sending e-mails with little more than long URLs that take up several lines of text, and make the actual message, if any, very hard to read, and have to be copied and pasted into a web browser because they haven’t bothered to enclose them in angle brackets. Don’t they know that Tiny URL is free? — please use it.

http://tinyurl.com/create.php

And then more and more people, especially church organisations and banks and the like, are sending HTML-only messages that are not only very hard to read, but also contain Lazy HTML, which prompts my mail reader to display the following warning:

What’s more, these messages are usually sent from a no-reply e-mail address, so you can’t even ask for clarification.

Whenever that warning pops up, I usually delete the message unread.

If they really wanted me to read the message, they would not have:

  1. Disguised it to make it look like spam or malware
  2. Deliberately made it hard to read
  3. Made it “no-reply” so you can’t ask for clarification

So if you are sending e-mails, please remember some courtesy rules:

  • No Lazy HTML
  • No HTML-only messages
  • No long URLS

To which I might add “No Comic Sans”, except that if you feel an irresistible compulsion to use HTML in e-mails, Comic Sans is a lot more readable than some of the squitty and faint fonts that some commercial firms feel compelled to use.

 

Thanks but no thanks

I thought I’d visit a blog of a blogger who visited my blog.

Found his blog had closed, and was redirected to another site.

First hoop.

Got this message:

You are accessing

roezer.com

This website is participating in a project to stop the spread of viruses and malware online. Often, people do not realize their computers are infected.

Your computer or network (196.25.255.246) is showing signs of infected behavior. You are being alerted so you can take action.

To resolve the problem:

  • Make sure your anti-virus, anti-malware, or computer security is up-to-date.

  • Run a full scan of your computer and remove any viruses, worms, trojans, or other infections found.

  • If your computer or network stops showing signs of infected behavior, this alert will no longer trigger.

Warning: JavaScript is not enabled in your browser!

In order to request temporary access to roezer.com, you must have JavaScript enabled in your browser!

Too many hoops, so I gave up.

There are two main reasons I disable Javascript. One is that it is sometimes exploited by sites that have viruses, malware, and other bad behaviour. The second is that some sites, especially news sites, have streaming video or whatever they call it that eats up bandwidth at a rapid rate.

Telkom recently upped the monthly bandwidth allowance to 9 Gigs, and for the last two months we have managed to reach the end of the month without having to buy more bandwidth, but I’m not taking any chances by enabling Javascript for all sites all the time.

Crime-fighting organisation using criminal methods?

There is a crime-fighting outfit called eBlockwatch which has a web site and sends out warnings of criminal activity in one’s neighbourhood.

It seems, on the surface, to be a good and public-spirited thing to do.

The only problem I have with it is that emails that come from them produce more warnings of fraudulent activity and threats to my computer than anything else. Even messages from obvious scammers and spammers don’t produce as many warnings.

So I ask myself why an ostensibly crime-fighting outfit would persist in using methods used by scammers and distributors of viruses and malware?

The latest message I got from them produced the following warning:

MailScanner has detected a possible fraud attempt from
“www.eblockwatch.co.za” claiming to be SAFindit.co.za

And every message from them causes the following message to pop up in my reader:

Message contains potentially dangerous “Lazy HTML” data

This message contains data that includes references to items that are not present on your computer — typically graphics or frames stored on a remote system on the Internet and accessed using HTTP URLs.

This type of message, called “Lazy HTML” can represent a privacy or security risk, for the following reasons:

* It can be used to gain information about you without your knowledge, including the fact that you read the message, when you read it, how often you read it, whether or not you forwarded it, your computer’s IP address and more.

*It can be used to download unauthorised programs to your computer. This is a common vector of attack for viruses and Trojan horses.

Pegasus Mail protects you *completely* from any problems associated with this kind of data, because it never downloads remote-linked items by default. A side-effect of this is that that remote-linked graphics in the message will display as grey boxes in the Pegasus Mail message reader.

I suppose I could always turn that warning off, but the warning is there for a purpose, and I still wonder why a supposed crime-fighting organisation persists in sending messages that trigger such a warning in the first place. It seems counter-productive, and makes one doubt their bona fides.

MailScanner has detected a possible fraud attempt from “www.eblockwatch.co.za” claiming to be SAFindit.co.za

Post Navigation