1. Most of
the worms that use e-mail to propagate use Microsoft Outlook or
Outlook Express to spread. If you need to use Outlook, download
and install the latest Outlook security patch from Microsoft.
In general, keep your operating system and applications up-to-date
and apply the latest patches when they become available. Be sure
to get the updates directly from the vendor.
2. When possible,
avoid attachments when sending and receiving e-mail.
Windows to always show file extensions. In Windows 2000, this
is done through Explorer via the Tools menu: Tools/Folder Options/View
-- and uncheck "Hide file extensions for known file types."
This makes it more difficult to for a harmful file (such as an
EXE or VBS) to masquerade as a harmless file (such as TXT or JPG).
Never open e-mail attachments with the file extensions VBS, SHS
or PIF. These extensions are almost never used in normal attachments
but are frequently used by viruses and worms. And
never open attachments with double file extensions such as NAME.BMP.EXE
5. Do not
share your folders with other users unless necessary. If you do,
make sure you do not share your full drive or your Windows directory.
your network or modem cable when you're not using your computer
-- or just power it down.
7. If you
feel that an e-mail you got from a friend is somehow strange --
if it is in a foreign language or says odd things, double-check
with the friend before opening any attachments.
8. When you
receive e-mail advertisements or other unsolicited e-mail, do
not open attachments or follow Web links quoted in them. Never
accept attachments from strangers in online chat systems such
as IRC, ICQ or AOL Instant Messenger.
9. Avoid attachments
with sexual filenames. E-mail worms often use attachments with
names like PORNO.EXE or PAMELA_NUDE.VBS to lure users into executing
10. Do not
trust the icons of attachment files. Worms often send executable
files that have an icon resembling icons of picture, text or archive
files to fool the user.
more information, see these Web sites from the Computer Emergency
Response Team Coordination Center at Carnegie Mellon University
Computer User Guide
to Deal With E-mail Attachments
to Prevent Intruders in Home Computers
for Network Administrators
about a free downloadable
method for system
administrators/organizations to use to evaluate their risks.