CubaGenWeb logo

Choose Language /
Escoja el Idioma

British flagSpanish flag


IP Addresses

Direct Attacks

"Phishing" Scam

Hijacked web sites




Viruses and Trojan Horses


ChoiceMail One
ChoiceMail One

Norton's Internet Security

Kaspersky Internet Security

Prevx Cloud Security
(use in addition to Norton's or Kaspersky)

Get Firefox
Mozilla Firefox




Protect your Computer


The Internet has become a war zone. You should take immediate steps to actively protect your computer and your property. Installing anti-virus software on your computer is a necessary first step but is by no means sufficient. To be safe, you must implement a multi-layer defense strategy. The table and discussion that follows lists the main current threats to your computer and what you can do to protect yourself against them.


dingSummary of the major current threats

Method of Attack
Your Defense
direct attack take over your computer, steal passwords and credit card numbers, use your computer to attack others. scan for open ports

use a firewall

use a router (if broadband connection)

"phishing" scam steal your financial account information, steal your money "important" e-mail message that looks like it came from your financial institution asking to verify account

never reply

use e-mail filter

block e-mail images

hijacked web sites take over your computer, steal passwords and credit card numbers, use your computer to attack others. altered web image advertisements

install Service Pack2 for Windows XP

use browser other than Internet Explorer

"web bots" verify validity of your e-mail account invisible image embedded in otherwise "normal" e-mail block e-mail images
"spy ware"

log web sites you visit and video and music files you download and report back demographics and/or personal information

log credit card numbers and passwords and report back to steal your money.

software stealthily installed when you download music or photos, visit some web sites, play multimedia or install software downloaded from the web use anti-spy software and periodically scan computer
e-mail "spam" get you to reply or to visit web site, get you to buy something or follow up with requests for credit card number or other financial or personal information. verify validity of your e-mail account. steal your money. "attractive" e-mail offer, usually pornography, sexual enhancement drugs, low price software, low interest mortgage loans, etc.

never reply

use e-mail filter

block e-mail images

viruses and "trojan horses" infect your computer, erase your software and data, take over your computer and use it to attack others, steal passwords and credit card numbers, steal addresses from your e-mail address book. replicate itself and infect others by sending messages that appear to come from you. infected e-mail attachment

never click on e-mail attachments

use anti-virus software and periodically scan computer


dingWhat are IP addresses?

This introduction we hope will help you better understand the threats and defense discussions that follow.

Every computer on the Internet is assigned what is called an IP ("Internet Protocol") number. This number is the unique "address" of your computer in the global Internet. Almost all server computers, including those that host web sites, are assigned "permanent" IP addresses. When you surf to a particular URL, such as, special computers called "name servers" translate this alphabetic URL to the "real" numeric IP address of the main server (in this example, the corresponding IP address is

Most client computers, such as your home computer, are assigned, usually by your Internet Service Provider (ISP), "temporary" IP addresses. The ISP is normally pre-assigned one or more "blocks" of these addresses from which they assign a temporary IP address to each of their customers as they log in to use until they log off. In case of a broadband connection, the IP address may be assigned for a limited period of time or until activity stops at night. Some ISPs, usually for an extra charge, offer a "fixed" IP address to some of their broadband and business customers.


dingDirect attack

Every computer has, as part of its software and microprocessor architecture, thousands of numbered access "ports" which are used by various services such as web surfing, e-mail, etc. and also by internal communication between software components. The danger here occurs when some of these ports are inadverdently left "open" to the Internet. Think of this as leaving the rear door to your house unlocked in a high crime area.

Intruders ("crackers") run software on computers which sequentially interrogate all IP addresses in a block to see if a computer is using a given address. They do this by a process called "pinging", which is to send a special probe message called a "ping" to the address and see if the address responds, which is the normal behavior. Once they find one such computer, they then run another software called "port scan" in an attempt to identify what ports if any are open to the Internet on the subject computer. Note that this "cracking" process is entirely automated and they can interrogate may thousands of IP addressess per hour.

Once they find an open port, the cracker will attempt to introduce a small software program through this port (sometimes called a "trojan horse") and run it on the subject computer. This malicious software installs itself on the subject computer, running in the background under a false name so the owner is not aware of its existence.

Depending on the cracker's objective, this software may, for example, log all the keystrokes on your keyboard and periodically report back to the cracker any credit card numbers and passwords that you may have typed, or may just keep the cracker aware of your current IP address so that he can make your computer, unbeknownst to you, take part in concentrated attacks on a target site (such as was recently done to the and computer sites).


Check your vulnerability by making use of Steve Gibson's "Shields Up" free test utility. Go to and follow the links for "Shields Up".

If you are on a broadband connection, connected to the Internet at all times, you are particularly vulnerable. We highly recommend the use of a hardware router between you and the Internet. A router translates the IP address assigned by your ISP into one or more IP addresses which are only valid within your local network and are not visible from the Internet.

Look in your router manual and make sure you enable "Block WAN Request" (on Linksys routers) or whatever it is called in your unit. This will prevent your router from responding to any "ping" requests and effectively make the router and all the computers in your home network invisible to probes from the Internet.

If you get a wireless router or access point, be aware that you can also be attacked through the wireless port. Be sure to enable encryption on our wireless links (must be done at both ends of the each wireless link) and also enable the MAC filter function to only allow your own computers to connect wirelessly to the router or access point. Refer to your router or access point manual for more details.

If you are on a dialup connection you are still vulnerable. A recent survey done by PC Magazine reveals that the average time between connecting to the Internet and getting a port probe scanning for vulnerabilities is now only about 20 seconds.

In either case, broadband or dial-up, you should install a software firewall. Windows XP Service Pack 2 now has a firewall enabled by default, but we have read reports that this built-in firewall still leaves open certain ports for "enhanced functionality". We recommend Zone Alarm Pro which is the only firewall we are aware of that blocks unauthorized packets in both directions, from your computer to the Internet as well as the reverse.


ding"Phishing" scam

Read the FTC Consumer Alert

Read how to recognize a "phishing" e-mail message and where to report it at the Anti-Phishing Working Group.

This is cited as an example of what is now called "Social Engineering", using what looks like important "offical" communications from you bank or financial institution to deceive you into revealing private information such as account numbers, passwords, social security numbers, etc.

In its most current form you receive an official looking e-mail from your bank, financial institution or other organization in which you have an account, such as Pay Pal, e-Bay, department stores or manufacturers, telling you that there is a serious problem with your account and you must immediately verify you account information in order to re-establish access to your account. The message often tries to scare you by threatening that if you don't respond immediately your account will be cut off.

NEVER NEVER NEVER click anywhere on this page (the entire page is a trap)!

The way the scam works, when you click on this page, it takes you to a fake web site (usually outside the US) which is a replica of the real web site of the financial institution (the scam e-mail typically disguises the true destination by using numeric IP addresses or one that is made to look legitimate by including the institution's name in the first part of the address). When you log onto this fake page, using your real account number and password, you have just given the thieves what they need to access your real account and steal all your money.


NEVER NEVER NEVER click anywhere on the e-mail!

If you got deceived by this scam contact your financial institution IMMEDIATELY and have them block access to your account.

If you are in doubt about the status of your account, call the Customer Service telephone number of your financial institution, or go DIRECTLY to their real web site (use your bookmarks, NEVER use any links in the scam e-mail!)

Fight back by forwarding the received e-mail, including all the routing headers, to the FTC phishing scam line at and also to the "scam" or "abuse" e-mail address of your financial institution (the larger ones now have an address such as "" or ""). At the top of the forwarded e-mail you can ask "is this real or a scam?" You will probably get an interesting reply.

Some sophisiticated e-mail filters used by ISPs are now catching the phishing scam e-mails.

My favorite e-mail filter software, ChoiceMail One, will intercept e-mails where the body of the e-mail uses numeric IP addresses and it thus catches most phishing scam and other fake e-mails.


dingHijacked Web Sites

A recent development is the hijacking of web sites of companies providing advertisement images to many popular web sites. These advertisements are modified to include a virus which can infect your computer just by visiting the site carrying the advertisement. The virus can infect your computer if you use some versions of the Internet Explorer web browser and does not affect computeers that contain the Service Pack 2 upgrade to the Windows XP® operating system.


If you are running the Windows XP® operating system, be sure to install the Service Pack 2 upgrade, available free of charge from Microsoft, for increased security.

Since many of the recent attacks target the popular Internet Explorer browser, we recommend that you simply switch to another browser. We highly recommend the Open Source Mozilla Firefox, which is available for download free of charge from the link on the menu at the left of this page.



Web-Bots are tiny invisible images embedded in commercial spam e-mails. These images are usually only 1x1 pixels (the minimum size) and may be transparent in color. When you view an e-mail containing a web-bot, the web-bot image is served by a dedicated server which captures the IP address of the computer. It thus serves to validate your e-mail address as a) active and b) perhaps interested in the subject of the e-mail since you viewed the message..

These Web-Bots would seem to serve a legitimate purpose for the advertiser, except that it contributes to the general spam problem by serving to generate lists of valid e-mail addresses. Particularly insidious is that you need not read the actual message, all you have to do is "preview" it with your e-mail software preview function (the feature that shows you the first few lines of received messages).


My favorite e-mail filter software, ChoiceMail One, will let you preview messages while blocking ALL images in the message from being served. Thus you can look at the text while retaining your privacy. This is particularly important for messages that look "legitimate".



Read the FTC Consumer Alert

Some popular software unbeknownst to you will install "spy-ware" (sometimes called "ad-ware") on your computer. This software tracks the web sites you visit, the video and music files you download, or other personal information and periodically report back this data which is then sold to advertisers. An early instance of a major commercial multi-media player doing this was exposed by Steve Gibson of Gibson Research Corp. You can read about it on his web site. Steve developed an early package "Opt Out" (now obsolete) to scan and eliminate this type of software.

Some "spy-ware" has been developed for malicious uses and logs your typing on the keyboard to capture personal and financial information such as credit card numbers. It then periodically reports back this information to the thieves.

Since such "spy-ware" and "ad-ware" uses your computing resources, extreme cases have been reported where the performance of your computer is significantly affected when several of these programs are active in your computer.


Two major free software packages are available to scan and eliminate such spy-ware from your computer:

SpyBot Search and Destroy, from Germany (available as "donorware" - free software, but they ask for voluntary donations)

Lavasoft's Ad-Aware, from Sweden (available in both a free version and a commercial version with enhanced features)

Ad-Aware SE (the commercial version) also includes a memory resident component which intercepts in real-time any attempts of installing "ad-ware" or "spy-ware" and also alerts you of any Windows Registry changes.


dinge-mail "spam"

"spam" (in lower case) refers to any unsolicited commercial offer or propaganda sent by e-mail to a large number of users.

Aside from being a nuisance, many "spam" e-mail messages are completely fraudulent offers. Usually these e-mail messages make attractive offers for getting-rich-quick, meeting attractive girls (or boys); or offering pornography, sexual enhancement drugs, discount drugs, gambling, discount software, low mortgage rates, low cost loans, etc., etc., etc. Others are disguised as "Important" notices from banks, stores and even government agencies (see the "Phishing" scam section above for one such example).

One of the most notorious offers of recent years is the "Nigerian Scam" where someone offers you a part of a large amount of money deposited in a bank, usually in Nigeria, or other parts of Africa, but more recently extending to Europe, the Pacific and other parts of the world.

The objective of all this spam is to get you to respond via e-mail or to visit a web site where they will offer you a participation in this "treasure". First you have to demonstrate your "good faith and character" by providing your financial account information, an amount of money or a credit card number as security. This rapidly leads to your account being drained, your money dissapearing, or your credit card being charged, without much hope of recovery.

"Genuine" spam is merely advertising e-mail offering you goods or services. Unfortunately there is a very thin line between a "genuine" offer and a fraudulent offer. IT IS BEST TO IGNORE ALL THESE OFFERS COMPLETELY.

Almost all e-mail "spam" will have a forged "From:" address (usually they do not want you to answer the e-mail, instead they want you to visit some web site). They also try to disguise the address of the web site that they want you to visit so it will not be obvious to you that it is probably an overseas web site. Sometimes they will only provide a numeric IP address for the web site, sometimes they will disguise the IP address by formatting it in a way readable by the computer but not by humans.


My favorite e-mail filter software, ChoiceMail One, allows you to intercept all spam by using multiple mechanisms. ChoiceMail is provided with a number of filter rules to intercept suspect spam and hold it in a "junk mailbox" for inspection and disposition.

The e-mail filter rules provided by the manufacturer inspect the subject line and body of the message for occurence of typical spam words (you can add to the list), it also looks in the body for disguised IP addresses, for numeric IP addresses and also for IP addresses on a list of known spammers. The software looks for e-mails with malformed or disguised structure which attempt to bypass less sophisticated filters. It even detects when the sender adds random words to get around probabilistic "Bayesian" spam filters.

ChoiceMail treats as spam all e-mails that come from someone who is not in your list of approved senders (initially generated from your address book) and forces any new correspondents to go to a web site and visually copy a random number or word to prove that they are human and not a spam robot. The software has other essential features such as the ability to preview messages without requesting any images from servers. You can also set up a "black" list to block individual addresses or entire domains. All the filtering rules are customizable to you own preferences and you can create new rules as desired. Because of its complexity the software takes a bit of effort to set up all the features, but well worth the results.



dingViruses and Trojan horses

Please visit our page on Viruses and Trojan Horses


| CubaGenWeb Home | Getting Started | Lookup | Queries | Sources | References | Links | Shop |

Protect your Computer - Updated 14-Nov-2016

Copyright © 2007-2015 - Ed Elizondo
All Rights Reserved - Todos los Derechos Reservados


Click here to visit - The place to shop for Cuban memorabilia! Cuba: Art, Books, Collectibles, Comedy, Currency, Memorabilia, Municipalities, Music, Postcards, Publications, School Items, Stamps, Videos and More!