The other day my mom got one of those “send this advice to everyone you know” emails promoting an idea to keep your PC from becoming a spambot. Here is the pertinent text.
As you may know, when/if a worm virus gets into your computer it heads straight for your email address book, and sends itself to everyone in there, thus infecting all your friends and associates.
This trick won’t keep the virus from getting into your computer, but it will stop it from using your address book to spread further, and it will alert you to the fact that the worm has got into your system.Here’s what you do:
First, open your address book and click on ‘new contact,’ just as you would do if you were adding a new friend to your list of email addresses.
In the window where you would type your friend’s first name, type in ‘A’.
For the screen name or email address, type AAAAAAA@AAA.AAANow, here’s what you’ve done and why it works:
The ‘name ‘A’ will be placed at the top of your address book as entry #1. This will be where the worm will start in an effort to send itself to all your friends. When it tries to send itself to AAAAAAA@AAA.AAA, it will be undeliverable because of the phony email address you entered. If the first attempt fails (which it will because of the phoney address), the worm goes no further and your friends will not be infected.Here’s the second great advantage of this method:
If an email cannot be delivered, you will be notified of this in your In Box almost immediately. Hence,, if you ever get an email telling you that an email addressed to AAAAAAA@AAA.AAA could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it! Pretty slick huh? If everybody you know does this then you need not ever worry about opening mail from friends.
Now despite the “as you may know” prelude, the bulk of this advice is bogus. Unless of course you happen to have an older Windows box that just happens to get infected by the lamest old script-kiddie virus imaginable. But the emphasized [by me] bit reminded me of some actual good advice in this article entitled Create Canary Accounts In Any Database You Have on the BelSec blog.
The first is to create “canary” accounts. Create accounts that have e-mail addresses, like “something-really-long-xyz-123@gmail.com”. This account is not going to get any spam e-mail. When it does get its first spam, you’ll know that it came from your database. When I create recommendations for clients, this is always one of the first things I suggest. (Likewise, if you are an e-commerce site, you should get dummy credit cards that only exist in your database). This won’t stop you from getting hacked, but it will at least tell you when a hack has happened.
So about now you might be wondering what exactly is a “canary account“. The idea is taken from the old expression “Canary in a coal mine” where allegedly miners kept caged canaries in the mines as an “early warning device.” If the air was bad enough to kill the canary, it would soon be bad enough to kill people. The canaries were more sensitive to the deadly fumes. So their dying would warn the miners to get out. I’m not a miner, but I do have birds (two Cockatiels named Sydney and Walter) so I do know that this is a plausible story. But I digress. So a canary account has one purpose – if it ever gets any email then you know something is wrong. Therefore back in the original message about address book entries, the idea of a bogus entry in the address book that will cause failures and presumably notifications of same is almost but not quite a canary account.
What you should do instead is apply the advice from the BelSec guys and create an actual valid canary email account or alias. The trick is to never, ever use this canary address for anything except detection. In the case where you want to know whether your PC is infected with some kind of worm or virus that propagates via your address book, then you would simply put the canary account address in your address book. If that account ever receives any email, then you know something is amiss. It’s a lot more reliable than hoping you catch bounces from a bogus address.
So Mom, the real valid advice here is to create a canary account and put it in your address book. But definitely do not spam everyone in your address book with that bit of wisdom. Instead send a link to this blog entry. I don’t mind the traffic.
