E-mail advertisements that offer a product that will enlarge a body part by three inches or promise you $5000 a week for stuffing envelopes are regarded as stupid and annoying but intrinsically harmless, not as a serious threat to security. It's a common idea that virus-bearing e-mails can be distinguished from ordinary spam because they are either blank or have messages that are nonsense. This idea couldn't be more wrong.

Hackers can use bogus e-mail advertisements to lure people to web sites where they either pick up a virus or are tricked into entering personal financial information. In general, you should never click on a link in an e-mail advertisement. If the ad has an attractive offer and you believe it is legitimate, use your browser search engine to find the merchant's URL and go by that path instead. Links in e-mails can take you to 'spoofed' sites that may appear to be legitimate but are not real.

Another widely-held belief is that viruses can only spread through e-mail attachments, and if you don't open suspicious attachments, you are safe. Wrong again. Malicious VBscripts, ActiveX controls, and Javascripts can be activated through an infected HTML file, either in an e-mail or residing on a web site, but once activated they can infect other html files on your computer. Not much attention is paid by the media to HTML viruses because they aren't very common, but they can destroy files and/or bring your system down. And of course most spam advertising comes in the form of HTML-formatted messages.

But the main reason to take spam more seriously as a security threat is that spammers and hackers have an important interest in common: open proxies. An open proxy is a computer that has been hijacked for use as an e-mail or web server. It is one of the principle methods used to distribute viruses. This much is well-known. What is more recent news is that MessageLabs, a UK firm that sells spam and virus-filtering services, has done research showing that approximately two-thirds of all spam comes from open proxies, and MessageLabs has found a significant coincidence of IP addresses used by hackers and those used by spammers.

The common use of open proxies makes spammers and hackers partners. At the very least it suggests that spammers may be hiring hackers to create open proxies for them, with the hacker taking advantage of the opportunity to spread a virus as well.

Spam-filtering software is only partially effective against spam, as we all know. One reason this is so is that none I know of seems able to search messages comprised of all-HTML for content likely to be included in spam. (If you know of one, please let me know and I'll report it here.) The spammers know this, of course, and that's why most of your spam comes through as HTML-formatted messages.

I have found a utility for Outlook called Watch Your Back! that strips HTML from e-mails, but it doesn't delete the original message. It saves it as a Word file, in case you want to look at it. It then displays what is left of your e-mail in plain text. It also can be set to remove attachments, read receipts, stationery, colors, and scripting. If you get newsletters or other content that you want to view in HTML, you can tell WYB not to process e-mail from that sender. WYB can be installed either to your task bar, which causes it to run before any spam filter you may have installed, or as a plug-in to Outlook, in which case it is likely to run after your spam-filter has done its work. The cost is a mere $12. You can download a free trial version at the Grinning Shark website.

A little-known method for stopping e-mail with potential virus-bearing attachments from reaching your computer at all is to use filtering services offered by some ISPs at the server level. My web host Futurequest allows me to stop e-mail with attachments either entirely or by selecting from a long list of file extensions. This turned out to be a 100-percent solution to the flood of e-mails I was receiving every day during the MyDoom siege.

To assure that attachments you may want to receive are not lost forever, under Futurequest's system I can set up an automatic reply that explains the e-mail with attachment has been stopped, and that if the sender has a legitimate reason for sending me an attachment they should contact me in an e-mail without attachment to arrange for me to let it through. Setups may vary from one provider to another; find out what your ISP or web host has to offer.  Simply contact their help desk or tech support.

If you decide to pursue this solution, I remind you that just because a file bears a .txt extension (plain text files cannot carry virus code), doesn't mean that it IS a text file. Hackers often use phony extensions to get attachments past safeguards that look for .exe extensions.

In my next column I'll talk about spyware, another threat that is not taken seriously enough.

When not seeking the ultimate security solution, Toni McConnel is a freelance technical writer and a writing coach.