For months now, the Internet has been clogged up with these varients of the Storm virus, spewing out their fake ecard emails, and more recently their "membership details". Both of these are very easy to spot because they always use IP addresses in the email. For example:

Welcome,

We are glad you joined Joke-A-Day.

User Number: 776823145
Temorary Login: user8675
Temp Password ID: qj392

This Login Info will expire in 24 hours. Please Change it.

Use this link to change your Login info: http://209.89.3.xxx/

Welcome,
New Member Services
Joke-A-Day

Now most likely that IP address above is just some other poor schmuck that got zombied when he visted another version of it. Doesn't really matter because in the end, we just want to make sure we don't go there...and neither does anyone else we have to fix their computers for. So, here's a handy little filter that somebody showed me, that totally scraps any email that comes in with an IP address html link (which really, there shouldn't be any legitimate email like that). Plus, merely visiting the site is dangerous enough...there's usually a few exploits hiding on it that try to whack you right away, even if you are just looking and click nothing.

So...how to make a filter that kills these instantly. First up Outlook 2003:
1. First launch Outlook, then go to your toolbar and select Tools > Rules and Alerts.

2. After that a new window will pop up, click on "New Rule"

3. Another new window will pop up, titled Rules Wizard. Click the radio button that says "Start from a blank rule" and then click next

4. Now on this new screen, make sure you check the box that says "with specific words in the body". Once you do that it will appear down below in the "step 2" text area....and the words "specific words" will be underlined and look like a hyperlink. Click them to make the next window appear.

5. At this new window, what we are doing is adding the text the filter will key off of, so simply what we will do is add the following entries, one by one:
http://1
http://2
http://3
.....etc until we get to 9

6. Once that's done and you click the Ok button, you should see the screen below. Now we have to tell outlook what to do with the emails that match the text string we set above (http://1, etc). For this example I selected "move a copy to the specified folder" and then told it to use the Junk E-mail folder down below in the Step 2 text box (just like we specified the http:// stuff earlier). But a better solution would probably be to select "permanently delete it". I'll leave it up to you, but I'd go with that one for most normal people.

That's pretty much it, just click on finish and you should be all set. Now Outlook 2003 will automatically put any email with an IP based link into the bit bucket.

How to setup for Outlook Express 6:
1. Launch your Outlook Express and go to the tool bar, then click on Tools > Message Rules > Mail. This should launch a new window after you click it:

2. This new window (called New Mail Rule) will pop up and you will want to select the "Where the message body contains specific words" in the first text box, and then in the second I recommend you check the box that says "Delete it". Now down in the third text box you should see the words "contains specific words" highlighted like a hyperlink. Click on them to get to the next box:

3. A window called "Type Specific Words" will pop up, and just like before we'll type in "http://1" then hit enter (without the quotation marks of course) and then continue on until we've done up to http://9. When that's done hit the Ok button

4. Now back to the "New Mail Rule" you should see the following screen capture on your own computer. Text Box "3. Rule Description" should show all the http://'s you put in, and that it will Delete it immediatly. Just click the Ok button

5. Last screen...just confirms everything you'd done already, all you have to do is hit Ok again and your all done.

That's it, your now hopefully 100% protected. In reality there's really no reason any email should ever have IP link, so this is really a good rule to have by default.