Can previewing an e-mail spead a virus
-
I've recently been sent a Bugbear virus. Luckly my anti virus software stopped it before anything happened. Just wanted to ask a question about virus's in general and specifically the bugbear If you are sent one, can you only catch it by running the attached file, or can just 'previewing' the the e-mail message in the preview pane itself allow a virus spead. Regards --- Peter M
Peter Mayhew wrote: I've recently been sent a Bugbear virus. Luckly my anti virus software stopped it before anything happened. Just wanted to ask a question about virus's in general and specifically the bugbear If you are sent one, can you only catch it by running the attached file, or can just 'previewing' the the e-mail message in the preview pane itself allow a virus spead. Unfortunately, the answer to this question is now circumstantial. Back in the old days, I kept pounding the table that one can't get viruses just by reading email. Then along came a company called Microsoft which sells software, nearly all of which is programmable in some way, shape or form, and I had to backtrack on my answer. If you use Outlook and keep all the standard options 'on', then yes you can receive a virus simply by reading your email. If you don't use Outlook, then there's about a 99% chance that you'll never get a virus. Nearly all of the viruses out today are what are known as Outlook viruses, ie they take advantage of the scripting features of Outlook. If I were you, I wouldn't use Outlook (for a number of reasons, the virus issue being #1 on the list). Unfortunately, most people use Outlook and due to compatibility issues it starts to force everyone else to use Outlook as well. My opinion: Email should remain text. End of story. No animated Kitties in the damned signature files. You want to send something more than text? Send it as a standard encoded attachment. Turning Email into the multimedia experience Microsoft/Outlook has made it has only led to no good. Paul Oss
-
I've recently been sent a Bugbear virus. Luckly my anti virus software stopped it before anything happened. Just wanted to ask a question about virus's in general and specifically the bugbear If you are sent one, can you only catch it by running the attached file, or can just 'previewing' the the e-mail message in the preview pane itself allow a virus spead. Regards --- Peter M
the below html code with the following attachment header
Content-Type: audio/x-wave; name=virus.scr Content-Disposition: attachment; filename=virus.scr Content-ID: xyzexecutes on previous versions of MS Outlook and OE also when only previewing them (without ANY kind of user interaction!). This bug was fixed in patches from MS, and also in the new version of Outlook XP (executable attachments are blocked) and OE 6.0 (dialog box pops up before executing dangerous attachments). Virus scanners are only of use for people who do not know at all about registry, and particularly about this key "Software\Microsoft\Windows\Currentversion\Run". If a virus runs on your computer and immediately starts overwriting files on your hard drive, there is no protection on Earth that helps you. Therefore, the best and cheapest virus protection is not executing attachments on a properly configured/patched/new version of O/OE, or even better switching to another email client. B. Bunburry -
Peter Mayhew wrote: I've recently been sent a Bugbear virus. Luckly my anti virus software stopped it before anything happened. Just wanted to ask a question about virus's in general and specifically the bugbear If you are sent one, can you only catch it by running the attached file, or can just 'previewing' the the e-mail message in the preview pane itself allow a virus spead. Unfortunately, the answer to this question is now circumstantial. Back in the old days, I kept pounding the table that one can't get viruses just by reading email. Then along came a company called Microsoft which sells software, nearly all of which is programmable in some way, shape or form, and I had to backtrack on my answer. If you use Outlook and keep all the standard options 'on', then yes you can receive a virus simply by reading your email. If you don't use Outlook, then there's about a 99% chance that you'll never get a virus. Nearly all of the viruses out today are what are known as Outlook viruses, ie they take advantage of the scripting features of Outlook. If I were you, I wouldn't use Outlook (for a number of reasons, the virus issue being #1 on the list). Unfortunately, most people use Outlook and due to compatibility issues it starts to force everyone else to use Outlook as well. My opinion: Email should remain text. End of story. No animated Kitties in the damned signature files. You want to send something more than text? Send it as a standard encoded attachment. Turning Email into the multimedia experience Microsoft/Outlook has made it has only led to no good. Paul Oss
Paul Oss wrote: Send it as a standard encoded attachment Can you explain this bit, just so I understand it 100%. Is this a special type of way to send attachments?? --- Peter M
-
Paul Oss wrote: Send it as a standard encoded attachment Can you explain this bit, just so I understand it 100%. Is this a special type of way to send attachments?? --- Peter M
Peter Mayhew wrote: Can you explain this bit, just so I understand it 100%. Is this a special type of way to send attachments?? This is usually done by using the standard attachment features in most email programs. Netscape, Eudora, Outlook. But there are other ways which Outlook sometimes attaches things and, to my regret, since I avoid using Outlook, I don't know how the users do it, but I often get email from friends and colleagues who use Outlook with message bodies that say "Man, look at this" and attached is a little file called 'winmail.dat' and naturally, I can't see what it is they've sent. Outlook encodes some kinds of attachments differently mainly BECAUSE of this internal scripting language it has. Corporations like it because you can create groups of users and what not, tie Outlook into a calendar and have events loaded based on passing an email around. Sorry, don't use the features, don't know how they work. Anyway, in Outlook and Netscape mail, the attachment option is usually done by clicking on a paperclip symbol. Hope this helps. Paul Oss
-
Paul Oss wrote: Send it as a standard encoded attachment Can you explain this bit, just so I understand it 100%. Is this a special type of way to send attachments?? --- Peter M
Peter Mayhew wrote: Is this a special type of way to send attachments?? No, it's the usual way. But a lot of viruses are now being embedded in the message, thanks to the ability to send HTML emails. Merely previewing them infects a lot of systems. Sending non-text content as an attachment blocks execution of dangerous material until the recipient actually opens the attachment. Word of the day: Rotundacrat
Extra Credit will be awarded for: Quasimobo... -
Previewing it in that case won't get you infected, but some virii are written in HTML scripts (jscript/vbscript) and find clever ways to get executed when you preview the mail message they are embedded in. -- Russell Morris "Have you gone mad Frink? Put down that science pole!"
-
ispring wrote: if scripts within HTML page can be virus. how dare we surf web everyday? Good question ;) (I'm by no means an expert, BTW) I've seen a few pages (on the web) demonstrating the serious vulnerabilities inherent in the VBScripting side of IE. For instance, I've seen a page (I think it was actually linked from here...) that would just sit in a loop and create instances of Word on your machine. If you didn't catch it soon, it would quickly eat up a slow computer and would effectively constitute a client-side denial of service attack. I beleive most of the "Preview Pane" virii in Outlook end up finding ways to use Outlook's automation model to read the Outlook address book and send copies of themselves to everyone in it. The Word macro virii tend to do the same thing, from what I understand. The automation capabilities of MS Office and similar apps is a wonder to behold when it is used honestly: but much damage can be done because of how insecure the technology is. -- Russell Morris "Have you gone mad Frink? Put down that science pole!"
-
Pete, Is this the "used to work for ERAU" Pete???? Nitron _________________________________________-- message sent on 100% recycled electrons.
er no, this is "used to be a student" Pete Is there someone else out there with the same name as me?, surely he's breaking copyright ;) --- Peter M
-
er no, this is "used to be a student" Pete Is there someone else out there with the same name as me?, surely he's breaking copyright ;) --- Peter M
That's too funny! I used to work with a Peter Mayhew in Daytona Florida, then he went off to work in Colorado or something like that... I didn't think to look at your profile first, the guy I worked with was likely mid-30's. (No ofense to the other Peter Mayhew if you're listening... :~ ) Anyway, thought I'd ask :) Nitron _________________________________________-- message sent on 100% recycled electrons.
-
Yes it can happen but not for a while. There was a bug in OE/Outlook that allowed a virus to execute in the "iframe". Whatever that might be. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
Tim Smith wrote: Whatever that might be. iframe... I'm presuming it's an inline frame?? Regards, Brian Dela :-)