Jump to content


Photo

Viruses embedded in emails


  • Please log in to reply
22 replies to this topic

#1 co_ol

co_ol

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 06 January 2005 - 10:00 PM

Hi

I was wondering about viruses embedded in emails. I'm using MS Outlook 2003 and have the restricted zone enabled(block all active X and scripting, but allow HTML). I recently recieve a high number of spam mail which somewhat doesn't make sense.
The emails come from various domains and blocking them is almost useless. However what I'm interested is that the particular emails only have text in the subject line(that makes no sense), no attachments and no text in the email body. The size various between 4kb and 9 kb.

Is it possible that there could be a virus emebedded in the email without noticing it and if how could it be detected. Is it even possible to hide viruses in plain emails.

I do run KPF (packet filter), hardware firewall and anti virus software

thanks

Cheers

#2 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 07 January 2005 - 08:10 AM

co ol,
Me too. I receive a few of these emails daily.
They don't even have a subject line and no text in the body and no attachments.
Of course I delete these emails immediately like any other spam-email.
Weird isn't it ?
I have no idea what the purpose of these emails are.
So we both have to wait until one of the brilliant minds of SWI will tell us all about these total blank mysterious emails. :D

I didn't report it here because I don't waste any time on spam-emails.
IGNORE and DESTROY is my rule for spam-emails.
ErikAlbert
Simplicity is always brilliant.

#3 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 09 January 2005 - 09:15 AM

co ol,
Me too. I receive a few of these emails daily.
They don't even have a subject line and no text in the body and no attachments.
Of course I delete these emails immediately like any other spam-email.
Weird isn't it ?
I have no idea what the purpose of these emails are.
So we both have to wait until one of the brilliant minds of SWI will tell us all about these total blank mysterious emails. :D

I didn't report it here because I don't waste any time on spam-emails.
IGNORE and DESTROY is my rule for spam-emails.

View Post


Mistake by newbie spammers mostly playing with their spamming program.

You're welcome.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#4 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 15 January 2005 - 02:53 PM

Paranoid,
That could be true, but these newbie spammers managed to bypass my SpamInspector, because their email is COMPLETELY blank and there is nothing to detect the email as being spam because of that.

Maybe these newbie spammers are smarter than we think.
What is your professional opinion about that ? :)

P.S. : I don't consider these emails as a problem, because I don't receive them daily.

Edited by ErikAlbert, 15 January 2005 - 03:10 PM.

ErikAlbert
Simplicity is always brilliant.

#5 LostAccount

LostAccount

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,291 posts

Posted 16 January 2005 - 03:04 AM

I agree with Paranoid. There may be a bug in their spamming tools.
<span style='font-size:8pt;line-height:100%'><b>Useful Software</b>:</span>
<a href='https://www.kaspersky.com'target='_blank'><i>Kaspersky</i></a>, <a href='https://housecall.trendmicro.com/' target='_blank'>Housecall <i>Trendmicro</i></a>, <a href='https://www.emsisoft.com' target='_blank'><i>a2 free edition</i></a>, <a href='https://www.kerio.com' target='_blank'><i>Kerio Personal Firewall</i></a>, <a href='https://www.lavasoftusa.com' target='_blank'><i>Ad-aware SE</i></a>, <a href='https://security.kolla.de' target='_blank'><i>Spybot S&D</i></a>, <a href='https://www.merijn.org/files/hijackthis.zip' target='_blank'><i>HJT</i></a>, <a href='https://www.cwshredder.net' target='_blank'><i>CWShredder</i></a>, <a href='https://www.mvps.org/winhelp2002/hosts.htm' target='_blank'><i>MVPS HOSTS file by WinHelp2002</i></a>, <a href='https://netfiles.uiuc.edu/ehowes/www/resource.htm' target='_blank'><i>IE-SPYAD by eburger68</i></a>, <a href='https://www.javacoolsoftware.com/' target='_blank'><i>Spywareguard and Spywareblaster</i></a>, <a href='https://www.winpatrol.com' target='_blank'><i>Winpatrol</i></a>, <a href='https://www.mozilla.org' target='_blank'><i>Mozilla & Firefox</i></a>

#6 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 16 January 2005 - 06:16 AM

Paranoid,
That could be true, but these newbie spammers managed to bypass my SpamInspector, because their email is COMPLETELY blank and there is nothing to detect the email as being spam because of that.

Maybe these newbie spammers are smarter than we think.
What is your professional opinion about that ?  :)

View Post


Erik Albert, think about it.

So what if they managed to "bypass" your spaminspector? It's blank! I'm sure it's oh so helpful in advertising their products :)

Thanks for your professional question.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#7 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 16 January 2005 - 02:07 PM

I HIGHLY recommend using a webmail client and text-only viewing for e-mail - that way, you don't get their web-bug images to validate your address, and you don't have to worry about malformed HTML or whatnot loading junk to infect your machine.

If you want a client-side e-mail client, get Thunderbird from the Mozilla Foundation, and don't use LookOut.
Signature file is under revision. This will be back shortly.

#8 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 19 January 2005 - 07:29 AM

I HIGHLY recommend using a webmail client and text-only viewing for e-mail - that way, you don't get their web-bug images to validate your address, and you don't have to worry about malformed HTML or whatnot loading junk to infect your machine.

View Post


I can echo support for all you have said. But I more add that using webmail clients wont really safe guard you from web-bug images, unless you have the right settings (disable remote image from loading for one).
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#9 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 19 January 2005 - 10:31 AM

Or if you only use text-only. Plaintext wont' load images, and since it doesn't, you can't see anything - SquirrelMail, my client, does this quite nicely.
Signature file is under revision. This will be back shortly.

#10 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 19 January 2005 - 10:47 AM

Well I don't read or touch my spam-emails anyway and the ones that bypassed my anti-spammer are deleted immediately and my "Deleted Items" are also empty.
Isn't that enough or can I still get in trouble ?
ErikAlbert
Simplicity is always brilliant.

#11 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 19 January 2005 - 10:52 AM

Or if you only use text-only. Plaintext wont' load images, and since it doesn't, you can't see anything - SquirrelMail, my client, does this quite nicely.

View Post


Sure, but i think the major common web mails services dont even have an option for plaintext. Can someone confirm?
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#12 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 19 January 2005 - 05:10 PM

Hotmail and Juno don't. No idea on Yahoo, but since they tied ads to their services, I'll lay odds on it not existing.

And the stuff in your Deleted Items folder - I'm assuming you're using Outlook? - are safe to delete. Just make SURE you've turned off the Preview Pane.

Edited by Tuxedo Jack, 19 January 2005 - 05:11 PM.

Signature file is under revision. This will be back shortly.

#13 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 19 January 2005 - 06:08 PM

Tuxedo Jack,
Yes I'm using MS Outlook 2000 and the Preview Pane is switched off.
I hardly use "Deleted Items", because Outlook deletes it automatically after
leaving Outlook.
Thanks for the advice.
ErikAlbert
Simplicity is always brilliant.

#14 Misereor

Misereor

    Member

  • Full Member
  • Pip
  • 84 posts

Posted 20 January 2005 - 04:42 AM

What Tuxedo Jack said.
Use text only.

Certain files are through the use of fake file extensions capable of masquerading as other types of files.

Windows (and Windows Media Player in particular) will be able to open these files just fine, but your MS mail progams will be unable to recognize them as a risk factor, or occasionally even as embedded files.

Forcing your mail client to open mail as text only will rid you of this problem.

#15 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 20 January 2005 - 05:30 AM

Misereor,
Thanks for the info, but also these files won't be a problem for me.
I don't open any spam-email or any email attachment.
I'm not that curious like most people, because I know the purpose of spam-emails already.
If I can't get rid of something, I ignore it.

Yesterday, we had a victim of "Identity Theft" in our Free Lotto Forum.
He won 100,000 pounds on a lotto by email, which wasn't true of course.
The lotto even mentioned it was sponsored by Microsoft and Macintosh LOL.
But he gave all his personal data to the scammer in order to get the money.
That's what you get when you start reading all your spam-emails.
ErikAlbert
Simplicity is always brilliant.

#16 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 20 January 2005 - 08:47 AM

Hotmail and Juno don't. No idea on Yahoo, but since they tied ads to their services, I'll lay odds on it not existing.

View Post


i thought so.

I recommend you amend this then

I HIGHLY recommend using a webmail client and text-only viewing for e-mail - that way, you don't get their web-bug images to validate your address,


I think the key is to view in text only format, whether webmail client or not.

Why mention webmail client and confuse people?

The fact that most webmail services do not offer text only modes, can confuse people even further.

I much much prefer a normal user run something like Thunderbird, Pegasus, Eudora etc and view in text mode only.... Espically when for most people the words hotmail and yahoomail pop into their mind when they see "Webmail..."
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#17 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 20 January 2005 - 08:51 AM

Tuxedo Jack,
Yes I'm using MS Outlook 2000 and the Preview Pane is switched off.
I hardly use "Deleted Items", because Outlook deletes it automatically after
leaving Outlook.
Thanks for the advice.

View Post


I seem to recall the latest incarnations of outlook actually being able to block remote content from loading, so if you have that option, you can view html mail , heck even in preview mode without a problem.

For those who dont have this, a good rule based firewall, that allows you to retrict your email of choice to using specific ports (POP 110 and SMTP 25, ideally further restructed ti the ips of your mail server), will give you the same protection from web bugs.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#18 Misereor

Misereor

    Member

  • Full Member
  • Pip
  • 84 posts

Posted 21 January 2005 - 03:58 AM

Thanks for the info, but also these files won't be a problem for me.
I don't open any spam-email or any email attachment.


That's good, but as Paranoid mentioned, remote content can be loaded even if the e-mail doesn't have an actual attached file. Combined with the file extension exploit I mentioned, your best bet is still to read e-mail in text only, if you can stand the aggravation.

Come to think of it, I haven't actually seen any of these type of spam mails in several months, so it may be that MS closed the hole, but I'm not positive on that.
(And I'm too lazy to look it up :) )

But pure text is always safe.
That's the crux of the matter.

#19 nateface

nateface

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 22 January 2005 - 02:47 AM

you can even try using mailwasher so you can preview the emails
before downloading. whenever i receive the emails that are blank
and preview them with mailwasher, avast always catches them
and alerts me to the fact that they have "blank whitespace". then
i just tick delete, add to blacklist, and never worry about them
again.

#20 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 22 January 2005 - 02:25 PM

nateface,
Yes I used Mailwasher too.
How do you filter your spam-emails in Mailwasher : none, automatically, manual input and are the results any good ?
ErikAlbert
Simplicity is always brilliant.

#21 nateface

nateface

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 23 January 2005 - 03:56 AM

i actually don't filter. i know it may sound stupid to most people,
but once i bookmark the address as blacklisted, it always comes up
as "delete" from there on out. if a new address comes in that is
spam, i just mark it blacklist and go on my merry little way. this
may seem to some people like defeating the whole purpose of
the filter, but i can be pretty anal sometimes, and i want to make
sure that i haven't accidentally marked something for deletion
that i really don't want to delete. even with going through about
400 emails a day (with all my accounts) it doesn't really take a
great deal of time (IMHO).
occasionally, and i do mean occasionally, i like to read the spam/scam
emails to see what they are saying nowadays, and i will double
click on them in mailwasher to scan over them. it will of course
only download the text, so i read over quickly, get a good laugh,
and then go on about my bid-ness.

#22 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 23 January 2005 - 01:26 PM

nateface,
Yes that's true, I remember it now when I used Mailwasher, it memorizes your previous decisions and acts the same way next time.
My brother has also Mailwasher and he also likes it and Mailwasher is also highly recommended by SWI.
So your choice wasn't so bad at all :)

Edited by ErikAlbert, 23 January 2005 - 01:28 PM.

ErikAlbert
Simplicity is always brilliant.

#23 nateface

nateface

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 24 January 2005 - 03:27 AM

even stupid people like myself occasionally get something right!

(now, where did that other shoe go to......?)




Member of UNITE
Support SpywareInfo Forum - click the button