
Viruses embedded in emails
#1
Posted 06 January 2005 - 10:00 PM
I was wondering about viruses embedded in emails. I'm using MS Outlook 2003 and have the restricted zone enabled(block all active X and scripting, but allow HTML). I recently recieve a high number of spam mail which somewhat doesn't make sense.
The emails come from various domains and blocking them is almost useless. However what I'm interested is that the particular emails only have text in the subject line(that makes no sense), no attachments and no text in the email body. The size various between 4kb and 9 kb.
Is it possible that there could be a virus emebedded in the email without noticing it and if how could it be detected. Is it even possible to hide viruses in plain emails.
I do run KPF (packet filter), hardware firewall and anti virus software
thanks
Cheers
#2
Posted 07 January 2005 - 08:10 AM
Me too. I receive a few of these emails daily.
They don't even have a subject line and no text in the body and no attachments.
Of course I delete these emails immediately like any other spam-email.
Weird isn't it ?
I have no idea what the purpose of these emails are.
So we both have to wait until one of the brilliant minds of SWI will tell us all about these total blank mysterious emails.

I didn't report it here because I don't waste any time on spam-emails.
IGNORE and DESTROY is my rule for spam-emails.
Simplicity is always brilliant.
#3
Posted 09 January 2005 - 09:15 AM
co ol,
Me too. I receive a few of these emails daily.
They don't even have a subject line and no text in the body and no attachments.
Of course I delete these emails immediately like any other spam-email.
Weird isn't it ?
I have no idea what the purpose of these emails are.
So we both have to wait until one of the brilliant minds of SWI will tell us all about these total blank mysterious emails.![]()
I didn't report it here because I don't waste any time on spam-emails.
IGNORE and DESTROY is my rule for spam-emails.
Mistake by newbie spammers mostly playing with their spamming program.
You're welcome.
#4
Posted 15 January 2005 - 02:53 PM
That could be true, but these newbie spammers managed to bypass my SpamInspector, because their email is COMPLETELY blank and there is nothing to detect the email as being spam because of that.
Maybe these newbie spammers are smarter than we think.
What is your professional opinion about that ?

P.S. : I don't consider these emails as a problem, because I don't receive them daily.
Edited by ErikAlbert, 15 January 2005 - 03:10 PM.
Simplicity is always brilliant.
#5
Posted 16 January 2005 - 03:04 AM
<a href='https://www.kaspersky.com'target='_blank'><i>Kaspersky</i></a>, <a href='https://housecall.trendmicro.com/' target='_blank'>Housecall <i>Trendmicro</i></a>, <a href='https://www.emsisoft.com' target='_blank'><i>a2 free edition</i></a>, <a href='https://www.kerio.com' target='_blank'><i>Kerio Personal Firewall</i></a>, <a href='https://www.lavasoftusa.com' target='_blank'><i>Ad-aware SE</i></a>, <a href='https://security.kolla.de' target='_blank'><i>Spybot S&D</i></a>, <a href='https://www.merijn.org/files/hijackthis.zip' target='_blank'><i>HJT</i></a>, <a href='https://www.cwshredder.net' target='_blank'><i>CWShredder</i></a>, <a href='https://www.mvps.org/winhelp2002/hosts.htm' target='_blank'><i>MVPS HOSTS file by WinHelp2002</i></a>, <a href='https://netfiles.uiuc.edu/ehowes/www/resource.htm' target='_blank'><i>IE-SPYAD by eburger68</i></a>, <a href='https://www.javacoolsoftware.com/' target='_blank'><i>Spywareguard and Spywareblaster</i></a>, <a href='https://www.winpatrol.com' target='_blank'><i>Winpatrol</i></a>, <a href='https://www.mozilla.org' target='_blank'><i>Mozilla & Firefox</i></a>
#6
Posted 16 January 2005 - 06:16 AM
Paranoid,
That could be true, but these newbie spammers managed to bypass my SpamInspector, because their email is COMPLETELY blank and there is nothing to detect the email as being spam because of that.
Maybe these newbie spammers are smarter than we think.
What is your professional opinion about that ?
Erik Albert, think about it.
So what if they managed to "bypass" your spaminspector? It's blank! I'm sure it's oh so helpful in advertising their products

Thanks for your professional question.
#7
Posted 16 January 2005 - 02:07 PM
If you want a client-side e-mail client, get Thunderbird from the Mozilla Foundation, and don't use LookOut.
#8
Posted 19 January 2005 - 07:29 AM
I HIGHLY recommend using a webmail client and text-only viewing for e-mail - that way, you don't get their web-bug images to validate your address, and you don't have to worry about malformed HTML or whatnot loading junk to infect your machine.
I can echo support for all you have said. But I more add that using webmail clients wont really safe guard you from web-bug images, unless you have the right settings (disable remote image from loading for one).
#9
Posted 19 January 2005 - 10:31 AM
#10
Posted 19 January 2005 - 10:47 AM
Isn't that enough or can I still get in trouble ?
Simplicity is always brilliant.
#11
Posted 19 January 2005 - 10:52 AM
Or if you only use text-only. Plaintext wont' load images, and since it doesn't, you can't see anything - SquirrelMail, my client, does this quite nicely.
Sure, but i think the major common web mails services dont even have an option for plaintext. Can someone confirm?
#12
Posted 19 January 2005 - 05:10 PM
And the stuff in your Deleted Items folder - I'm assuming you're using Outlook? - are safe to delete. Just make SURE you've turned off the Preview Pane.
Edited by Tuxedo Jack, 19 January 2005 - 05:11 PM.
#13
Posted 19 January 2005 - 06:08 PM
Yes I'm using MS Outlook 2000 and the Preview Pane is switched off.
I hardly use "Deleted Items", because Outlook deletes it automatically after
leaving Outlook.
Thanks for the advice.
Simplicity is always brilliant.
#14
Posted 20 January 2005 - 04:42 AM
Use text only.
Certain files are through the use of fake file extensions capable of masquerading as other types of files.
Windows (and Windows Media Player in particular) will be able to open these files just fine, but your MS mail progams will be unable to recognize them as a risk factor, or occasionally even as embedded files.
Forcing your mail client to open mail as text only will rid you of this problem.
#15
Posted 20 January 2005 - 05:30 AM
Thanks for the info, but also these files won't be a problem for me.
I don't open any spam-email or any email attachment.
I'm not that curious like most people, because I know the purpose of spam-emails already.
If I can't get rid of something, I ignore it.
Yesterday, we had a victim of "Identity Theft" in our Free Lotto Forum.
He won 100,000 pounds on a lotto by email, which wasn't true of course.
The lotto even mentioned it was sponsored by Microsoft and Macintosh LOL.
But he gave all his personal data to the scammer in order to get the money.
That's what you get when you start reading all your spam-emails.
Simplicity is always brilliant.
#16
Posted 20 January 2005 - 08:47 AM
Hotmail and Juno don't. No idea on Yahoo, but since they tied ads to their services, I'll lay odds on it not existing.
i thought so.
I recommend you amend this then
I HIGHLY recommend using a webmail client and text-only viewing for e-mail - that way, you don't get their web-bug images to validate your address,
I think the key is to view in text only format, whether webmail client or not.
Why mention webmail client and confuse people?
The fact that most webmail services do not offer text only modes, can confuse people even further.
I much much prefer a normal user run something like Thunderbird, Pegasus, Eudora etc and view in text mode only.... Espically when for most people the words hotmail and yahoomail pop into their mind when they see "Webmail..."
#17
Posted 20 January 2005 - 08:51 AM
Tuxedo Jack,
Yes I'm using MS Outlook 2000 and the Preview Pane is switched off.
I hardly use "Deleted Items", because Outlook deletes it automatically after
leaving Outlook.
Thanks for the advice.
I seem to recall the latest incarnations of outlook actually being able to block remote content from loading, so if you have that option, you can view html mail , heck even in preview mode without a problem.
For those who dont have this, a good rule based firewall, that allows you to retrict your email of choice to using specific ports (POP 110 and SMTP 25, ideally further restructed ti the ips of your mail server), will give you the same protection from web bugs.
#18
Posted 21 January 2005 - 03:58 AM
Thanks for the info, but also these files won't be a problem for me.
I don't open any spam-email or any email attachment.
That's good, but as Paranoid mentioned, remote content can be loaded even if the e-mail doesn't have an actual attached file. Combined with the file extension exploit I mentioned, your best bet is still to read e-mail in text only, if you can stand the aggravation.
Come to think of it, I haven't actually seen any of these type of spam mails in several months, so it may be that MS closed the hole, but I'm not positive on that.
(And I'm too lazy to look it up

But pure text is always safe.
That's the crux of the matter.
#19
Posted 22 January 2005 - 02:47 AM
before downloading. whenever i receive the emails that are blank
and preview them with mailwasher, avast always catches them
and alerts me to the fact that they have "blank whitespace". then
i just tick delete, add to blacklist, and never worry about them
again.
#20
Posted 22 January 2005 - 02:25 PM
Yes I used Mailwasher too.
How do you filter your spam-emails in Mailwasher : none, automatically, manual input and are the results any good ?
Simplicity is always brilliant.
#21
Posted 23 January 2005 - 03:56 AM
but once i bookmark the address as blacklisted, it always comes up
as "delete" from there on out. if a new address comes in that is
spam, i just mark it blacklist and go on my merry little way. this
may seem to some people like defeating the whole purpose of
the filter, but i can be pretty anal sometimes, and i want to make
sure that i haven't accidentally marked something for deletion
that i really don't want to delete. even with going through about
400 emails a day (with all my accounts) it doesn't really take a
great deal of time (IMHO).
occasionally, and i do mean occasionally, i like to read the spam/scam
emails to see what they are saying nowadays, and i will double
click on them in mailwasher to scan over them. it will of course
only download the text, so i read over quickly, get a good laugh,
and then go on about my bid-ness.
#22
Posted 23 January 2005 - 01:26 PM
Yes that's true, I remember it now when I used Mailwasher, it memorizes your previous decisions and acts the same way next time.
My brother has also Mailwasher and he also likes it and Mailwasher is also highly recommended by SWI.
So your choice wasn't so bad at all

Edited by ErikAlbert, 23 January 2005 - 01:28 PM.
Simplicity is always brilliant.
#23
Posted 24 January 2005 - 03:27 AM
(now, where did that other shoe go to......?)