Exactly when does an infected email do its 'thing'?

[cbs604]

As I understand it, and assuming a disfunctional a/v :

1) infected email arrives in Inbox - no problems

2) user clicks once on message
a) if html is enabled and file auto opens infection occurs
b) if html is disabled - no problems

3) user double clicks message - same as 2 ?

4) user opens attachments and infection occurs.

If the above is all true, then telling users to delete suspicious emails would be counter productive because of 2a above. You have to click on the message in order to delete it.

Comments?



Cheers,
Brodie

 

[MasterRacker]

If by auto-open, you mean the preview window is enabled (At least in Outlook or Outlook Express) you are essentially correct.

1. Disable the preview window, then you can click messages to select them without any code loading.

2. Right-click the message and select delete from the context menu.


Jeff
The future is already here - it's just not widely distributed yet...

 

[ftechguy]

Note that only some viruses activate in the preview pane--they are the ones that exploit Outlook flaws to auto-execute. Examples are recent variations of Beagle. Most viruses are only triggered by opening (doubleclicking) the attachment. If you have all the MS patches, you're safe from the auto-execute variety.

Still, you should disable the preview pane anyway. Html code in spam is triggered and you can get more spam this way, or at the least, let spammers know you looked.

 

[cbs604]

That was a quick reponse!

Thanks guys, some good advice there.

So if a/v is functioning correctly, and MS patches are up to date, then the only problem is dealing with spam?



Cheers,
Brodie

 

[2ffat]

So if a/v is functioning correctly, and MS patches are up to date, then the only problem is dealing with spam?" Essentially correct until another flaw is discovered and exploited.



James P. Cottingham
[sup]
There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
[/sup]

 

[Salem]

Spammers can also track you like this, as ftechguy has noted already.

Which is another good reason for turning off preview.


--

 

[viol8ion]

In order to avoid these problems, I use SpamKiller. I am in no way affiliated with them, but feel the $30 fee to purchase is well worth it.

SK works by checking all email on your mail server before you download it. It flags all suspected spam and places in a separate folder so that you can view the text before deleting for good.

It allows all email that has addresses that match your approved addresses to come through, and has a 90% success rate when first installed. Mine only allows one spam out of 300 to get through now that I have fine tuned it.

The main benefit is that it allows emails to be screened without being opened.

When in doubt, deny all terms and defnitions.

http://www.wuli.com

 

[cbs604]

Good link salem, thanks

Viol8ion, I use Mailwasher which does the same thing. If I am vigilant, I never get any spams or infected emails into my Inbox. Best of all - it's free.

http://www.firetrust.com

Cheers,
Brodie

 

[ftechguy]

quote: "So if a/v is functioning correctly, and MS patches are up to date, then the only problem is dealing with spam?" Essentially correct until another flaw is discovered and exploited.


Well nice timing, MS just released some patches so head over to Windows Update and start getting systems up-to-date!