A computer can be infected by malicious software from an email whether using Outlook Express, Outlook, any other email application or webmail (email which you can view online from any location). You need to be aware of the facts so that you do not become infected by a virus or malicious script contained in an email.
The first rule of protecting yourself from malicious software almost always is to patch your system with the latest security patches. These patches remove the vulnerabilities and avenues used to harm your system. If you are using Microsoft Windows, you can obtain these patches from http://updates.microsoft.com. Install all service packs, critical and security updates. These patches not only protect you from email viruses, but also prevent known ways an attacker can compromise your system. In most cases attacks take advantage of vulnerabilities in services (such as those in Windows) that run by default (or have been manually enabled by you or an application) on your system.
The next step is to understand the ways that you can become infected using email, so that you can use prevention methods. One of the most common ways to become infected is by opening attachments infected with some type of virus or script. The simple solution is, don’t open attachments (or any file for that matter) from anyone that you do not trust, although even those you trust can be infected and their email software can be used to send viruses to you or others from a trusted source’s email address (the From: address can be forged entirely). So you may believe that the attachment is from a trusted source, but it is possible the sender does not know the email was sent.
Alternatively, you may also be infected by simply opening an email that contains a macro or script. Your email software may be configured to automatically run macros or scripts contained in emails. To circumvent this, you can set your email software to not automatically run scripts or macros. Emails may also contain HTML code which is normally used to change the font, font size and colors of text in an email. HTML code may also contain malicous code. You can turn HTML off in your email application. Any malicious code in an HTML email is run by opening the email or viewing it in the preview pane.
In some applications, such as Microsoft Outlook, a preview pane is used to see the contents of an email after selecting the email message. This is the same as double-clicking an email to view the contents and you can be infected this way. You can turn off this Preview Pane and only view the contents of emails from those you trust. Pay attention to the subject line and from address. If it looks suspicious, delete it or just don’t open the email or don’t select it so it will not appear in the Preview Pane.
If you are using email from work, most companies have protection in place to scan emails for this type of activity and block them from being sent to you, or sometimes remove the infected or suspicious attachments. Don’t rely on this to protect you. Be suspicious of every email that you receive. Internet service providers also scan emails (or should). You should use anti-virus software that will scan emails as you open or receieve them.
Only certain types of files can contain malicious code, but people find new ways to attach malicious code different types of files on occasion. For example, opening a text document in Notepad won’t infect you with a virus even if you view the actual code itself, because Notepad will not run that code. Be aware of any attachments with the extensions .exe, .com, .bat, .vbs or .doc for example. Any .exe, .com, or .bat file can contain code that is run by opening the file and the same applies for a .vbs file which is a Visual Basic script. A .doc file (a Word document) sometimes contain macros that can cause damage. You can disable automatic execution of macros in Microsoft Word to prevent this and view the document safely.
You probably receive a lot of forwards from friends (usually the subject line is labeled starting with FW: indicating that it is a forwarded message). These emails have made their rounds all over the world and come in contact with thousands of computers. It’s obvious that one of those computers could have placed an infected attachment or script into the email somewhere along the line.
When you look at the From: line of an email, you may see your friends email address. Email addresses can be spoofed (faked) so it does not prove that the email is from your friend or another trusted source. Along with that technique some attackers write inticing subject lines such as “You have won a free cruise!”. The first question you should ask yourself is, did I even register to win a free cruise? Probably not. Don’t open it.
If you use webmail, find out what protections your webmail provider uses. Gmail is a great free webmail service and one of the best, because Gmail is excellent at filtering SPAM. Certain types of features of your email are disabled by default when viewing the email and you have the option to enable that feature while viewing the email if you decide it is safe. This helps to prevent the problems associated with becoming infected simply by opening an email.
What types of email attachments are safe or not safe? Here is a short list of file extensions to give you an idea. A file extension is the second part of a filename such as filename.ext (the letters after the dot in the filename).
Update: I would like to add that when you do open an email, you may notice an area at the bottom that tells you that you can opt out of receiving those emails. I want to stress that you should never ever for any reason reply to an email that you suspect is SPAM or not from a legit source. The reason for this is that when you reply to spam, you are indicating that you are receiving the email and your address will be kept, possibly sold in a list to others and the spammer may decide to send even more email. The only time you should ever click these, is to opt out of email from trusted sources such as Wal-Mart or Barnes and Noble, but I wouldn’t. It is safer to log on to Barnes and Noble’s website, open your account settings and find the option to opt out of receiving email. The best bet is just to never click anything in an email you are not sure that you can trust and close it immediately.
Safe (at this time): .JPG, .GIF, .BMP., Autocad drawings, .MPG, .PDF, .WAV, .WMA, .ZIP (the contents of a .ZIP may be dangerous if you open them after extracting the contents, but the .ZIP file itself is safe).
Use caution: .ASP, .DOC (could contain macros), .HTM, .HTML
Dangerous: .PIF, .EXE, .COM, .BAT, .VBS, .REG, .JS, .SCR, .OCX, .WMF
Most importantly, use common sense. No protection is or will ever be 100% fool proof.
Recommended Article: Crabby’s Top 10 Spam-Fighting Tips
Recommended Webmail Provider: Gmail
Powered by FireStats
Recent Comments