Support    Home Page    Configurations Catalogue   


QSL Support - Email Security

See footer for disclaimer.

E-mail Attachments

The main advice to the e-mail user is never to run or view an e-mail attachment unless you have both trust in and verified the sender, and you also understand the file type. Please visit http://www.queensgate.it/support/viruses.htm for general information about executables that must be avoided on attachments.

Attachments can be easily modified to appear to be innocuous. For example, an attachment might appear to be named "readme.txt" but instead it is named "readme.txt____________________________________________.exe" (frequently with the.exe extension being so far to the right that it doesn't fit in the attachments field and so it becomes hidden). Executables such as this contain their own icon image and in the case of an infected file, that icon image will of course be the same image as you would expect to see in a text file, especially if you have dragged the file onto your desktop or elsewhere.

Note that spammers often send viruses under the guise of being a genuine sender that is known to you. The way this occurs is normally because they have infected someone else's PC containing on your e-mail address, obtained all the e-mail addresses from that PC, and then created infected e-mails that appear to be sent from and to addresses obtained from the infected PC. This means you can not be certain that an e-mail from a colleague or friend is genuine -- if you receive an e-mail out of the blue with an attachment, you should read the content and be reasonably sure that it is the kind of thing your colleague or friend would write.

Although most modern antivirus software s/w checks e-mail attachments, some attachments are still clicked by the unwitting user because they become convinced the e-mail is genuine and turn off the antivirus protection. This is especially so if the sender is a friend and is convinced that he/she doesn't/can-not possibly have a virus on their PC and expect you to open and run that latest Christmas card jingle or etc...

Automatically Installing Viruses

Some of the worst virus's are called worms and enter through email. The virus is embedded in HTML emails (emails allowing attributes such as bold etc) such that you don't need to open any attachments. Just allowing the infected email to be in the preview pane gives you the virus.

To avoid these in Windows 98 and prior OS's (Windows XP normally default to a higher setting), you are highly advised to check / change your settings to "Restricted ... (more secure)" as shown in the attached snapshot. In Internet Explorer 5, this menu is under the Tools menu, Options sub menu, Security tab (of Outlook Express).

   

Details:   It seems that by default the less secure setting is enabled ("Internet zone [Less Secure...]") in Windows 98 and prior OS's. Thus, most users are wide open to this type of virus. In this case, you may be infected by just receiving it because the HTML for it is embedded in the email. Please note - you do not have to open the email or click attachments - this type of virus will load itself if the email ever appears in the preview pane.

Case study: KAK.HTA virus (KAK HTML application). We watched this re-install itself just by having the appropriate email in the email preview pane. There is little public information on this virus as yet. We examined the code and found it to be "Kagou-Anti-KroSoft" virus and it appears to lock your PC on 17th Jan, 2001.

Such virus's are extremely unlikely to be able to infect your machine if you set the security as above (as proven in our trials with KAK).

 


Copyright information:
All contents of this web site are QSL 1999, 2007
Last revised: January 8th, 2007.

See About Queensgate for more Copyright and Disclaimer information.

Back to Top