Sorry if this has been asked and answered before: is the email text itself -- NOT the attachments -- a potential source of infection? Once I've downloaded from a POP server, the code is in my machine.

I have heard that there is a way to imbed virus/trojan/worm in the text itself, or that the text may contain a "bug" that can record key-strokes. I have heard in particular that colored HTML text may be implanted with some kind of recording "bug" that can be virtually invisible in the text yet can literally act as a server to collect information from my computer and then send it out from my machine out to another computer.

Has anyone heard of this? Is it true? Where can I get more information?

I'm using NOD32 as my AV. Some of my incoming messages show that NOD has scanned them, but some do not show any sign of being checked by NOD.

Hi SamSpade, I have shifted your thread here where it should receive better attention.

To answer your question, NOD32 will check everything coming through on a POP3 account.

Cheers ;D

{QUOTE-> Sorry if this has been asked and answered before: is the email text itself -- NOT the attachments -- a potential source of infection? Once I've downloaded from a POP server, the code is in my machine.

I have heard that there is a way to imbed virus/trojan/worm in the text itself, or that the text may contain a "bug" that can record key-strokes. I have heard in particular that colored HTML text may be implanted with some kind of recording "bug" that can be virtually invisible in the text yet can literally act as a server to collect information from my computer and then send it out from my machine out to another computer.

Has anyone heard of this? Is it true? Where can I get more information?

I'm using NOD32 as my AV. Some of my incoming messages show that NOD has scanned them, but some do not show any sign of being checked by NOD. <-QUOTE}
From Article
{QUOTE-> Because email marketers can see if a graphic has been requested and successfully sent to a user, they count that as an "open". Right now the technology is only able to track opens in HTML based emails. If you are using an email application, like Outlook, that provides a preview pane, if any graphic loads it is counted as an open. In text based messages, you can only track the number of clicks that occur on links embedded within an email. <-QUOTE}
http://www.marketleap.com/report/ml_report_34.htm
Thunderbird by default does not show images, you have to click a button "Show images" to see images.

{QUOTE-> Sorry if this has been asked and answered before: is the email text itself -- NOT the attachments -- a potential source of infection? <-QUOTE}
Only if the email text contains malicious active mobile code and the email client permits the code to execute.
The only other way would be a software defect in the email client that could be exploited by a buffer overflow. But this also usually requires active mobile code in order to work.

{QUOTE-> I have heard that there is a way to imbed virus/trojan/worm in the text itself, or that the text may contain a "bug" that can record key-strokes. <-QUOTE}
A virus/trojan/worm that includes a keylogger requires active mobile code. Thunderbird by default blocks JavaScript.

{QUOTE-> I have heard in particular that colored HTML text may be implanted with some kind of recording "bug" that can be virtually invisible in the text yet can literally act as a server to collect information from my computer and then send it out from my machine out to another computer.

Has anyone heard of this? Is it true? Where can I get more information? <-QUOTE}
Yes it is true, but it is very limited in scope (privacy and spam related) and it doesn't turn your computer into a server.
Carver pointed out some info and here is more on what is called a Web bug (http://en.wikipedia.org/wiki/Web_bug).

{QUOTE-> I'm using NOD32 as my AV. Some of my incoming messages show that NOD has scanned them, but some do not show any sign of being checked by NOD. <-QUOTE}I think NOD only scans POP accounts directly.

Even though Web bugs are usually images, they can be any other type of file that is remotely called from the HTML email like a CSS file.
Also, in recent history (now patched) there have been images with corrupted headers that contained malicious code that exploited OS bugs to execute code.
HTML is also used in Phishing emails to disguise the location of links in the email.
That's why it is best to view message body as plain text.
Thunderbird has an excellent extension called Allow HTML temporary that will let you view HTML emails on a one-by-one basis for those rare emails that actually need HTML.