E-mail arriving in client (Thunderbird or other)

Discussion in 'NOD32 version 2 Forum' started by SamSpade, Dec 3, 2006.

Thread Status:
Not open for further replies.
  1. SamSpade

    SamSpade Registered Member

    Oct 22, 2006
    Sorry if this has been asked and answered before: is the email text itself -- NOT the attachments -- a potential source of infection? Once I've downloaded from a POP server, the code is in my machine.

    I have heard that there is a way to imbed virus/trojan/worm in the text itself, or that the text may contain a "bug" that can record key-strokes. I have heard in particular that colored HTML text may be implanted with some kind of recording "bug" that can be virtually invisible in the text yet can literally act as a server to collect information from my computer and then send it out from my machine out to another computer.

    Has anyone heard of this? Is it true? Where can I get more information?

    I'm using NOD32 as my AV. Some of my incoming messages show that NOD has scanned them, but some do not show any sign of being checked by NOD.
    Last edited: Dec 3, 2006
  2. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    Hi SamSpade, I have shifted your thread here where it should receive better attention.

    To answer your question, NOD32 will check everything coming through on a POP3 account.

    Cheers :D
  3. Carver

    Carver Registered Member

    Feb 5, 2006
    From Article
    Thunderbird by default does not show images, you have to click a button "Show images" to see images.
  4. Devinco

    Devinco Registered Member

    Jul 2, 2004
    Only if the email text contains malicious active mobile code and the email client permits the code to execute.
    The only other way would be a software defect in the email client that could be exploited by a buffer overflow. But this also usually requires active mobile code in order to work.

    A virus/trojan/worm that includes a keylogger requires active mobile code. Thunderbird by default blocks JavaScript.

    Yes it is true, but it is very limited in scope (privacy and spam related) and it doesn't turn your computer into a server.
    Carver pointed out some info and here is more on what is called a Web bug.

    I think NOD only scans POP accounts directly.

    Even though Web bugs are usually images, they can be any other type of file that is remotely called from the HTML email like a CSS file.
    Also, in recent history (now patched) there have been images with corrupted headers that contained malicious code that exploited OS bugs to execute code.
    HTML is also used in Phishing emails to disguise the location of links in the email.
    That's why it is best to view message body as plain text.
    Thunderbird has an excellent extension called Allow HTML temporary that will let you view HTML emails on a one-by-one basis for those rare emails that actually need HTML.
    Last edited: Dec 3, 2006
Thread Status:
Not open for further replies.