Potentional e-mail vulnerablity

Discussion in 'other security issues & news' started by Someone, Dec 6, 2010.

Thread Status:
Not open for further replies.
  1. Someone

    Someone Registered Member

    Can one get infected by malware if they simply open a html message with a malicious script? Would the script need to download the actual malware file separately or could the script be the actual malware? The reason i ask is I'm uncertain as to the usefulness of email scanners found in AV's.
    thanks
     
    Someone, Dec 6, 2010
    #1
  2. vtol

    vtol Registered Member

    yes
    they are useful but can eventually be beaten too. disable script in html emails and prevent it from dl content from the net, some email clients offer such fine tuniing
     
    vtol, Dec 7, 2010
    #2
  3. Rmus

    Rmus Exploit Analyst

    HTML in email messages and attachments is no different than that in a web page.

    The script would be the trigger to download the malware. Here is an example showing how reading HTML messages in Outlook Express can trigger malware to dowload:

    Outlook Express Security
    http://www.malwarehelp.org/securing-your-e-mail-client-outlookexpress1.html
    More common is using HTML attachments to an email message:

    Confirmed! Plug-and-Play Spammers Using Stolen Emails as Spam Templates
    http://www.redcondor.com/blog/?tag=html-malware

    HTML attachments – now with malware!
    http://blog.commtouch.com/cafe/email-security-news/html-attachments-–-now-with-malware/

    The principal limitation of scanners is that they need a signature to identify malware, meaning that there can be a window of opportunity (0-day) when the malware is undetected.

    Some scanners are pretty good at identifying malicious code/scripts in an email, but it seems to be hit and miss, from the analyses I've seen.

    Here is an example of a scanner catching something:

    HEUR/HTML.MALWARE
    http://forum.avira.com/wbb/index.php?page=Thread&threadID=70038


    The best preventative measure is to have the email client render in plain text by default. This way,

    1) no script in the message body can run, therefore,

    2) no attachments can be launched automatically by a script.

    ----
    rich
     
    Rmus, Dec 7, 2010
    #3
  4. Someone

    Someone Registered Member

    Thanks for the informative responses!
     
    Someone, Dec 11, 2010
    #4
  5. TheKid7

    TheKid7 Registered Member

    I have Sandboxie (Paid). I have my Outlook 2003 E-Mail "Forced" to an E-Mail sandbox. Also, I have DropRights plus Start/Run and Internet Access Restrictions which I feel should block an E-Mail malicious script from executing. Even if the malicious script executed, the sandbox should trap it.
     
    TheKid7, Dec 11, 2010
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice