Yes, You Can Get a Virus Simply By Reading Email

Back in the 80s when I first got online, it was absolutely cor­rect to say “don’t worry, your sys­tem can­not be infected with a virus sim­ply from open­ing an email mes­sage.” When the Good Times virus hoax first appeared, that reas­sur­ance was part of the mantra in try­ing to fight the hoax. It’s been repeated over and over and over — and unfor­tu­nately, it’s no longer true.

Thanks to the advent of HTML mail, your sys­tem can be infected just by open­ing an email mes­sage now. And if your mail client has a pre­view pane that shows you the con­tents of a mes­sage before you’ve opened it, you don’t even have to open the mes­sage to be infected!

Of course, some peo­ple aren’t vul­ner­a­ble. Mail clients that don’t dis­play HTML avoid this prob­lem. Most of the viruses in this cat­e­gory (so far) have been specif­i­cally cre­ated to take advan­tages of flaws in Microsoft Out­look and Out­look Express. I haven’t heard of any HTML-based viruses that attack Mac­in­tosh users. But since there are huge num­bers of Win­dows users out there with email pro­grams that do dis­play HTML mes­sages, most peo­ple are vul­ner­a­ble to these viruses.

What you can do to pro­tect your­self is to:

  • Install a good antivirus pro­gram and keep it updated — mine actu­ally checks for updates twice every day.
  • Dis­abling the pre­view pane in your email pro­gram is also a good idea.
  • If you can dis­able HTML dis­play, con­sider doing it (I’m rather unhappy that I can no longer do that in the lat­est ver­sion of Eudora Pro).
  • Do not use Out­look or Out­look Express for email. They sim­ply have too many secu­rity prob­lems, and no mat­ter how many patches you install from Microsoft, new holes seem to be found every week.
  • Be very cau­tious about using webmail.

Most of these viruses are worms — they’re designed to not only harm an infected sys­tem, but to actively try to spread them­selves to more sys­tems, usu­ally through your email pro­gram. The Melissa virus was one of the best-known of those. The KAK worm is the one I’ve per­son­ally encoun­tered the most fre­quently. Most of these viruses actu­ally come to pub­lic atten­tion because of the way they spread them­selves to more systems.

Using a fil­ter­ing ser­vice like Bright­mail can also help to pro­tect you — they have responded to most of the recent virus out­breaks by auto­mat­i­cally fil­ter­ing infected mes­sages to pro­tect their users. I wouldn’t trust them (or any other third party) to be my only defense, but I cer­tainly con­sider them part of my defense against email-borne viruses.

You should also think about the pos­si­bil­i­ties of get­ting script-based viruses from usenet mes­sages if your ISP isn’t fil­ter­ing out HTML posts and your news­reader does dis­play HTML. I absolutely love the fact that Forte Agent does not dis­play HTML, because I know that there is no way for me to have a prob­lem sim­ply from read­ing a usenet message.

Hon­estly, I’m not an alarmist. I’ve seen way too many virus hoaxes myself, and I take every new alert with many grains of salt until I’ve per­son­ally ver­i­fied it with a trusted resource. I think it’s highly irre­spon­si­ble, though, to give any­one a false sense of secu­rity by spread­ing a maxim that was once true, but is now false. Yes, your sys­tem can be infected with a virus sim­ply from read­ing email. Please be careful.

Orig­i­nally pub­lished Feb­ru­ary 3, 2001

Leave a Reply

Comments links could be nofollow free.