Email Virus Question

Email Virus Question

Post by Robert Kenda » Tue, 23 Sep 1997 04:00:00



Greetings,

When I use either Netscape Comm 4.0 or Netscape Navigator 3.0 to
receive my email, the first message highlighted automatically opens up
and can be viewed.  Other messages are then viewed by highlighting the
subject line.

My question concerns email viruses.  If a virus  is supposedly
activated upon opening (viewing) the message, is there anyway to
confirgure the browser to not open the message and show only the
subject, sender, and date.  This would allow me to delete viruses
identified by known subject lines.

For instance, my company recently sent a warning about a virus
spreading that contained the subject line "PENPAL".  Once opened
it supposedly infected the hard drive and deleted all data.  If I had
received this message and it downloaded as my first message, I
presently would have no option but to automatically view it - and
suffer the consequences.

Any advice?

Thanks,

Bob

 
 
 

Email Virus Question

Post by CHABU » Tue, 23 Sep 1997 04:00:00



Quote:(Robert Kendall) writes:
>My question concerns email viruses.  If a virus  is supposedly
>activated upon opening (viewing) the message, is there anyway to
>confirgure the browser to not open the message and show only the
>subject, sender, and date.  This would allow me to delete viruses
>identified by known subject lines.

I don't believe it's possible to send a virus strictly through e-mail,
unless as a file attachment. In which case you would have to download the
file and execute it in order for the virus to infect your system. Some mail
programs do permit you to have it automatically download attached files,
but you can usually turn that preference off. I suppose really anything is
possible, I'd just be curious to know how a virus could be implemented
through a plain old e-mail message. Anyone know otherwise?

-----------------------------------------------------------
ARTIFICIAL DEATH: A Tribute to The Creatures' "Project"
http://members.aol.com/creetchers
-----------------------------------------------------------

 
 
 

Email Virus Question

Post by Jerry Lesl » Tue, 23 Sep 1997 04:00:00


: For instance, my company recently sent a warning about a virus
: spreading that contained the subject line "PENPAL".  Once opened
: it supposedly infected the hard drive and deleted all data.  If I had
: received this message and it downloaded as my first message, I
: presently would have no option but to automatically view it - and
: suffer the consequences.

PENPAL is a hoax, which is documented at these sites:

   http://ciac.llnl.gov/ciac/CIACHoaxes.html

   http://www.datafellows.com/news/hoax.htm

--Jerry,


                          (my opinions are strictly my own)

 
 
 

Email Virus Question

Post by Barry Margoli » Tue, 23 Sep 1997 04:00:00




>I don't believe it's possible to send a virus strictly through e-mail,
>unless as a file attachment.

Actually, these days it's common to use web browsers with Java, Javascript
and ActiveX features, as mail readers.  If they automatically process the
embedded object, a virus could be transmitted this way.  Java and
Javascript are designed to prevent their use for transmitting viruses, but
bugs have been found in many implementations that allow them to slip
through.

--

GTE Internetworking, Powered by BBN, Cambridge, MA
Support the anti-spam movement; see <http://www.cauce.org/>
Please don't send technical questions directly to me, post them to newsgroups.

 
 
 

Email Virus Question

Post by Dogm » Tue, 23 Sep 1997 04:00:00





> (Robert Kendall) writes:

> >My question concerns email viruses.  If a virus  is supposedly
> >activated upon opening (viewing) the message, is there anyway to
> >confirgure the browser to not open the message and show only the
> >subject, sender, and date.  This would allow me to delete viruses
> >identified by known subject lines.

The header information can be examined by a spam filter on the POP3 server
(saves you even downloading it).
As far as opening, you need a virus checker that will check your disk/inbox
each time you collect your mail. Best thing to do is to get a virus checker
that runs permanently.

Quote:

> I don't believe it's possible to send a virus strictly through e-mail,
> unless as a file attachment. In which case you would have to download the
> file and execute it in order for the virus to infect your system. Some
mail
> programs do permit you to have it automatically download attached files,
> but you can usually turn that preference off. I suppose really anything
is
> possible, I'd just be curious to know how a virus could be implemented
> through a plain old e-mail message. Anyone know otherwise?

Word macro viri. Great to get people who are using Word (or that OCX) to
view their mail such as in Exchange or Outlook.
Again, it's the simple problem of people developing more and more complex
products that have flaws at the elementary. Microsoft are a perfect example
of this over-indulgence in their self-confidence (and in our
system-security) to make their products appear to work as stated whilst
actually performing a completely obscure and destructive task. Hence their
verbose disclaimer that is necessary on all of their products.
 
 
 

Email Virus Question

Post by CHABU » Tue, 23 Sep 1997 04:00:00



writes:

Quote:>Word macro viri. Great to get people who are using Word (or that OCX) to
>view their mail such as in Exchange or Outlook.

Oops! I hadn't even considered that one, since it so easy (but a nuisance)
to get rid of.

-----------------------------------------------------------
ARTIFICIAL DEATH: A Tribute to The Creatures' "Project"
http://members.aol.com/creetchers
-----------------------------------------------------------

 
 
 

Email Virus Question

Post by James Watso » Fri, 26 Sep 1997 04:00:00



> Actually, these days it's common to use web browsers with Java, Javascript
> and ActiveX features, as mail readers.  If they automatically process the
> embedded object, a virus could be transmitted this way.  Java and
> Javascript are designed to prevent their use for transmitting viruses, but
> bugs have been found in many implementations that allow them to slip
> through.

        While the theoritical has to always be considered, have there
actually been any documented cases of a wild virus using these holes
to attack a system?  I'm curious, because I've heard a lot about the
problems ActiveX, Jave  etc. present, but has anyone actually
created one of these viruses?  To the best of my knowledge, aren't
the security concerns with ActiveX and Java mainly aimed at web
browsers and not viruses?

--

 
 
 

1. Virus E-mail??

        My brother, who uses "Mail Call" to check his mail on the
server before downloading,  found something mailed to him with no
subject matter, no sender or no header information whatsoever.  It's
size was listed as -1.  He figures that if he had downloaded his mail
in the normal way that particular item would not have showed up at all
with the other messages.  It would have no doubt left something on his
computer that he would never be aware of.  
        Anyone familiar with what this might be?  Ken

2. Installing Win2000

3. Virus checking e-mail attachments

4. Help wanted tracing DECnet problem

5. email virus or microsoft update??

6. FS: SCSI Floptical / Floppy Drives

7. Virus check via email

8. Constructor initializer exception catching can be disasterous

9. E-mail Virus

10. Viruses Attached to email

11. e-mail virus Debunked

12. Email Virus in MS's Name?

13. e-mail virus checker