Chapter 12. Email Attacks

Traveling at speeds approaching the speed of light, and with the ability to reach thousands, if not millions, of users almost instantaneously, email messages can quickly circumvent the globe. This may explain the popularity of MMC email attacks. This chapter covers mail-enabled viruses, worms, and Trojans. While this chapter will focus on Microsoft’s Outlook email program, much of the discussion can be applied to other Internet-enabled email clients.

Introduction

In the early years of email, the only way to spread MMC was as a file attachment. A user had to open or run the attachment in order to execute the code, and this is still the most popular method. However, email clients are HTML-enabled and MMC doesn’t need separate files to spread anymore. Rogue executables, macros, ActiveX objects, malicious scripts, and Trojans can be embedded right within the email itself. If written correctly, the email client executes the code without asking the user’s permission. In the case of the best email clients, if content can display or launch within a browser, it can do the same within an email. And often the browser and email client are integrated. For example, when HTML objects are received in Microsoft Outlook, it uses Internet Explorer’s HTML-rendering engine for displaying the content. Configuring security settings in Internet Explorer is liable to affect Microsoft Outlook. More on that later.

In all but the rarest cases, malicious emails have to be opened in ...

Get Malicious Mobile Code now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.