In our third lesson of Computer Security 101 we covered Ports, TCP, UDP and firewalls. This lesson we will discuss various security issues associated with using email including email borne viruses, hidden file extensions and email spoofing.
One of the main attack vectors for a virus is through your email. While it is possible to get a virus by using an infected floppy disk or compact disc one of the main methods of propagation is through email. From the standpoint of trying to do the most damage it makes sense for a virus author to use email as a means for spreading the virus.
The authors of Trojans, worms and viruses are sometimes exceptionally clever and ingenious in finding and exploiting weaknesses in both the computer system and in human nature in order to make their attack successful. Unfortunately, sometimes even viruses that aren’t so clever manage to spread quickly and do lots of damage due to uneducated and naïve users.
To get you to open the email in the first place viruses try to use Subject Lines for the email messages that will get your attention. Some will come disguised as important alerts from major companies like Microsoft. Recent viruses will also reply to existing emails in the infected computer. When you receive a message in response to a message you know you sent someone you have no reason to suspect it would be harmful so you are more likely to open it.
Typically, the email itself is not the problem. The Subject Line and the Message Body are worded with the intent and goal of getting you to double-click on the attached file to execute the actual virus. With HTML-based email it is possible to embed the virus directly in the message. Major viruses and worms in the past couple of years like CodeRed and Nimda have exploited this flaw to cause the virus to execute as soon as someone opened the email message, rather than waiting for them to click on the attachment. In 2001 Microsoft released a Security Bulletin, MS01-020, including a patch to protect users from this happening.
As users became educated (although it can be debated what percentage of the users are really educated) about clicking on file attachments the malicious code writers had to change their strategy. It became known that executable files like EXE (Executable), COM (Command), BAT (Batch) and other file types like these would run a program once they were clicked on and that you should not open those types of attachments if you didn’t know who they were from and why.
Being quite clever, the virus writers figured out that they could hide the true file extension to trick the user. Microsoft Windows is set automatically to hide known file extensions. So, extensions like EXE and VBS (Visual Basic Script) don’t show up by default. Even if a user elects to Show Hidden Files and Folders there are some that will not show up.