Email vulnerability

Article:TECH79133  |  Created: 2001-01-24  |  Updated: 2013-10-24  |  Article URL http://www.symantec.com/docs/TECH79133
Article Type
Technical Solution


Issue



You want to know what is meant by the term "email vulnerability."


Solution



Email is one of the most common forms of communication between people today. Email has quickly become the method of choice to spread infections. Unfortunately, the old adage of "only open email from people you know" no longer applies, as some viruses, such as MTX, will send their emails using the users name to foster a sense of trust by the recipient. Knowledge is the first step to being an informed email users. The following are some of the more common methods used by a virus to transmit itself through email.

Attacks by Attachments:
The use of multiple extensions is common. A file named Budget.xls.pif is a program, not an Excel document. The last extension determines the file type, and how Windows will treat the file.

Unless you are positive that the file can be trusted, do not run files with the following extensions:
Common:
.bat - Batch File
.com - Executable (Program)
.doc - Word Document (Macro Viruses)
.eml - email archive, auto-executing (Likely not visible)
.exe - Executable (Program)
.hta - HTML (May not be visible)
.js - Java Script
.ppt - PowerPoint Document (Macro Viruses)
.shs - MS Scrap File (May not be visible)
.vbs - Visual Basic Script
.vbe - Visual Basic Script
.wsh - Windows Script
.xl? - Excel Document (Macro Viruses)


Uncommon (but no less dangerous):
.386, .acm, .acv, .adt, .ax, .bin, .btm, .cla, .cpl, .csc, .csh, .dll, .dot, .drv, .hlp, .htm, .htt, .inf, .ini, .jse, .jtd, .mdb, .mp?, .mso, .obd, .obt, .ocx, .ov?, .pif, .pl, .pm, .pot, .pps, .prc, .rar, .rtf, .scr, .sh, .shb, .smm, .sys, .vsd, .vss, .vst, .vxd, .wsf, .xl?

Embedded Code Attacks:
Embedded code attacks are "invisible," since there is no attachment to run. The malicious code is built into the email itself or inserted as a signature. You can protect against such attacks by doing the following:
  • Be sure to use the latest version of your Norton AntiVirus product.
  • If you are running Norton AntiVirus for Exchange, Notes, Firewalls, or Gateways, then be sure to scan all file types.
  • Consider disabling preview windows, as these types of malicious code will execute if previewed. If preview is on, then simply clicking on a suspicious message could infect your system before you can delete it.

For information on the latest threats please visit the Symantec Security Response Web site at the following Internet address:

http://www.symantec.com/avcenter/

Extras for Administrators:
  • Consider having your email servers strip these attachment types if possible. See your email server's documentation for information.
  • Consider disabling or uninstalling the Windows Scripting Host.
  • Verify that all OS, email client/server patches, and security updates have been applied.
  • Create a procedure for reacting to a suspected infection. It is recommended that you include disconnecting infected systems from the network.

Keeping your virus definitions current is only one part of protecting yourself from a virus attack.





Legacy ID



2001072409175754


Article URL http://www.symantec.com/docs/TECH79133


Terms of use for this information are found in Legal Notices