Part 1. Hazards of email attachments -- overview
Cardinal rule: "Never open an email attachment on the
first date." -- Fred Langa.
- Be suspicious of any attachment you were not expecting -- even though it's from someone you know.
- Be doubly suspicious of attachments that
have been forwarded to you -- even by someone you know.
- Be paranoid about attachments from anyone you don't know.
In the 1st case, a virus could have sent
the attachment. It would have "spoofed"
the "From" address with your friend's
email address. You clearly have no idea about
where the file originally came from in the
2nd case. And it's easy to see there's at
least a slightly ulterior motive, if not
a downright nasty one, in the 3rd case.
Attachments, and the messages that carry
them, get more diabolical all the time. It
seems to be a game to find new ways to fool
people. Even seasoned computer users get
taken in, or have clicked the mouse when
they didn't intend to. There are even ways
to include hostile code in digital music,
images or videos.
Most malicious payloads are delivered as attachments. They've have
more "success" than all other attack
vectors combined. If you never, ever opened
an email attachment, they wouldn't be a hazard
to you at all. But that's not the real world.
Sooner or later you're going to want to open
one. That's when you need the page on handling attachments safely.
1. A reasonable sounding message makes an
urgent offer to scan your computer for the
latest worm in the news. When you open the
attachment, the first thing it actually does
is disable your antivirus program and firewall.
Then it installs the worm it claimed to be
scanning for. Finally it reports that your
computer is free of the worm. Now the worm
uses your computer to send the same bogus
message to more victims. Nice!
2. Your friend emails you a cute attachment
with the file name "kitty.exe".
In their message, they tell you they've tried
it themselves, it's really cute, and it's
"OK to open". You check with your
friend, and yes indeed, he or she did send
it, and they assure you "it doesn't
have a virus." Trouble is, it contains
a delayed action Trojan-horse along with the cute kitty. When you open
it, the kitty does something cute, but the
Trojan is all installed on your computer.
You and your friend will not find out about
the Trojan until later, if ever.
3. An email arrives that appears to come from Microsoft. The Microsoft heading and
icons are genuine. The message contains a
sincere and urgent plea for you to patch
your copy of Windows immediately. The file
to install the patch with is conveniently
attached. Trouble is, when you open the attachment,
it terminates your antivirus program and
firewall, and then does other things so that
you can't remove it. Next it asks you to
enter your email username and password. Guess
what the perpetrator does with this information
after you click "Submit". Microsoft provides a guideline for determining if a message "from"
them is genuine.
4. Attackers often disguise malicious attachments
by using double extensions, for example,
"message.txt.lnk" or "picture.gif.vbe". Unless you've changed your Windows configuration though, *.lnk, *.vbe and several other extensions
are always hidden. The file names that you
see are just "message.txt" or "picture.gif". Those files -- *.txt and *.gif files
-- seem safe enough. Windows knows they are
*.lnk or *.vbe files though, not text or
picture files at all. When you "open"
them though, Windows blindly does exactly
what the attacker had in mind, and the damage
5. Demonstration: It's only a myth that non-executable files are always
safe. It's easy to hide malicious content
in music or video files. Download and run
example.mp3 to see a convincing but perfectly safe demonstration
of this. (*.mp3 is a popular music file format.)
That is... if you trust me. Nothing dramatic
happens, but there's more going on than just
the music, eh? You'll need to have Windows Media Player installed, and be online to see the results. This is just an example. I'm sure there's
a lot of brigands and bandits figuring out
how to plant hostile content in more file
What's a person to do?
Now that I've convinced you that opening
attachments is dangerous sport, what can
you do about the ones you decide you really
want to open? Go on to the next page to find out.