5

Sometimes, my friends send me e-mails. I know that they don't care that much about computer security (while I care).
I know that they don't know how to create an infected e-mail (no reason for doing this), but I would like to know:

Can they create an infected e-mail by accident?

If their computers are infected with malware, virus, etc., when they write and send the e-mail, or forward another e-mail to me (in my case, it's an receipt of a purchase from a store), is it possible that a malware infected an e-mail before sending it?

Vilican
  • 2,723
  • 8
  • 22
  • 35
Nori-chan
  • 995
  • 2
  • 9
  • 11
  • 2
    Remember too that the infection itself may be creating the spam emails - they may not even know it was being done. – Scott C Wilson Oct 08 '15 at 16:34
  • @ScottWilson In my case, luckily, they just forwarded the e-mail that they received when they bought something from a trusted store (yes, the e-mail was from the store itself). – Nori-chan Oct 09 '15 at 02:42

2 Answers2

6

Before answering your questions, let me summarize "3 Top Ways People Get Infected by An Email Virus" by Tina Sieber. In general there were three common things related to email infection/the methods which the user might get infected, which might fall into infected email's prey under these circumstances:

  1. A Virus As An Hoax

    First rule of thumb: never trust hoax emails and don't forward unless it's genuine,teach your friends regarding it, here is a good resource to get informed about email hoaxes and hopefully verify the credibility of an email you have received.

  2. A Virus In An Email Attachment

    The most common part of email viruses was spreading through attachment,

    Attachments that contain viruses are either executable programs (file types: .com, .exe, .vbs, .zip, .scr, .dll, .pif, .js) or macro viruses (file types: .doc, .dot, .xls, .xlt). The safest way to avoid them is to not open email attachments.

    If you were using a secure email provider like gmail or zimbra it will alert you and ensure online scanner was present at the time of downloading, else never consider to open the file without scanning.

    One of the common mistakes people do is editing rich text word file without scanning it, beware it might be injected with exploits.

  3. A Virus In The Email Body

    Malicious content can be found in the body of an email - beware it doesn't contain a vulnerable email body.

  4. Will the infected victim transmit the virus through email?

    The answer might vary based on operating system and the mail client the infected victim yes,there were more possibilities to get infected, Several email clients have built in scanners and avoid it but some of the more outdated scanners allow them to upload with malware.

As for your example; consider the shopping bill with injected malicious code, obviously a PDF can be injected with a malware - take a look at how they inject into it.

Second thing if a spam email is forwarded - here's is an article discussing how spam emails can infect you. Here's a quote from "Spam: Unsolicited email messages" by Panda Security:

Spammers try to obtain as many valid email addresses as possible, i.e. actually used by users. They use different techniques for this, some of which are highly sophisticated:

Mail lists: the spammer looks in the mail list and notes down the addresses of the other members.
Purchasing user databases from individuals or companies: although this type of activity is illegal, it is actually carried out in

practice and there is a black market. Use of robots (automatic programs) that scour the Internet looking for addresses in web pages, newsgroups, weblogs, etc. DHA (Directory Harvest Attack) techniques: the spammer generates email addresses belonging to a specific domain and sends messages to them. The domain mail server will respond with an error to those addresses that do not actually exist, so the spammer can discover which addresses generated are valid. The addresses can be compiled using a dictionary or through brute force, i.e. by trying all possible character combinations.

Consequently, all email users are at risk from these types of attacks. Any address published on the Internet (used in forums, newsgroups or on any website) is more likely to be a spam victim.

Techniques used.

Spammers use numerous techniques to produce messages capable of by-passing all types of mail filters. Some of the tricks used to obscure the message’s HTML code are looked at below:

Division of message subject line using bogus line breaks:

Subject: =?utf-8?q?Identical drugs -- l?=
=?utf-8?q?ittle monetary valu?=
=?utf-8?q?e!?=
Use of null characters (Quoted-Printable type encoding):   =00H=00T=00M=00L=00>=00<=00H=00E=00A=00D=00>=00=0D=00=0A=00<=00M=00E=00=
        T=00A=00 =00h=00t=00t=00p=00-=00e=00q=00u=00i=00v=00=3D=00C=00o=00n=00=
        t=00e=00n=00t=00-=00T=00y=00p=00e=00 =00c=00o=00n=00t=00e=00n=00t=00=3D=
        =00"=00t=00e=00x=00t=00/=00h=00t=00m=00l=00;=00 =00c=00h=00a=00r=00s=00=
   =00t=00=3D=00u=00n=00i=00c=00o=00d=00e=00"=00>=00=0D=00=0A=00<=00M=00=
        E=00T=00A=00 =00c=00o=00n=00t=00e=00n=00t=00=3D=00"=00M=00S=00H=00T=00=
        M=00L=00 =006=00.=000=000=00.=002=008=000=000=00.=001=004=000=000=00"=00=
        =00n=00a=00m=00e=00=3D=00G=00E=00N=00E=00R=00A=00T=00O=00R=00>=00<=00=
        /=00H=00E=00A=00D=00>=00=0D=00=0A=00<=00B=00O=00D=00Y=00>

Interchanging letters in the words used. The message is still legible to the recipient, but the filters do not recognize the words used:

I finlaly was able to lsoe the wieght I have been sturggling to
lose for years! And I couldn't bileeve how simple it was! Amizang
pacth makes you shed the ponuds! It's Guanarteed to work or your
menoy back!
Inverting text using the Unicode right-to-left override, expressed as HTML entities (? y ?):

Your B‮na‬k C‮dra‬ Link‮ni‬g

(Your Bank Card Linking) Encapsulating a tag with an HREF tag, so that a legitimate URL appears instead of a malicious one.

 <A HREF="<URL_LEGÍTIMA>">
    <map name="FPMap0">
    <area coords="0, 0, 623, 349" shape="rect" href="<URL_MALICIOSA>">
    </map>
    <img SRC="<img_url>" border="0" usemap="#FPMap0">
    </A>
Use of ASCII characters to “design” the message content:

enter image description here

Although some of the techniques used have now been mentioned, there are many more, such as the use of incorrect HTML tags, URL encoding, the use of HTML entities to conceal certain letters, the use of invisible ink, etc.

Other types of techniques are based on including the spam message as an attached file in a valid message or the use of CSS (Cascading Style Sheets) in spam messages to conceal certain words or parts of the message.

Methods used for spam distribution are as follows:

Vulnerable or poorly configured mail servers (Open Relay) which allow any user to send messages without checking their sender (which

will normally be spoofed). Computers affected by malware: certain types of malware facilitate the sending of spam through affected computers, such as the installation of proxy. servers. It is even possible to rent botnets, real computer networks affected by bots (hybrids of worms, Trojans y backdoors).

So in summary:

  • Infected email can be transmitted by accident
  • Through shopping bills, documents the medium might vary, but beware there might be backdoor in it

How can I prevent it?

  • Never Underestimate any file, don't allow any email attachment to execute without scanning
  • Use email client with a virus scanner or with virus scanner integration with your existing solution
  • Keep scanners up to date
  • If possible educate your friends about dos and don'ts
  • Never trust offers, hoax unless it's official sources

The basic rule for attacker is to trick you and steal your stuff, don't give fall for it.

BlueBerry - Vignesh4303
  • 5,097
  • 13
  • 34
  • 63
  • 1
    [Plagiarism](http://meta.stackexchange.com/help/referencing) is [not cool](http://meta.stackexchange.com/a/134715). – Gilles 'SO- stop being evil' Oct 08 '15 at 17:16
  • 2
    @Gilles i agree with its plagrised content but i refered whatever the sources which they provided friend,since sometimes linkonly answers wont turn as valid – BlueBerry - Vignesh4303 Oct 09 '15 at 04:07
  • 2
    @BlueBerry-Vignesh4303 basically when you do that you also need to blockquote the text you've copied, to make it really obvious it's just copied and pasted – kalina Oct 09 '15 at 07:44
  • 1
    @BlueBerry-Vignesh4303 Forgot to say that what my friend sent to me wasn't a spam, just forwarded the same e-mail that he received when he bought something from a trusted store (so, the e-mail is from a trusted store). Is there any chance of the e-mail get infected before forwarding it to me? – Nori-chan Oct 09 '15 at 15:30
  • @Nori-chan IMHO yes. I know nothing about computer security. Once my skype client send a message to all may (work) contacts. Half of them asked `what is this`, the other half asked `why are you sending me gay porn`. All of them are embedded linux developers. – Vorac Jun 29 '20 at 15:30
2

Yes, this is possible.

There is malware in the wild which searches for the mail contacts of the user and sends itself to all of them. This can be a quite effective propagation vector for malware, because users and spam filters usually trust mails from people they already had contact with.

A good example for this is the ILOVEYOU Virus which created quite a lot of mayhem back in 2000.

Philipp
  • 49,017
  • 8
  • 127
  • 158