There seems to be a run on e-mail induced malware lately. I'm concerned that not everyone understands why that is and more importantly how it happens. Let's see if we can fix that.
On many occasions, I mentioned that Web sites with embedded drive-by droppers were the malware-distribution method of choice. I may have been wrong in that assessment. It seems that e-mail as a malware delivery vehicle is getting a second wind.Sidebar
I'm sure most of you are well aware of the following information, since you are taking the time to read a blog post about IT Security. Yet there are all sorts of people who aren't and if I may say there's precious little information available to clearly explain it to them.
That's my goal for this article. I have also prepared a PowerPoint presentation with the same information. Hopefully it will help stem the growing tide of computers infected from e-mail links or attachments. Also if you feel that I've missed something or need to explain it better, please let me know. I'd like this to be as clear and concise as possible.E-mail and malware
E-mail attachments and links are popular methods for bad guys to install malware on computers. So it's important to understand what to do when you get an e-mail that has an attachment or link in the e-mail message body.E-mail attachments
E-mail attachments are files that accompany e-mail messages. Attachments can be one of two things:
- The actual file or document designated in the e-mail.
- A copy of the expected attachment that has malware embedded in it.
E-mail links are the underlined phrases in e-mail messages that simplify going to a specified Web site. Clicking on a link can cause one of three things to happen:
- The link opens the correct Web page referred to in the email.
- The link activates a malware program embedded in the e-mail message.
- The link is spoofed. It opens a Web page similar to the correct page, but with malware embedded in it.
E-mail malware requires user intervention to get started. It's that simple. The bad guys will try any method possible to entice you to open an attachment or click on a link. One of their favorite tricks is to pretend that the e-mail is from someone you know. That way you have no reason to be suspicious.Spread to other computers
Once installed, the malware will immediately try to infect other computers by sending out e-mail messages with the same infected attachment to all the e-mail addresses it found on the newly-infected computer.
Those recipients will more than likely open the e-mail attachment as well, because it appears to be from someone they know. So it's not hard to see that this process will quickly overrun every computer on the network.Outside contacts
This type of malware doesn't care whether it's sending the infected e-mail or e-mail attachment to another employee or an outside contact. I don't think I have to mention how detrimental it would be if a client's computer became infected after opening an attachment from you.Not practical
That all makes sense, but what about all the e-mail messages containing attachments and/or links that are pertinent to the business. They can't just be deleted, so what other options are there?Attachment work around
It's not convenient to do, but to be safe it's advisable to contact the party that sent the attachment and make sure they did intentionally send it to you. If that person's computer is infected, there's a good chance that they didn't even realize you received an e-mail message from them.Active-link workaround
The bad guys are hoping that you will automatically click on e-mail links. Don't oblige them; use the following steps to prevent malware from being installed on your computer:
- Make sure the link makes sense and isn't misspelled.
- Copy and paste the link address into the Web browser instead of clicking on it.
- Don't use the link and go to the Web site on your own accord (preferred method).
The best way to avoid having your computer become a victim of malware sent by e-mail is to be cautious, alert to anything that's out of the ordinary, and follow as many of the above suggestions as possible.