By Tuan Nguyen
Posting in Technology
Trojans known as "drive-by emails" can invade computers without having to open an attachment, download a file or click on a link.
There was once a time when having enough common sense to not download files from suspicious sources was enough to avoid getting infected by a computer virus.
That all changed when a newer generation of malware known as "drive by downloads" were unleashed, capable of sneaking into hard drives whenever users visited a malicious site and essentially making anti-virus software something of a day-to-day requirement. Now a recently discovered class of viruses poses a similar threat to perhaps the last bastion of secure cyberspace.
They're called "drive-by emails," and like "drive-by downloads" they infect machines without having to open an attachment, download a file or click on a link. Simply opening an e-mail to read it is enough of a gateway for Trojans and other nasties to invade. The malware is even stealth enough to avoid virus scanners so users won't receive any warning and the only indication that something out of the ordinary is happening is a message that appears as "Loading…Please wait…"
- Related: Why you might be vulnerable to hackers (but don’t know it)
- Related: How to create an easy-to-remember, ultra-secure password
The firm has provided a screenshot of what the current wave of virus-carrying spam messages looks like, with the subject heading "Banking security update“ and a sender address with the domain fdic.com, a US-based insurance company.
For now, make sure that your e-mail account is comprehensively protected against spam and malware and that all spam and malware filters are updated. And obviously, hold off on opening any e-mails in which you don't know the sender.
Whereas we've all been advised to be cautious, rule of thumb nowadays is to use extreme caution.
Learn more about internet security on SmartPlanet:
- How phone hacking works (and other lessons from the News Corp. scandal)
- Dramatic video: hacker vs. computer
- Infographic: How Stuxnet supervirus works
- Want to get hired? Please provide your Facebook password
Hacking in the News:
- New software may end internet censorship once and for all
- Virus attacks military drones, exposes vulnerabilities
- Anonymous hacktivists add Stuxnet code to their arsenal
- The voter fraud threat that no one's talking about
Feb 2, 2012
Viruses are common problem in computers as well as malwares, etc. We should be very cautious in downloading a files. Thank you to this alert! - http://www.appliedergonomics.com/
This is overwhelmingly scarey for some of us who are self taught the computer. Maybe I should monitor a middleschool class or something. I haven't used Pay Pal for awhile, I always got phised. I'd call my son the geek and ask him what to do. Is this worse than whst it was? Thanks for writing this post. Atad over my my head to digest in one sitting. Malika Bourne
Ok, now that PayPal has made email statements MANDATORY or they suspend your account as of this month, how do we know it's really from PayPal without opening it first? Their new policy says that when they send email, it constitutes a legally binding contract. They recommend you log in to PayPal directly, not by email link, if you're nervous. But if merely OPENING an email exposes you, then what? Stop using PayPal, I guess? Hard, since they have monopolized eBay.
Seriously, it's this possibility that resulted in me disabling the preview pane in Outlook Express back in my Windows 98 days. A security reminder is nice and appropriate, making it sound like you found some new thing is NOT.
But seriously, this is old news. If your system is regularly patched, you use filtering, and do not open anything that comes from sources unknown or is otherwise suspicious, you're odds of infection are relatively low.
Hi Tuan, I really enjoy your posts. I'm on a Mac, and imagine they're immune to this exploit, which I imagine takes advantage of Windows XP...but was wondering if you would provide more details so that I can properly protect my data. Thanks, Zachary
its a good idea not to set the email program to automatically do a preview of the message when you click on the header on the list in the inbox. also, what has worked for me is to have multiple email accounts, each tied to a particular service, ie bank accounts, credit cards, utilities, etc... now a days, there is no limit as to how many email accounts people can have. so why not take advantage of it and set up a system. in my system, if i see an email header in my hotmail inbox that looks like it pertains to the bank, but i had actually set up my bank account with an email address via my isp email account, then its easy to see that the message in the hotmail can be unquestionably deleted.
If you use POP E-mail, just open the item in the "Message source" view, available in one way or another in nearly all POP E-mail programs. The item is then opened in Notepad, which displays text only and cannot execute any embedded malware. You can also read the full header, this way. If you use Webmail, check with your service provider to see if they filter such stuff or provide a "view source" mode. This is old, but sound advice, stuff every techie ought to know.