12.1 Introduction

Team-Fly

	Malicious Mobile Code: Virus Protection for Windows By Roger A. Grimes Slots : 1
	Table of Contents
	Chapter 12.  Email Attacks

In the early years of email, the only way to spread MMC was as a file attachment. A user had to open or run the attachment in order to execute the code, and this is still the most popular method. However, email clients are HTML-enabled and MMC doesn't need separate files to spread anymore. Rogue executables, macros, ActiveX objects, malicious scripts, and Trojans can be embedded right within the email itself. If written correctly, the email client executes the code without asking the user 's permission. In the case of the best email clients , if content can display or launch within a browser, it can do the same within an email. And often the browser and email client are integrated. For example, when HTML objects are received in Microsoft Outlook, it uses Internet Explorer's HTML-rendering engine for displaying the content. Configuring security settings in Internet Explorer is liable to affect Microsoft Outlook. More on that later.

In all but the rarest cases, malicious emails have to be opened in order to activate them. Most email viruses arrive from people you know, so you almost have to open it in order to see if it is legitimate or not. By then it could be too late. Unfortunately, there is no easy way to determine whether or not an email is malicious before opening it, unless your antivirus scanner catches it.

The best deterrence is to stop MMC appearing in the first place, and if it does make it past your defenses, prevent it from interacting with the PC.