12.4 Detecting Email Attacks

Team-Fly

	Malicious Mobile Code: Virus Protection for Windows By Roger A. Grimes Slots : 1
	Table of Contents
	Chapter 12.  Email Attacks

Most people notice an email worm or virus because of the simultaneous appearance of the same message from multiple sources all at once. This is what is noticed after the email attack has successfully infiltrated a company and its email server. Assuming your antivirus scanner did not detect something malicious, the following steps might alert you to the presence of MMC before it has been activated.

Beware of unexpected email with unusual content

Unexpected arrival of an email with unusual content should be highly suspicious. In many cases, it is not that the content itself is suspicious, but rather it is inappropriate coming from the person who sent it. For example, receiving an email promising free pornography passwords if the attached link or file is run from somebody who has never sent you an informal email should raise some flags. Another example is a Microsoft Word document or an Microsoft Excel spreadsheet arriving from someone who does not typically send attached files. If an email arrives claiming to be sending material you were expecting, but you were not expecting it, don't open it.

Beware of emails with attached script files

The most popular malicious emails today arrive with file attachments containing Visual Basic or JavaScript scripting. It is probably unusual for somebody who is not a programmer to send programming files as an attachment.

Beware of emails from unknown senders

I never open emails from people I don't know. For example, the Hybris virus arrives from somebody named HaHa. Of course, most email viruses arrive from people you do know, so this is not as reliable as the first two steps.

If an email meets any of the above criteria, it should not be opened. If the sender is identifiable, call them to verify that they sent it. Otherwise, delete the email.