Ask Leo!

Can I really catch an email virus just by looking?

Home » EMail » Using Email

Summary: It used to be possible that simply viewing a malformed email could allow a virus to spread, but that's no longer the case with modern mail programs.

Can I really catch an email virus just by looking?

Email virus problems get worse each week. A new email virus seems to appear every day, and they're getting smarter. And each is an opportunity for even more people to become infected.

In the past, asking if you could catch an email virus just by reading your Email would get laughs from the techie geeks in the crowd. "Of course not!" they would giggle.

Then came Outlook. All of a sudden you didn't even have to read your email to get infected. And the geeks stopped giggling.

The techie geeks are right once again. If you do the right things, you cannot get a virus just by reading your email. And the "right things" aren't that difficult.

The problem arose when HTML formatted email became popular. If you've ever visited a visited a website that had a game or some other form of interactive page, chances are you actually downloaded a program from that website to run on your machine. Current web technologies blur the line between web pages that just have pictures and text and web pages that can actually do something.

When email is sent in HTML format all those constructs that work on web pages could be included. And that means that all of a sudden your email could do something as well.

Then came the preview pane. This is a window that displays the currently selected message without you actually having to "open" it. If your inbox is empty and a new message arrives it is then displayed. It could do something even if you weren't around to open the message.

Email had become a viral breeding ground and you didn't even have to be there to witness it.

Fortunately, these issues became very evident very fast. Security settings were added to new versions of Outlook and patches were issues for the older versions. Even so, it took a few tries to get it right and each new version of Outlook has become a little more secure than the previous.

The bottom line for the average user is this: Plain text email cannot infect you just by looking at it. HTML Mail will not infect you just by looking at it if you are running a current version of Outlook or Outlook Express, and keep any version of the two up to date with the latest patches.

Pretty simple, really.

Let's review some of the rules for safe email:

  • Keep your versions of Windows, Outlook and Outlook Express up to date with the latest patches.

  • Keep your system clean of Viruses and Spyware by running the appropriate Anti-Virus checkers and Spyware checkers on a regular basis. Keep those up to date too.

  • Never open an attachment unless you're positive you know what it is and that you trust the sender.

  • Never click on a link in an email message unless you're positive you know where it's going and that you trust the sender.

  • Don't believe everything you read in email. PayPal and Citibank and whomever else will not be asking you to verify your account by email - it's probably just a scam to get your credit card number.

Related:

Article 189 | Posted April 28, 2004

Recent Comments

Dear Leo,
I have today received two virus-bearing e-mails, whose address is nearly the same as a newsgroup I subscribe to. I have blocked it and found the router information. I seem to have the e-mail address here of the person who started the chain of events. What do I do now?

Posted by: grimm at October 30, 2004 01:32 PM

In general in these situations I do nothing. Depending on how certain you are about knowing where the virus started, you might contact them and let them know they're infected, but viruses are so good at mucking up email headers that I no longer trust that information. Best advice: make sure you're protected, delete the viruses and go on.

Posted by: Leo at October 30, 2004 11:02 PM

okay, 1) so how's clicking on an url inside an email potentially destructive? Could that single "click" have been disguised as a "run" click which ensuingly activates a script or a virus of some sorts?

2) Can WORD/EXCEL/PPT files be infected with viruses?

Posted by: Hayder at March 28, 2005 06:25 PM

1) It's very easy to make a URL *look* like it's going to one place, when in fact it's going somewhere else. Case in point: all the eBay, Paypal and bank "account verification" phishing scams.

2) Absolutely. They all support a very powerful macro/scripting language that can be used. It's one of the reasons that current version of Office applications include various security measure that typically will disable, or at least ask, before opening a document that contains macros.

Posted by: Leo at March 28, 2005 06:31 PM

Leo,
I have a question related to contracting something just by opening an email. Is it true that you should not use the preview functionality because it opens an email and tells spammers you are a valid recipient?
Thanks

Posted by: Aneta at July 22, 2006 11:29 AM

Post a comment on "Can I really catch an email virus just by looking?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

New!

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Please wait. Your comment is being processed ...


Ask Your Question:


ask-leo.com
Web

Stay Informed

Weekly Newsletter

Archives

By Category
By Date

Advertisers

Advertise on Ask Leo!

««   »»

Question? - Ask Leo!
Who is Leo?
Link to Leo!

Terms, Conditions & Privacy