Foo Off-Topic chit chat with no general subject.

Email question

Old 03-26-09, 12:54 PM
  #1  
keith3speed
enabler
Thread Starter
 
keith3speed's Avatar
 
Join Date: Jun 2008
Location: SEMichigan
Posts: 0

Bikes: peugot 3 speed

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Email question

we all know not to open email attachments from senders we dont know, but can anything bad happen just from opening a email without attachments? My wife just opened an email up without thinking and now she is in a panic. The text said "thanks for that, bye". I tried to reassure her that there was no attachment on this email and since she was running linux from a live CD nothing should be able to touch the hard drive anyway. How else can I assure her everything is ok? Anybody got any comments or email horror stories they want to share?
keith3speed is offline  
Old 03-26-09, 12:56 PM
  #2  
KingTermite 
On my TARDIScycle!
 
KingTermite's Avatar
 
Join Date: Jun 2005
Location: Eastside Seattlite Termite Mound
Posts: 3,925

Bikes: Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 5 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Hopefully email systems are smart enough to prevent it now, but at one time even that could be dangerous because the email could be in HTML format and have some script embedded in the HTML. I know Outlook used to have a setting 'do not run scripts on HTML email' or something like that.
__________________
Originally Posted by coffeecake View Post
- it's pretty well established that Hitler was an *******.
KingTermite is offline  
Old 03-26-09, 04:47 PM
  #3  
wmodavis
Bill
 
Join Date: May 2007
Location: HIGHLANDS RANCH, CO
Posts: 630

Bikes: Specialized Globe Sport, Specialized Stumpjumper FSR Pro

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
If you are running anti-virus software and anti-spyware software and have a good firewall installed, updated and properly setup you'll have some protection against those bad guys out there. That and vigilance on you and your wife's part are the best ways to counteract malware of any sort!
wmodavis is offline  
Old 03-26-09, 07:45 PM
  #4  
iamlucky13
Footballus vita est
 
iamlucky13's Avatar
 
Join Date: Jun 2002
Location: Portland, OR
Posts: 2,118

Bikes: Trek 4500, Kona Dawg

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
She's fine. Plain text can't do anything. There could have been an invisible picture embedded in the email via HTML, which can be used by clever spammers to determine which email addresses are active, but that won't directly compromise your security.

Every now and then, some social reject figures out how to make an exploit that embeds a virus in a picture, but as far as I know, there's no unpatched exploits at the moment, especially not for linux.

As far as horror stories go: One of those jpeg-based exploits was discovered about two months ago in Internet Explorer. I just happened to need to use IE the day it was announced to visit a website that didn't support Firefox, and I hadn't gotten the news about the exploit. Since I already had IE up, I also used it to search for some random info that led me to a somewhat sketch site. I'm guessing an ad on that site was where the infection came from. I was only vulnerable for a couple of hours before I read the news and patched it, and I just happened to use the vulnerable program during that window. I've had the computer for about two years, and that was the first problem I'd had, even though most of the time I didn't even use anti-virus software.

I forget exactly what I got, but it was a pretty deep one. It did browser redirects (my first clue of the problem), key logging, pop-ups, and self-replication. I Ended up having to turn off system restore and run scans in safe mode to get rid of it. AVG got part of it, and Malwarebytes finished it off. Whatever it was, it was one of the better written bugs out there, even though it wasn't as prevalent as the big worms like Sasser and Blaster.
__________________
"The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad
iamlucky13 is offline  
Old 03-26-09, 07:58 PM
  #5  
Caspar_s
Senior Member
 
Caspar_s's Avatar
 
Join Date: Jan 2006
Location: Burlington, ON
Posts: 530

Bikes: Giant Tcx1

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Hell, if she was running a live linux cd, she could have opened a virus and it wouldn't have done anything!

Yeah, if you're running outlook, then maybe an exploit in html or a macro in a doc file, but not plain text.
Caspar_s is offline  
Old 03-26-09, 10:15 PM
  #6  
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Posts: 3,644

Bikes: 2008 Giant OCR1 (with panda bear on the back!)

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Originally Posted by keith3speed View Post
we all know not to open email attachments from senders we dont know, but can anything bad happen just from opening a email without attachments? My wife just opened an email up without thinking and now she is in a panic. The text said "thanks for that, bye". I tried to reassure her that there was no attachment on this email and since she was running linux from a live CD nothing should be able to touch the hard drive anyway. How else can I assure her everything is ok? Anybody got any comments or email horror stories they want to share?
Technically, emails that have malicious images embedded in them can trigger an attack, but a lot of the flaws regarding these have been addressed. Additionally, images do not load by default on most mail clients. Some mails can take advantage of vulnerabilities in certain email programs like Outlook, Outlook Express (most common) and Mozilla Thunderbird by crafting them very specially. These aren't that common, though, and spam/virus filters pick these up very effectively either at the server level or at your computer (provided you have proper protection). Plain text eliminates many of the common attack vectors, but I believe message headers can also take advantage of vulnerabilities in Outlook Express if altered properly. I think there was an exploit patched just recently that affected Exchange mailboxes, where an email with special text could make the system vulnerable to attack.

The latter won't affect you, since you're on Linux and these vulnerabilities are specific to Windows. There are very few Linux trojans out there, but they aren't spread via email (or at least very commonly) and most of them are relatively harmless.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

Last edited by MrCrassic; 03-26-09 at 10:19 PM.
MrCrassic is offline  
Old 03-26-09, 10:16 PM
  #7  
x136 
phony collective progress
 
x136's Avatar
 
Join Date: Sep 2006
Location: San Hoosey
Posts: 2,973

Bikes: http://velospace.org/user/36663

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Email went downhill once it was *******ized with HTML.

Viva text.
__________________
x136 is offline  
Old 03-27-09, 05:54 AM
  #8  
KingTermite 
On my TARDIScycle!
 
KingTermite's Avatar
 
Join Date: Jun 2005
Location: Eastside Seattlite Termite Mound
Posts: 3,925

Bikes: Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 5 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Originally Posted by x136 View Post
email went downhill once it was *******ized with html.

Viva text.
+10000000000
__________________
Originally Posted by coffeecake View Post
- it's pretty well established that Hitler was an *******.
KingTermite is offline  
Old 03-27-09, 05:55 AM
  #9  
KingTermite 
On my TARDIScycle!
 
KingTermite's Avatar
 
Join Date: Jun 2005
Location: Eastside Seattlite Termite Mound
Posts: 3,925

Bikes: Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 5 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Originally Posted by keith3speed View Post
and since she was running linux from a live CD nothing should be able to touch the hard drive anyway.
I missed this part before. No worries if she was running linux on a live cd.
__________________
Originally Posted by coffeecake View Post
- it's pretty well established that Hitler was an *******.
KingTermite is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.