Stanford University School of Earth Science
 
Home
News
New Users
Policies
Email
   Service Ends 11/1/07
   Who Gets Email?
   Switching Email
   Already Forwarding?
   New Accounts
   Closed Accounts
   Group Accounts
   Special Aliases
   Transferring Email
   Address Updating
   Table of Forwarding
   Pine @stanford.edu
   Messages to All
Web Hosting
Get Help
Net Connections
Macintosh
Windows PC
Unix/Linux System
Pangea Server
School Resources
Using Unix

Examples of destructive email viruses in Outlook

During the summer of 2000, a bug was discovered in Outlook that lets an email virus run as soon as it is downloaded from the server, even before you open the message. The potential destructiveness of such viruses is immense.

In another example, the recent "nimda" worm in the summer of 2001 exploited the connection between Internet Explorer and Outlook. If you used Internet Explorer to open a web page on a server infected with Nimda, a javascript embedded in that page would instruct Outlook to download the virus and infect your computer in the "background", where you would not see it happening.

In February 2003, a new vulnerability was discovered in Outlook Express that lets a hacker trick anti-virus filtering programs into thinking a virus attachment is a simple picture by using a carefully constructed email header. A user might open that attachment - and infect his computer - because his anti-virus program said it was OK.

Another email virus targeted at Outlook and Outlook Express (the bugbear virus) was so virulent in June 2003, that the Stanford email system had to shut down for an entire day to prevent its spread! This virus exploited a new bug in Internet Explorer, whose code is used by Outlook to render html mail, and infected a user's computer automatically when the mail was received without the user even noticing.

Microsoft announced a patch in April 2004 for another bug in Outlook Express, in which malformed MHTML commands can allow a hacker program to run. This code could be in an email attachment or on a malicious web site browsed with Internet Explorer (which passes the MHTML code to Outlook Express to be processed).

Although these particular bugs have been addressed by patches from Microsoft (only effective if you have loaded the patches), others appear quite often.

Not to belabor the point, these kinds of serious security bugs have been found and exploited only in Outlook and Outlook Express, not in other email programs such as Eudora Pro or Unix based programs like pine. For this reason, use of Outlook and Outlook Express is strongly discouraged in Earth Sciences, as it greatly increases the risk that your PC will be hacked.

 


Comments?

Stanford University    |