How exactly does a virus execute itself just from previewing in Outlook Express? Does turning off the preview pane prevent this, and would this mean that you would have to delete it before you previewed it?In the past month, I've received two e-mails that tripped my antivirus software wires. The message I got (I didn't write it down) was confusing. It said it found a virus and couldn't do anything about it. The e-mails contained attachments that I never opened, and I just deleted the e-mails. I also received two e-mails that were definitely viruses (I got a game for you and cool flash), and my antivirus did not detect. However, I just deleted them.
I am still up and running, no trigger event, do you think I could be infected?
I'll include links to the details as provided by Microsoft concerning this sort of vulnerability. I'm sure you'll understand if I don't tell you how the actual virus code works.
In an nutshell, when an e-mail that has been sent in HTML format is opened by Outlook Express, the Internet Explorer program is invoked to display the e-mail message properly in the mail client. Internet Explorer first examines the e-mail to determine the type of attachment. If the attachment is a normal non-executable file, IE will automatically render it in all its HTML graphical glory.
A virus can edit the e-mail's attachment information, tricking Internet Explorer into automatically executing the e-mail attachment if it was an executable file, by altering the MIME headers to make it appear that the attachment is not in fact an executable file.
Suffice to say that you should patch your copy of Outlook Express to remove this vulnerability from your system. Until you do so, your system is in a less secure state.
Get Microsoft info about a patch here.
For more information on this topic, visit these other SearchSecurity resources:
Ask the Expert: Whether or not to use Outlook's preview pane
Tech Tip: Preview "pain"
This was first published in June 2002