Q

How a virus is executed from Outlook's preview pane

How exactly does a virus execute itself just from previewing in Outlook Express? Does turning off the preview pane

prevent this, and would this mean that you would have to delete it before you previewed it?

In the past month, I've received two e-mails that tripped my antivirus software wires. The message I got (I didn't write it down) was confusing. It said it found a virus and couldn't do anything about it. The e-mails contained attachments that I never opened, and I just deleted the e-mails. I also received two e-mails that were definitely viruses (I got a game for you and cool flash), and my antivirus did not detect. However, I just deleted them.

I am still up and running, no trigger event, do you think I could be infected?

I'll include links to the details as provided by Microsoft concerning this sort of vulnerability. I'm sure you'll understand if I don't tell you how the actual virus code works.

In an nutshell, when an e-mail that has been sent in HTML format is opened by Outlook Express, the Internet Explorer program is invoked to display the e-mail message properly in the mail client. Internet Explorer first examines the e-mail to determine the type of attachment. If the attachment is a normal non-executable file, IE will automatically render it in all its HTML graphical glory.

A virus can edit the e-mail's attachment information, tricking Internet Explorer into automatically executing the e-mail attachment if it was an executable file, by altering the MIME headers to make it appear that the attachment is not in fact an executable file.

Suffice to say that you should patch your copy of Outlook Express to remove this vulnerability from your system. Until you do so, your system is in a less secure state.

Get Microsoft info about a patch here.

More on this topic

 

This was first published in June 2002

Dig deeper on Email Security Guidelines, Encryption and Appliances

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close