An email virus consists of malicious code that is distributed in email messages, and it can be activated when a user clicks on a link in an email message, opens an email attachment or interacts in some other way with the infected email message.
Viruses and other malware distributed by Email can wreak all kinds of havoc, including the following:
- the distribution and execution of ransomware attacks;
- enlisting the victim system into a botnet;
- crashing victim systems;
- providing remote access to victims' devices;
- theft of personal data or destruction of files on the victim storage media;
- creating unwanted pop-ups; and
- adding the victim system to a malvertisement
Email viruses often spread by causing the attachment or malicious message to be sent to everyone in the victim's address book.
Email viruses can be packaged and presented in a variety of different ways. Some can easily be spotted as malicious by virtue of subject lines that don't make sense, suspicious sender or other header fields and body content that looks off in some way. Other email messages containing malware can be more difficult for recipients to identify, as they reflect considerable effort by the malicious actor to make the email message appear to be sent from a trusted and known sender. This is particularly true for phishing attacks carried out to further business email compromise attacks.
Email viruses are often connected with phishing attacks in which hackers send out malicious email messages that look as if they are originated from legitimate sources, including the victim's bank, social media, internet search sites or even friends and co-workers. The attacker's goal, in these cases, is to trick users into revealing personal information, such as the victim's usernames, full names and addresses, passwords, Social Security numbers or payment card numbers.
Spam and malware-filled email messages are still considered to be one of the most effective means of social engineering used by hackers to spread and infect users with viruses and to attack the networks of their victims' companies.
Types of email viruses
Email viruses can take many different forms, and malicious actors work tirelessly to improve their malicious email messages and methods for email hacking, as well as the accompanying malware.
Email spam, also known as unwanted or unsolicited email, usually spreads malware through links in the message that lead to phishing websites or other sites hosting malware.
Virus hoax email messages, which contain a false warning about a nonexistent threat, are considered a form of socially engineered email virus or worm. Virus hoax messages may instruct the recipient to take some action, including forwarding the warning to all of their contacts. One variant of the virus hoax email builds on the tech support phone scam, in which a malicious actor attempts to engage the victim to defraud the victim.
Macro viruses are viruses written in a macro language used by other software programs, especially Microsoft Excel and Microsoft Word macros. Macro malware is transmitted through phishing email messages that contain malicious attachments, which contain the malicious macros.
Spambot programs are programs designed to harvest email addresses to build mailing lists for sending spam. While spambot programs are not usually distributed through email, they are instrumental in gathering valid email addresses to be used for the distribution of email viruses.
Examples of email viruses
Before always-on, broadband internet access was widely available, malicious actors depended on email to distribute their malware. While email viruses are still a common threat, they have been surpassed as a mass threat.
Melissa was one of the most notorious early email viruses. A fast-spreading macro virus, Melissa was distributed as an email attachment that disabled a number of safeguards in Word 97 or Word 2000 when it was opened by the victim. If the Microsoft Outlook email program was installed on a targeted system, Melissa re-sent the virus to the first 50 people in each of the victim's address books. Melissa was released into the wild in March 1999.
The fast-spreading ILOVEYOU virus surfaced on May 4, 2000, when it shut down email services in major enterprises, including the Ford Motor Company. The email virus carried the "I LOVE YOU" in the subject header, and it was estimated to have reached as many as 45 million users in one day.
The MyDoom email worm, released in January 2004, was the fastest-spreading email-based worm ever. MyDoom hit tech companies, including Microsoft and Google, with a distributed denial-of-service attack. Additionally, MyDoom spammed junk mail through infected computers, with text reading, "andy; I'm just doing my job, nothing personal, sorry." In 2004 it was estimated that 16% to 25% of all email messages had been infected by MyDoom.
The Storm Worm Trojan horse malware began spreading in January 2007 in email messages that exploited concern about European storms. The attackers initially spammed out hundreds of thousands of email messages, with a subject line reading, "230 dead as storm batters Europe." The malware infected the computers of users who opened the malicious attachment included with the email.
CryptoLocker ransomware, released in September 2013, was spread via email attachments. The ransomware encrypted victims' files. The attackers would send decryption keys to their victims in exchange for a sum of money. The primary means of infection was via phishing email messages containing malicious attachments.
To prevent an email virus from infecting your client device or network, consider the following steps:
- Keep the mail client, web browser and operating system updated and patched.
- Use antivirus software.
- Don't open potentially dangerous attachments, such as PDF files, that have been included in email messages from unknown senders.
- Scan all attachments for malware.
- Don't click on links in email messages, and be careful of phishing email messages that appear to be from legitimate sources.
- Avoid opening any executable files included as email attachments. Attackers may try to disguise these files by naming them with two extensions, such as image.gif.exe, but .exe is the sign of an executable that will run automatically.
Prevention of email viruses is always preferable to removing them from infected systems. Using some sort of antivirus scanner, whether implemented in an enterprise firewall or in endpoint antivirus software, is always recommended.