0

I have heard several people say that you shouldn't even open e-mails that look suspicious, as you might be infected by a virus of some kind. Is there any validity to this? I suppose that some e-mails show a web page, which could be infected, but I don't think most e-mail clients would allow the page to run scripts, would they?

KnightOfNi
  • 2,277
  • 3
  • 20
  • 23
  • 2
    Short answer to title question: "Yes". I'm pretty sure it's been addressed around here somewhere, too. Search bar's up top. – Iszi Dec 17 '13 at 21:07
  • @Iszi After a few minutes of searching I have not found anything. Nothing relevant popped up while I was writing the question either, which is usually very reliable. Anyway, could you go into a bit more detail as to how? – KnightOfNi Dec 17 '13 at 21:11
  • Sorry I'm a bit cranky for some reason today. Must be a seasonal thing. – Iszi Dec 17 '13 at 21:16
  • @Iszi That is an interesting way to react to the holidays, but to each his own. Anyway, thanks for linking that other question, there is lots of detail over there. – KnightOfNi Dec 17 '13 at 21:19

1 Answers1

3

Infection from malware in emails comes from bugs in email software. Namely, when you "open" the email, you instruct your email software to process the email data in order to turn it into something which can be displayed. With all the paraphernalia of fonts and HTML and images and scripts, this processing has become quite complex, and thus there are bugs, and bugs can sometimes be abused into actual vulnerabilities.

In that sense, opening an evil email is akin to browsing an evil Web site.

Tom Leek
  • 172,594
  • 29
  • 349
  • 481
  • Wouldn't that mean that each time a hacker wanted to "hack" me he would have to custom write a new script to exploit a new vulnerability? – KnightOfNi Dec 17 '13 at 21:14
  • Provided that patches are being released for the exploits he's using, and you're applying the necessary patches as they come out, then yes. – Iszi Dec 17 '13 at 21:17
  • 1
    Although one may say that if someone "hacked" you once, then he owns you totally (or at least your machine), until you cleanse your computer with fire. He would not have to repeatedly use emails. – Thomas Pornin Dec 17 '13 at 21:18
  • @ThomasPornin Good point. I suppose I should say "every time he wanted to 'hack' someone" via e-mail. It would seem that at a point the hacker would run out of bugs – KnightOfNi Dec 17 '13 at 21:22
  • The hackers never run out of bugs. One specific hacker may not have their own bugs anymore, but there's plenty others out there for them to borrow/buy. And plenty of people who don't patch their systems anyway. – Iszi Dec 17 '13 at 21:24