This document provides information for end-users and administrators about protecting computers from threats that are delivered through email.
Email has quickly become one of the methods of choice for spreading viruses and other threats. Unfortunately, the old adage of "only open email from people you know" no longer applies because some viruses, such as some variants of Mydoom and Netsky, will send email using the user's name to foster a sense of trust by the recipient.
For details, read the document Email indicates that you have sent out a virus, but scanning all files with current virus definitions does not detect anything.
The following are some of the more common methods used by a virus to send itself through email.
Attacks by attachments
The use of multiple extensions is common. A file named Budget.xls.pif is a program, not an Excel document.
Unless you are positive that the file can be trusted, do not run files with the following extensions:
.bat - Batch File
.com - Executable (Program)
.doc - Word Document (Macro Viruses)
.dot - Word Template (Macro Viruses)
.eml - Email archive, auto-executing (Likely not visible)
.exe - Executable (Program)
.hta - HTML (May not be visible)
.js - Java Script
.pif - Windows Program Information File
.pot - PowerPoint Template (Macro Viruses)
.ppt - PowerPoint Document (Macro Viruses)
.scr - Windows Screen Saver
.shs - MS Scrap File (May not be visible)
.vbs - Visual Basic Script
.vbe - Visual Basic Script
.wsh - Windows Script
.xl? - Excel Document (Macro Viruses)
.zip - Compressed File
Uncommon (but no less dangerous):
.386, .acm, .acv, .adt, .ax, .bin, .btm, .cla, .cpl, .csc, .csh, .dll, .drv, .hlp, .htm, .htt, .inf, .ini, .jse, .jtd, .mdb, .mp?, .mso, .obd, .obt, .ocx, .ov?, .pl, .pm, .pps, .prc, .rar, .rtf, .sh, .shb, .smm, .sys, .vsd, .vss, .vst, .vxd, .wsf.
Embedded code attacks
Embedded code attacks are "invisible," since there is no attachment to run. The malicious code is built into the email itself or inserted as a signature. You can protect against such attacks by doing the following:
Visit the Symantec Security Response Web site for information on the latest virus threats.
Often arriving in email, phishing scams appear to come from a legitimate organization and entice users to enter credit card or other confidential information into forms on a Web site designed to look like the legitimate organization. Consider who is sending the information and determine if it is a reliable source. The best course of action is to simply delete these types of emails.
Steps for administrators