I was having an argument with my mother this evening about this. Can you get a virus merely by opening an infected e-mail? Anybody work in the IT field (love to hear your qualificaitons!) who could give me a professional answer?
Well, according to The SANS (System Administration, Networking and Security) Institute, you can pick up a computer virus without even opening the email:
http://www.sans.org/newlook/alerts/virus.htm
Basically, it amount to this: If you’re using an email client which supports HTML, and the running of scripts within that HTML, and you have some sort of preview function enabled, then your email client will happily run any ol’ scripts that someone might have placed within that email. And by default, Microsoft products allow scripts to call out to ActiveX controls, which can contain virtually any code under the sun. Normally this would prompt some sort of confirmation dialog, but there’s a security hole (explained in the link) which makes this sort of warning optional. Needless to say, your average virus writer will not choose the option of warning you ahead of time.
Scary, eh?
On the plus side, Microsoft is relatively good about releasing security patches when things like this crop up. The above link contains a link to the Microsoft security patch which is applicable.
None of this applies, necessarily, if you’re running on a Mac, or Linux, or some other operating system.