I realize that as I ask this it sounds incredably naive, but are their currently worms and viruses that spread through web based email? (eg Hotmail or Yahoo)
I am aware of the problems with Outlook Express and the number of viruses/worms that exploit it to spread using your address book. I have been using webbased email almost exclusively for the past 8 years, either Hotmail or my university account. Recently our university has had a outbreak of email based worms that seem to be spread through webbased email and I didn’t think this was possible.
So if it is possible, I’d really like to understand how. I have enough programming knowledge to understand how the worms use Outlook Express but I really can’t see how an exacutable could run Internet Explorer, then go to my email, then get to the address book, etc.
It’s possible, but since there are so many variable, it’s rather impractical, at best. It’s trivial to have a program call another, such as IE, and feed it command-line parameters to do certain tasks (like navigate to a particular webpage). The problems start when it comes to actually doing anything with it. If your cookie has expired, the virus is SOL, since it has no way of finding your password and/or username. It would also have to be rather specific, since each web-based email page has its own particular layout of buttons, form elements and submit calls. I don’t know if anyone actually has attempted to do such a thing, but clearly it was not a terribly successful effort, if they did.
Well, I don’t have practically any programming knowledge, but I’d guess that viruses that spread as attachments are just as likely to spread in web-based mailsystems as they are in, say, Outlook. After all, when the attachment is opened the code is run on the local machine and malicious code can be executed.
Some worms have a built-in mail system that can send out trash mail on its own. Some worms scan your hard drive and search for addresses. But as far as web based addres books are concerned, I don’t think they are vulnerable to such worms…
Because of the difficulties and variations, it’s not likely someone can design a virus to get the e-mail addresses from a web-based client.
But that’s a moot point. Though viruses do read your address book if you’re infected, they also read everything on your hard drive that looks like an e-mail address and send something to it (I got a ton of Mydoom mail because my e-mail was on cached web pages). In effect, it looks for an “@” and takes the text on either side of it. In addition, the new trick is to generate accounts by putting names to a domain (the poor guy who was bob@aol.com found his mailbox stuffed by MyDoom )
In addition, all mass mailer viruses these days have their own SMTP engine, so they don’t have to go through the e-mail client. (We’ve actually shut down SMTP traffic going out from our student network to prevent viruses from mass mailing.)
So viruses nowadays (like MyDoom) can easily spread through web-based e-mail: If you click on the virus, it will search your hard drive for addresses and send them out using its own mail client.
Kinda sorta. The problem is, if the user is solely a web-based email user and has no accounts set up in OE or whatever, the virus is pretty much stuck. Sure, it can mess up your system or whatever it was programmed to do, but it can’t spread–unless it was specifically designed to do so, with the problems I’ve noted above.
Just a friendly reminder that you can still infect your system while using web-based e-mail, if you execute the viral payload within an attachment.
Using webmail only makes your address book inconvenient for a virus to access. The virus will still have convenient access to all of the other places on your system where e-mail addresses can be found.
Point taken. However, many web-based email services automatically and unconditionally scan attachments prior to allowing you to downlaod them. If one is found the attachment is made unavailable to you. This is the case for Hotmail, at least. Sure, a clever new virus can slip through, but such precautions certainly help.
Actually, at least some ISPs also provide virus scanning. At least here in Finland. I checked what was the case in mine, and yes, they provide some sort of virus prevention system, and it is on by default for everybody. I don’t know how aggresively it scans the attachments and messages, but at least they are doing something. Iäm positive that there are heaps of mail server around the world that don’t bother with virus scanning and therefore make it easy for viruses to spread.
)