ZDNet UK | News | Downloads | Reviews | Shopping | AnchorDesk | Tech Update | Jobs | Games | Help | Updates
Help
ZDNet on your Palm
 
Free newsletters
 
Free downloads

Search ZDNet:
   Search     » Try our Advanced Search
 What's hot on ZDNet
Free Sub to ZDNet in print!
Get the very best of ZDNet UK for FREE in a 24-page weekly magazine
NEW: Find IT research here
For IT professionals who need hard information -- fast
Time for a change? Start here
All kinds of tech jobs on offer. Earn more, learn more, and realise your potential



ZDNet UK > Help > Internet > Malicious Messages



Malicious Messages
Brett Glass

E-mail can also contain security exploits that, while they don't propagate themselves as viruses or worms do, may compromise your privacy or make your computer unusable. For example, an HTML message containing an image tag will cause most e-mail programs to retrieve the image automatically when the mail is read. If your e-mail address (or any other information that uniquely identifies you) is included in the image tag (for example, <img src="http://images.spammer.com/picture.jpg? innocent@user.com">), a spammer can determine from his or her Web server logs that the address is valid and that you've opened the spam. You'll then be tagged as a live prospect for more spam. This sort of identifying image tag is sometimes called a mail bug.

Because an image incorporated in HTML mail is usually retrieved via HTTP (the Hypertext Transfer Protocol), the server may also be able to place a cookie on your system. (Note that the most popular e-mail clients use browser software to render mail. Outlook, Outlook Express, and AOL use Microsoft Internet Explorer; Netscape Communicator uses Netscape Navigator; Opera uses its own internal HTML rendering software, and Eudora uses Internet Explorer unless explicitly configured not to do so.) And you may not know that any invasion of privacy has taken place, especially if the image is tiny or invisible (a clear GIF or Web bug). An e-mail message may also contain "active content exploits"--calls to susceptible ActiveX controls on Windows machines. Such security holes can be used to extract personal information from your computer, do damage, or install other malware.

A hostile script embedded in e-mail can also "take control" of your machine by opening an advertising or pornographic Web page in your browser. It can then prevent you from closing the window or shifting the focus. A malicious script can freeze the browser or the entire machine. A message with intentional formatting errors may crash some vulnerable e-mail software, too.

Fortunately, this genre of malware is still in its infancy, but it's sure to become more common as the techniques for creating it become better known. The best way to avoid e-mail exploits that use image tags or active content is to employ a filter that disables them before the message reaches you. Such filters are already available for use on mail servers run by ISPs and companies.
 

 Tip of the Day
The missing Link
Have you ever found a web site with lots of links that you'd like to use as a point of reference but were afraid that if you started clicking the links you'd never find the original site again?

 Help Forum
· Help Forum - share your computing problems with others.

 Careers
· Search for jobs.
 Job of the Day
· [an error occurred while processing this directive]

 Search Help
 Search the Tip Zone
  
 Developer
· Developer news.

 Games Help

· Games Help

 Downloads
· Internet Downloads


 Update your PC
· Is your software out-of-date? Update your PC.

 Site Wide Help
· Site wide help

Click here for another great offer!
Click here for another great offer!
 Last Modified: 01 May 2001  


Free Newsletters |  Free Stuff |  TalkBack |  Broadband Britain |  Update your PC |  ZDNet on WAP |  Terms |  MyZDNet

Contact Us |  Your Privacy |  ZDNet International |  Advertise |  Work for ZDNet
Copyright © 2003 CNET Networks, Inc.
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET NETWORKS, Inc.