This document provides information for end-users and administrators about protecting computers from threats that are delivered through email.
Email has quickly become one of the methods of choice for spreading viruses and other threats. Unfortunately, the old adage of "only open email from people you know" no longer applies because some viruses, such as some variants of Mydoom and Netsky, will send email using the user's name to foster a sense of trust by the recipient.
The following are some of the more common methods used by a virus to send itself through email.
Attacks by attachments The use of multiple extensions is common. A file named Budget.xls.pif is a program, not an Excel document.
Unless you are positive that the file can be trusted, do not run files with the following extensions: Common: .bat - Batch File .com - Executable (Program) .doc - Word Document (Macro Viruses) .dot - Word Template (Macro Viruses) .eml - Email archive, auto-executing (Likely not visible) .exe - Executable (Program) .hta - HTML (May not be visible) .js - Java Script .pif - Windows Program Information File .pot - PowerPoint Template (Macro Viruses) .ppt - PowerPoint Document (Macro Viruses) .scr - Windows Screen Saver .shs - MS Scrap File (May not be visible) .vbs - Visual Basic Script .vbe - Visual Basic Script .wsh - Windows Script .xl? - Excel Document (Macro Viruses) .zip - Compressed File
Embedded code attacks Embedded code attacks are "invisible," since there is no attachment to run. The malicious code is built into the email itself or inserted as a signature. You can protect against such attacks by doing the following:
Use the latest version of your Symantec AntiVirus product and keep the virus definitions up-to-date.
Consider disabling preview windows, as these types of malicious code may execute if previewed. If preview is on, simply clicking on a suspicious message could infect the computer before you can delete it.
Phishing attacks Often arriving in email, phishing scams appear to come from a legitimate organization and entice users to enter credit card or other confidential information into forms on a Web site designed to look like the legitimate organization. Consider who is sending the information and determine if it is a reliable source. The best course of action is to simply delete these types of emails.
Steps for administrators
Educate users about the different types of email attacks and what to do with unsolicited or suspicious messages.
Consider limiting access to personal email accounts on your network.
Consider having your email servers strip attachment types listed under the "Attacks by attachments" section of this document. Read your email server's documentation for information.
Use an antispam program to reduce the number of phishing scams and similar threats that reach your users.