Email Viruses: How they work, and how to avoid them

Question

So my wife got hit with some email virus. I'm using the term loosely, knowing that there are many types of "viruses". Anyway, it sent out a few emails to everyone in her contacts list. The email has no subject line, and only contained a link to some "healthworld" website (it looked spammy). I've seen a few of my friends send out emails that look the same. She says that she never clicked on the link. She was using Windows Vista, IE 7, and hotmail. I looked at the original, and it didn't seem like the HTML was malformed. Here's the contents of the text/html email body:

--_c2a094e7-b0fa-45ad-b9f8-be13f4829de3_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

http://ayA68Q.2011healthworld2.com/mas
                           =

--_c2a094e7-b0fa-45ad-b9f8-be13f4829de3_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'><a href=3D'http://ayA68Q.2011healthworld2.com/mas=
'>http://ayA68Q.2011healthworld2.com/mas&lt;/a&gt;&lt;br&gt;                           </body>
</html>=

--_c2a094e7-b0fa-45ad-b9f8-be13f4829de3_--

So here are my questions... Is there anything in that HTML that could cause this sort of behavior? Is it possible to "spread a virus" without an email attachment? Or is it more likely that the email is not related to the actual virus causing the sending? What are some of the common exploits that spammers use to spread these types of email viruses? Are IE 7, Hotmail, Windows more susceptible to these kinds of attacks, and why?

Answer 1

In my opinion, this email has nothing to do with the fact, that your computer supposedly sent similar mail to several of your contacts. I suppose, you either a) have a virus, malware, whatever on your system sending out mail, or b) someone else is sending the mail and simply spoofing your adress as sender. This is quite common practise with spammers. They buy several milions of adresses not only for receipient, but also for spoofed sender purposes.

The best thing to do is scan your computer with a reliable anti virus program (I am not naming any, may the flamewars beginn), just to be sure, you have no malware. If that is the case, you can only imform your contacts, that your mail adress has been stolen and is being missused. Nothing much else you can do.

Answer 2

Is it possible to "spread a virus" without an email attachment?

Yes. Especially on machines running unpatched operating systems.

Or is it more likely that the email is not related to the actual virus causing the sending?

Also yes. It may not even be a virus sending the email. The from address on the mail means nothing, except for the fact it has to be there (i don't know if there are many mail servers that will let you send mail without it).

What are some of the common exploits that spammers use to spread these types of email viruses?

It used to be that the way in to a machine was to send malformed packets to specific ports on the machine, and it could be compromised (remember MSBlaster?), or you could be compromised with 'drive-by downloads". These days a vast majority of exploits on home machines rely upon social engineering - getting you to trust an executable, or getting you to click on a link because it either came from a "trusted" source or it looks innocent. And these days the poisoned links or payloads are quite often not even delivered via email, but instead they come from contacts on social network sites.

Are IE 7, Hotmail, Windows more susceptible to these kinds of attacks, and why?

(As of right now, with the current versions) no more so, except for the fact that IE/Windows is used by a larger group of the population, so therefore has received more attention than other OS/browser combinations (although older versions of these were horribly insecure). Doing something radical like moving to a Mac may lower your chances of being exposed (statistically), but doesn't eliminate it.

Other people may pop their head up at this point and say "but if you move to the xyz operating system then you will never be infected because it is so awesome.....". There may or may not be some merit to that argument, but that is not the point of what i'm trying to illustrate - security starts with YOU. Don't be a fool, expect to get infected if you visit dodgy sites, don't believe everything you read on the net, don't blindly click links, run a decent anti virus program. A lot of exploits rely on trust at some level - never give it unless you are 100% sure of what you are doing (check out the Dancing Pigs problem).