Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Don't even open

Read: 823 Comments: 2 Rating: 9

And I've got this question (it may seem naive) and I wanted to ask it for quite a while but issues about this topic wouldn't come up. Maybe it's a myth that I invented myself but to avoid infection I never open emails in my mailbox as well as short messages if the message or SMS appear suspicious to me (I check the subject line and a few words at the very beginning of a message which I can read without opening it). I mean that I not only refrain from doing foolish things (reply to messages, try to unsubscribe or open links or attached files), but I merely delete these emails/SMS without opening. And my question is this: can opening an email/SMS cause any problems if if I do not take any of the actions I've described above (in brackets)? I tend to think that if I just open an email/SMS, nothing bad should happen. But everything is possible.

A commend from a user to an Anti-virus Times issue

Collective consciousness can work wonders. The threat the user is talking about indeed exists or, to be more precise, it existed at the moment when the question was asked. Those who remember mass mailings in the era of I love you know that thanks to vulnerabilities malicious actions could sometimes be carried out even without opening an email—receiving it by a mail client was enough. That's why Dr.Web features the HTTP monitor SpIDer Gate™ as well the SpIDer Mail monitor to scan scan traffic before it is processed by a receiving application in a protected system.

We assumed that threats of this kind ceased to exist and intended to talk about it in a history column of our project. But suddenly just a few days later…

This vulnerability was detected in Microsoft Word. Cybercriminals have developed an active exploit for this application in the form of a Microsoft Word document. Once this document is opened, another file called doc.doc is loaded. It contains an embedded HTA script, detected by Dr.Web as PowerShell.DownLoader.72. This HTA script, written using Windows Script syntax, calls the command interpreter PowerShell. PowerShell processes another malicious script that downloads an executable file to the attacked computer.

Currently, cybercriminals use this mechanism to install Trojan.DownLoader24.49614 on the computers of their victims. This Trojan downloads and runs other malicious software on infected machines.

It means that to get a machine infected, one only needs to try opening the document—the system will have been compromised before you'll see the contents.

#vulnerability #exploit #email

Dr.Web recommends

  • Believing that a system will never get infected because you see what you are doing is dangerous. The exploit we described above will do its job while you won't notice anything.
  • An anti-virus doesn't incorporate useless modules. Dr.Web SpIDer Gate is responsible for scanning traffic and will prevent threats of this kind from being saved in a system.
  • Infection techniques similar to those described above don't fall out of use completely. Depending on availability of loopholes in a system, they may become more or less relevant. But believing that there will be no vulnerabilities and continuing to use a product that was developed without any consideration for such risks is to take the matter lightly.

And the vigilant user surely gets a well-deserved award ☺

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.