cancel
Showing results for 
Search instead for 
Did you mean: 

virus - at the customs house

the_groundsman
Grafter
Posts: 383
Thanks: 2
Registered: ‎12-08-2007

virus - at the customs house

I got some spam on an old address I rarely use these days-
The title was something about picking up a parcel from customs. I blocked it and have deleted it but can someone tell me what if any danger there is  in opening the mail rather than the attachment? I assume it is the attachment that usually brings with it the danger of infection? I did open the mail and there was a zip file attached which I left well alone......
18 REPLIES
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: virus - at the customs house

The Zip hold a Trojan, see other thread here http://community.plus.net/forum/index.php/topic,66856.0.html
Depends how you feel, it is best to look at the program under outlook express by right clicking and then select profile, then source, this will allow you to look at the source without opening it.
AVG8 detects the virus within the zip and quarantines it
The Subject has been UPS, just had one from
*      "Willa Barrera" Allegiant Air <cbnwr@bleuquest.com>
The subject line of the mail received was:
*      Your order from {airlines} N2028271
puddy
Grafter
Posts: 1,571
Registered: ‎10-06-2007

Re: virus - at the customs house

I got 20 of them so I rang up HMRC and said what all these e-mails about the nice lady said theirs a press release on our web site dont open them and delete them.

They are really nice people at HMRC
puddy
MickKi
Grafter
Posts: 543
Registered: ‎30-09-2007

Re: virus - at the customs house

Quote from: pierre_pierre
Depends how you feel, it is best to look at the program under outlook express . . .

Errm, no bro!  It is best not to use Outlook Express at all!  Tongue
Most mail clients these days can be configured to not fetch files from the Internet (images, scripts, etc.) embedded in links within an html email message.  I think that in MSWindows mail clients you have to change the settings to 'untrusted zone'.  Unless you have that setting configured in your Outlook Express it will open up anything and everything . . .  Also, the Auto-preview feature means that Outlook Express will run the lot before you double click on the message to open it.  Of course, safer clients like e.g. Thunderbird, Eudora, Pegasus, etc. have that setting set by default and they will not download files from links.  I recall that at some point in history, an MSWindows update changed that setting to not open links by default in Outlook Express - but you better check.
If you are suspicious that a message is dodgy and you want to see  what's in it, then you can set up your mail client to only display messages in plain text.
Similarly, most webmail implementations are configured not to open links.  Opening your messages in a correctly configured webmail is the best solution because you are not downloading anything to your PC and you are not running anything locally.
So in conclusion, the best solution would be to use webmail, after you configure it to not download embedded html links, or to only display messages in plain text.
Second best would be to use a mail client which is safer that the MSWindows offers of products and to similarly configure it to not download embedded html links, or to only display messages in plain text.  Thunderbird is a good one.
HTH.
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: virus - at the customs house

auto open should be switched off in Outlook express, and opening then via right click and properties does not expose you  havnt really looked into it but can you look at the source and headers in for instance imap thunderbird without opening the mail?, and as I said AVG quarantined the zip without opening
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: virus - at the customs house

Quote
If you are suspicious that a message is dodgy and you want to see  what's in it, then you can set up your mail client to only display messages in plain text.

That unfortunately wont stop the zip attachment coming through, then the unwary might open the zip
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: virus - at the customs house

Quote
Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS

Viruses found in the attached files.
The file invoice_8712.zip: Trojan horse SHeur.BYKQ. The attachment was removed from the mail.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.5.5/1570 - Release Date: 7/24/2008 6:59 AM


Plain text download lucky for AVG
MickKi
Grafter
Posts: 543
Registered: ‎30-09-2007

Re: virus - at the customs house

Plain text does not run any scripts that may have been embedded in html code.  Viewing images that were posted in the message is OK, the problems may start if there is a linked image that your client will go to fetch from the Internet.  I am not sure what MS mail clients do these days with regards to autopreview.  Does it run only if switched on, or does it run in the background anyway?  MS have made attempts with successive patches and updates to switch off any settings in MSIE and Outlook/Outlook Express/Vista Mail, which cause vulnerabilities.  Viewing the properties of a message, to see the raw content is OK of course.  I think that it's the same like saving the message on your hard drive and then opening it with Notepad.
A good antivirus is essential even when running more robust mail clients.  It should catch most attachments that the antivirus company knows about at this moment in time.  There's no problem downloading these, or saving them on your hard drive - the problems come from running them.
itsme
Grafter
Posts: 5,924
Thanks: 1
Registered: ‎07-04-2007

Re: virus - at the customs house

Quote from: puddy

They are really nice people at HMRC

Not in my opinion. Paid duty on imported cigars which then were lost or distroyed, their story keep changing, take several months to get the refund of the duty but no joy for a refund for the cigars.
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: virus - at the customs house

Quote
Plain text does not run any scripts that may have been embedded in html code.  Viewing images that were posted in the message is OK, the problems may start if there is a linked image that your client will go to fetch from the Internet

I will say it yet again. the virus was in an attachment.  the plain text was convincing enough to make some one in a hurry to open the "Invoice"
What would an IMAP program do to alter that?
MickKi
Grafter
Posts: 543
Registered: ‎30-09-2007

Re: virus - at the customs house

Quote from: pierre_pierre
I will say it yet again. the virus was in an attachment.  the plain text was convincing enough to make some one in a hurry to open the "Invoice"

No programme will protect you from yourself . . . even when it does, many users will disable it - how many Windows users you know who run their OS logged in as plain users?  Most executables will not run, or will not install if you run your machine as a plain user.
With regards to the message being convincing - when was the last time that UPS or a courrier, or a bank, or ebay, or paypal, etc., sent you an attachment?
Quote from: pierre_pierre
What would an IMAP program do to alter that?

IMAP4, or POP3 are not related to this thread.
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: virus - at the customs house

Quote from: the
I got some spam on an old address I rarely use these days-
The title was something about picking up a parcel from customs. I blocked it and have deleted it but can someone tell me what if any danger there is  in opening the mail rather than the attachment? I assume it is the attachment that usually brings with it the danger of infection? I did open the mail and there was a zip file attached which I left well alone......

Strange,
I thought the question was what should the punter do
Community Veteran
Posts: 19,102
Thanks: 443
Fixes: 21
Registered: ‎31-08-2007

Re: virus - at the customs house

Anyone using Outlook Express should have the Preview Pane turned OFF. What for the life of me I can't understand is why the default settings were ever to have it on! M$ will never learn the obvious Roll eyes
Likewise any other mail clients that have such a facility.
I'm afraid there are too many ordinary folk that will be suckered into opening such things which why it is imperative that you have good AV and Firewall on your machine. AVG will quarantine a dodgy attachment.
Even with what seems like belt and braces on one's machine, I would NEVER open a suspect mail on webmail whatever the settings one had. Some hacker or other may have found a way of making you vunerable. Nor can you look at the headers of a suspect mail in webmail without opening it Sad
I agree with pierre_pierre. For ordinary folk with Outlook Express on their machines, popping the mail then if you need/want to look at the headers/source -  RIGHT click, select Properties/Details/Message Source  and then copy/paste headers or whatever you want safely to a text file if needed.
Community Veteran
Posts: 1,850
Registered: ‎11-08-2007

Re: virus - at the customs house

the best thing to do with spam is delete it out of hand.  if you open the email, you let the sender know that it has sent to a live address.  then more and more will come.
Community Veteran
Posts: 19,102
Thanks: 443
Fixes: 21
Registered: ‎31-08-2007

Re: virus - at the customs house

Sorry Huh Who said anything about opening it.
If you want to report the spam, you'll need the headers etc.
Deleting it out of hand hardly achieves that Roll eyes
The safe way has been explained.