Viruses and Trojans are in the news again, and both of the latest discoveries transmit via email. I can't recall how many times this situation has occurred in the past few months. It seems that every other week someone finds another malicious email floating around the Internet with an undesirable payload.
I can't stress enough how important it is to be careful with your inbound email. These days, most users probably receive twice the amount of junk mail in their inbox as they receive at home in a postal mailbox--I know I do. Often, the volume of mail I receive causes me to become hurried when reading those messages, but I never let down my guard when it comes to email content, even when I know the person who sent me the email.
For example, friends of mine love to pass around cute little sayings and anecdotes, along with fancy graphical anecdotes. Although I love a good laugh, I hate the thought that someone might get a great laugh at my network's expense if I open a Trojaned email. So, I resist the temptation to examine their contents by deleting those types of messages immediately. But knowing what's in an email isn't always easy to discern without opening it.
In some cases, you might receive email addressed as if it originated from a notable source, such as a vendor, when in fact the email was forged to appear as if it came from a vendor; such is the case with the latest Trojan discovery. How can you protect yourself against infection in these situations? Keep in mind that anyone can spoof an email, just as anyone can spoof any letter sent to your postal mailbox. Examine each email message you receive with a fair amount of doubt towards its validity--especially if the email is from a vendor and contains a file attachment. After all, how many times has a vendor blindly emailed you a file? Probably not often. In most cases, a vendor will request that you go to the company's Web site to download a file, so be very suspicious of any email outside of this norm.
If you're an Outlook user, consider reconfiguring your security settings to a more paranoid mode. Open Outlook and choose the Tools menu and then the Options item. From the dialog box, select the Security tab and take notice of the Secure Content area on the dialog box. In that area, you'll see a zone setting that governs how Outlook treats email-based content. You may set this parameter to either the Internet zone or the Restricted Sites zone. Keep in mind that this zone setting is the same as you see within Internet Explorer (IE), where the zone settings that you apply affect both IE and Outlook. To configure or examine a zone's properties, select that zone and then click the Zone Settings button.
In my installation of Outlook, I use the Restricted Sites zone, because it offers the most protection against malicious email content. It does so by disabling ActiveX, Java, Cookies, and other potentially dangerous Web-enabled technologies that I might receive via email. In addition, you'll notice a button on the dialog box labeled Attachment Security. You should consider adjusting this setting to High for maximum protection because it helps protect against malicious content in email file attachments.
Performing these adjustments will go a long way toward protecting you against malicious email content. Combined with a good virus scanner, your environment will be much safer than it was. Until next time, have a great week.