Tracking and detecting valid mailboxes nailed down HTML emails

Back in the days when Windows 98 was the virgin Microsoft operating system, HTML email messages accounted for a large number of infected Windows-based systems. Surprisingly, things have not changed much now either. Accepting and displaying HTML email messages still pose a great deal of threats for email users, regardless of what operating system they are using, or if the latter is in reality immune to an attack based on vulnerabilities of other systems.

To illustrate, here are some of the possible threats posed by the use of HMTL messages; including, but not limited to virus or other malware infections, which still account for a high degree of risk.

Based on HTML email, a malicious person is able to perform different scams and phishing attacks. These types of attacks consist in fooling the targeted email address user into giving away personal information such as: name, address, email address, personal bank narration information. Such attacks incorporate impersonating a valid website to which the user may have previously registered and created an account.

Some scammers may go as far as impersonating banks or other financial institutions such as PayPal, in course to gain credit card information or other personal details that can later be used to obtain goods, or even to empty a bank account. Many bank chronicle frauds are mythical this way. As a countermeasure, if HTML emails are filtered at server level in a system that causes peerless text to be displayed such fraud attempts can be blocked and prevented.

Email clients have different approaches to HTML email. Mozilla Thunderbird, for example, does not instruct HTML content by default, as opposed to Outlook Express which displays HTML content by default. This does not greedy that scams cannot be performed using light paragraph as well, but the probability for someone to consider a text message is lower in comparison to seeing an exact design of their bank's website requesting their personal details.

As compared to these attempts some of our peers make with the purpose to scam people for their personal information, viruses and worms do not use the same techniques. Their goal may be infecting the operating system, but the infection mechanism may be hidden endure a appropriate offer for a unpaid product, that may actually cost the user a quota more than if they had bought a similar product for real money.

Another commonly encountered threat consists in the no problem viewing of a HTML message that can extremely trigger the delivery of more spam to the user's mailbox.

How is that possible? You may ask. For instance, the spammer sends HTML messages that incorporate a different image filename link in each of the sent out messages. He again has an association between each drawing filename link and the email address that the comment is sent to. When the message is displayed on the user's computer, provided HTML viewing is enabled, the respective image file will be automatically requested from the spammer's server. At this point, the spammer knows that the message has been viewed on a pc and, based on the requested filename and using the association created, he now knows that the respective e-email address is in use. As a result, the spammer has get going an active email user that he can convince to acquire some of the products he advertises for. Another source of wealth for the spammer is selling a database of verified addresses, which is all the more more valuable than a database that contains 3 quarters of bouncing addresses.

This concludes some of the most important scenarios and consequences of using HTML in an email application.

For the article in original, and others, please visit: http://www.mailradar.com/articles/Security

Keywords: