Email Attacks

When thinking about safeguarding your emails you have to address what types of emails are prone to attacks. Traditional and regular email is text based so embedding viruses or Trojan horses is impossible. You will not suffer any disruptions by mandating a text based only email system.

By allowing users to send and receive attachments is your problem area. Lots of companies have policies which allow only certain types of attachments and disallow others. The most typical attachments to disallow are executable files. Many companies create a filter on their mail servers which do not allow emails containing executables (files with “dot exe” extensions) to pass through.

Other files to be careful with are “zipped” up file archives. Unzipping a file is the process of decompressing it after it has been compressed by a compression utility or tool. Often times you will be sent a group of files that have been compressed – zipped together. The end user will attempt to uncompress the files into a folder of their choosing.

There have been times when unzipping a file led to many files being created with root user or group user permissions set. If the ZIP archive contained binaries with the setuid and/or setgid (group ID) bit set, then unzipping the archive preserved those bits when extracting the files from the archive. An unwary user could innocently extract those files into what the user thinks is a safe directory. Later, an attacker could exploit those executables from a directory the attacker could access with the appropriate root or group privileges.

Another area of concern is the increasing use of specialized code within documents and other executable content that can be included in emails. Incoming email should be locked out from automatically executing code upon opening an email message. Some email packages are set to automatically open an attachment upon opening of email.

It is important to apply an email security policy at the time a user account is created. It is safer to disallow certain email capabilities up front than it is to do so later on down the road after damages from viruses and Trojan horses have occurred.

Written by Mike Rede

Leave A Reply