Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can just opening an email download both viruses and spyware?

Question:

I have read various articles that state that viruses can be downloaded just
by opening an email, without having to click on an attachment. I’m wondering if
spyware is the same. Does it require me to physically click on an attachment
for the spyware program to run or can the spyware be activated simply by
opening an email to view it? And can the spyware be launched a second time on a
different computer if I click on it again?

This whole “can I get a virus just by reading email” question has been
around a very long time. These days it’s not really much of a risk at all, but
once upon a time there was a very real danger.

And, of course, you can still face that risk with a misconfigured email
program.

Part of the question being asked here also is would spyware be any
different?

]]>

In a word: no.

In all honesty, the line between viruses and spyware has become so blurred that it’s almost impossible to draw a distinction between the two. Spyware often propagates in the form of viruses, and viruses often install spyware. Which is which, and what’s what is pretty academic and, in my opinion, just not that important to the average user.

“Most malware authors have moved on to techniques that are apparently much more successful.”

With the exception, of course, that you do need both anti-virus and anti-spyware protection, as the tools use different techniques to target what they protect you from. And yes, it’s doubly confusing since many anti-virus programs will trap some spyware, and conversely many anti-spyware tools will eliminate some viruses.

The real takeaway to remember to keep yourself safe is simply: don’t worry about the differences, and make sure you have protection from both.

Now, back to email.

Long, long ago (in internet time – maybe 5 years or more in “real” time), email programs would, when you open a message, display all the content in that message. That included not only pictures but if the message was HTML then many would also do things like run any Javascript that was part of the message.

As a result, malware (a term that encompasses both viruses and spyware) was created that would leverage HTML, or Javascript, or even simply display images – often along with known operating system vulnerabilities – to actually attempt to infect your machine if a specifically crafted malicious email message were simply displayed. That got even worse with the advent of the preview pane in many email programs, which would display your incoming email even if you had stepped away from your computer.

You could get infected just by looking, and you didn’t even have to be there to look!

Yikes!

Needless to say, that was (relatively) quickly addressed by most of the email programs with a few not-so-subtle changes:

  • Javascript was typically not supported when email was displayed.

  • Images were not displayed by default.

  • Vulnerabilities were patched.

  • Spam filters also started to take on the role of simple virus checkers, and would junk email with suspicious content.

  • And of course anti-malware software began checking email as it arrived.

I’m sure you’re at least familiar with the image blocking step since it’s something you see frequently today. In almost all popular email programs images will not be displayed in an email unless that email is from someone you’ve indicated you trust.

Unless you explicitly turn them off, there are now enough safeguards in place with modern email programs and web based email services that the chances of getting infected by simply viewing an email are extremely remote. Most malware authors have moved on to techniques that are apparently much more successful.

Like tricking you into clicking a link, or opening an attachment.

When that happens, and it’s a malicious link or attachment – all bets are off.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “Can just opening an email download both viruses and spyware?”

  1. One thing you can do is, right click the email in question a box will open click properties. This will allow you to see what is in the email without opening it. My rule of thumb is, if in dought toss it out. There is very few emails i recieve that i will trust enough to open now days.

    Reply
  2. The real problem today with message panes is that displaying the message tell the spammer you are real.
    I always turn off message panes in new email client installs.

    If you have “display images” off by default, then this is not true.

    Leo
    03-Mar-2010

    Reply
  3. Using Thunderbird, I use View > Message Body As > Simple HTML – better than Text and safer and quicker than Original HTML.

    Reply
  4. I have received 3 emails from unknown people using a hotmail address and after opening two of them, I just deleted the 3rd because the letters in the message were scrambled and didn’t make sense. Do you think that these emails were viruses or trojans or whatever that can harm my computer? I have a good anti-virus program and use spybot as well but they show nothing is amiss.

    Reply
  5. Connie, the gibberish you see is an attempt by SPAMmers to circumvent your SPAM blocker or your e-mail program’s junk mail filter. Some programs or pictures, if opened in a plain text program like Notepad, will show gibberish, but most of that stuff is just spammers trying to make an email look legitimate.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.