E-Mail Threats and Vulnerabilities

David Harley, NHS Connecting for Health, UK

Introduction

Social and Antisocial E-Mail Issues

Malware

E-Mail and Early Viruses

Boot Sector Infectors

File Viruses

File and Boot (Multipartite) Viruses

Macro Viruses

Script Viruses

Mass Mailers

Spoofing Viruses

Network Worms

Hybrid and Multipolar Malware

E-Mail Viruses and Worms

The Malware Author's Dilemma

Trojan Horses

Antimalware Solutions

Anti-Trojan Software

Spam and Related E-Mail Abuse

Spam and Malware

Chain Letters, Chain E-Mails, and Hoaxes

E-Mail Fraud

Threats and Extortion

MailBombing

Subscription Bombing

E-Mail Abuse and Policy-Based Solutions

Antispam Policies

Codes of Conduct

Conclusion

Glossary

Cross References

References

Further Reading

INTRODUCTION

The classic information technology (IT) security tripod model (integrity, confidentiality, and availability) applies as much to e-mail as it does to other areas of information management, and the medium is subject to a range of problems. Johnson (2000) categorized these as follows:

  • Eavesdropping. This exploits susceptibility to network sniffing and other breaches of confidentiality.
  • Impersonation/identity theft. Even though well-managed organizations use authentication to regulate access to services, many e-mail-related Internet services such as SMTP (simple mail transfer protocol) are highly vulnerable to such abuses as impersonation by forging e-mail headers. Although identity theft is an ongoing problem, the less glamorous problem of ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.