Is this a credible threat or an urban legend?: Windows XP, trojans, and Yahoo Emails
I have a company computer with Windows XP Pro SP3 and Internet Explorer 6 (not my choice, company policy). Recently support cleaned out a batch of trojans. I have not been doing anything I would consider exceptionally risky so I was fairly surprised. While waiting, I discussed virus threats with the support tech. He claimed that malware/trojans/viruses/whatever are so universal these days that it's possible to get your computer infected by merely reading a Yahoo! email message. Not opening/downloading attachments, just reading the text. Also that this corruption of a Yahoo message can be caused not by hackers but by simply composing it on an infected computer. In his own words: "All it takes is a bad couple of bytes.".Is this possible, and if so, how do I guard against it? I thought web mail was safer than pc-based email programs such as Outlook.1 person needs an answerI do too
July 2nd, 2010 3:50pm

First of all, about Internet Explorer 6, you should discuss it with your company and IT team to migrate to Internet Explorer 7 or 8. I guess you have some compatibility issue that stop them to migrate. These issue could be resolve but for better protection you have to use Internet Explorer 8. You could get help from technet and msdn website in order to do that. Many of these type of attacks will be block with Internet Explorer 8.About those trojan, they could come from anywhere, your removable device , infected email, etc. I could NOT assure you how it come unless it been investigae that what was problem. Make sure your company get all the updates .About yahoo mail, yahoo mail come with Anti-Virus and Anti-Spam , if Virus been attacked it will block it. In some cases , there is HTML email that when come into your PC , then it contain HTML files that will download from the web, but yahoo will block them by default and you can chose to download or show image or just leave it. If you don't allow show image then html won't download. It is possible that email that call HTML might cause trojan get into your PC, it is know as Drive-by-Download . But it is case that your Windows or Application are NOT update. When everything is update they won't come up and in most case these malware HTML would go to Spam or block by Yahoo.As conclution, in yahoo by default it won't happen unless you give permission to do that. You might see message that some email has something like show content or show image and you won't se anything unless you allow that. That is for this reason and assure of security.
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2010 4:19pm

First of all, about Internet Explorer 6, you should discuss it with your company and IT team to migrate to Internet Explorer 7 or 8. I guess you have some compatibility issue that stop them to migrate. These issue could be resolve but for better protection you have to use Internet Explorer 8. You could get help from technet and msdn website in order to do that. Many of these type of attacks will be block with Internet Explorer 8. Right. Compatibility issues. But it looks like I will be able to upgrade.... finally.About those trojan, they could come from anywhere, your removable device , infected email, etc. I could NOT assure you how it come unless it been investigae that what was problem. Make sure your company get all the updates .About yahoo mail, yahoo mail come with Anti-Virus and Anti-Spam , if Virus been attacked it will block it.I know that but the support tech expressed a lack of confidence in Yahoo. In some cases , there is HTML email that when come into your PC , then it contain HTML files that will download from the web, but yahoo will block them by default and you can chose to download or show image or just leave it. If you don't allow show image then html won't download. It is possible that email that call HTML might cause trojan get into your PC, it is know as Drive-by-Download . But it is case that your Windows or Application are NOT update. When everything is update they won't come up and in most case these malware HTML would go to Spam or block by Yahoo. I do leave Yahoo in what I suppose you would call default mode: No displaying html graphics unless I unblock it.As conclution, in yahoo by default it won't happen unless you give permission to do that. You might see message that some email has something like show content or show image and you won't se anything unless you allow that. That is for this reason and assure of security. (And support assures me I shouldn't feel a sense of security... ever, not with Yahoo. Business as usual. Thanks.)
July 2nd, 2010 5:09pm

Thank you for your reply. I am glad that you could upgrade, enjoy IE8.About Yahoo, security is yahoo is quick good but you should also have Anti-Virus to make sure everything is fine . You could contact yahoo support and discuss issue about security directly with them. Block display is good thing and good practice, if you find any security issue or bug , just contact yahoo support and they will help you.I think your support is really angry with yahoo , may be bad experiance :-) , yahoo improved its security a lot. I suggest to have a look at :http://security.yahoo.com/
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2010 12:17pm

If you cannot remove IE6 for legacy compatibility, install another browser (Firefox, Chrome, Opera, etc) and use that for the majority of your web browsing, only opening IE6 as needed.If the company won't let you install it, just use the portableapps version. It'll work just fine installed to a folder in My Documents, and installation doesn't need admin rights. (Of course company policy may well prohibit you from running unapproved software mind).In principle, getting malware from reading an email in Yahoo mail is the same as getting it from visiting any other website - the well-known "drive by download" attack.I don't think Yahoo is particularly insecure, but bear in mind that Yahoo "antivirus" is no substitute for AV software - with UP TO DATE virus definitions - on your computer.
July 5th, 2010 11:52am

For wireless security, right-click on Wireless Network Connections then click on Properties and in the Properties screen, click on the [Advanced] tab; you should uncheck "Allow other network users to connect through this computer's internet connection" also in the [General] tab disable file and printer sharing for Microsoft Networks if you do not need to access a printer on a Microsoft network (for example, if all you need is the internet).To improve on/customize your security a bit, click Tools, click Internet Options, click the [Security] tab, click Custom level, then you will see all the things you can check or uncheck to disable or enable; for example you might want to adjust the following:Under".NET Framework"XAML Browser Applications -- disable"ActiveX Controls and Plug-ins"Allow previously unused ActiveX Controls to run without prompt -- disableAllow scriptlets -- disableDownload signed ActiveX controls -- prompt Download unsigned ActiveX controls -- disableInitialize and script ActiveX controls not marked as safe for scripting -- disableOnly allow approved domains to run ActiveX without prompt -- Set to enableRun ActiveX Controls and Plug-ins -- you can set to disable or prompt but some sites won't work (www.weather.com is one -- actually my mistake; it works fine if you disable it but not if you've set to prompt unless you click accept or reject really fast; however neither this site I think and certainly not some other sites where you enter in content work)"Downloads" Automatic Prompting for File Downloads -- set to EnableMiscellaneousAllow websites to open windows without address or status bars -- set to disableDrag and drop or copy and paste files -- enable o.k. maybe promptInclude local directory path when uploading to server -- set to promptInstallation of desktop items -- set to prompt or disable if you don't install these For more on the problem with Silverlight and XAML -- perhaps Microsoft can say more on this --see: http://www.msisac.org/advisories/2009/2009-067.cfm Hope this is helpful. (I added a few pieces of info) --C. E. Whitehead
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2010 9:49pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics