Email Contamination Fear

[Marc Harmon]

To what extent am I misleading friends by telling them that a pdf or jpg
from me is safe to open? Or that it is always safe to open an email?

I have sent word docs and pdf docs to various members of a social group.
I have been told by some, "I will not open an enclosure for fear of worms,
viruses and other computer troubles."
I have said, "It is a safe enclosure to the extent that I know my mac is
safe."
That then is the question.

Is the following scenario being done and what is the likely hood?
If I send an email with a pdf attachment to 10 people. Are other people
intercepting such innocent enclosures and bugging them and sending them on
to my addressees? I will assume it can be done. I also assume that if my
email became such a target it would be random. Ie. No one wants to get me
or my group (which is unrecognizable by email)
I assume that for a pdf to be a problem, an executable program needs to be
substituted for the pdf doc and yet still maintain it's icon and extension.
Would that be correct? I noticed that some of the recent swen email
attached a file that was an .exe Is that not an automatic tip. Is there
not a way for such hackers to send the program without the .exe?
Or other extensions that mark it as an executable program?
What other extensions are there?

Greater fear:
I have told members of the team that so far, people are not making email
that is getting through reputable servers, such that when you download it,
and see its content in a split window view, let alone opening into its own
window, that this will execute a program.

 

[J.E. McGimpsey]

To what extent am I misleading friends by telling them that a pdf or jpg
from me is safe to open? Or that it is always safe to open an email?

In general, you're pretty safe making those claims. However...

I have sent word docs and pdf docs to various members of a social
group. I have been told by some, "I will not open an enclosure
for fear of worms, viruses and other computer troubles."

Pretty reasonable if they don't have up-to-date anti-virus software.
But they should, of course.

I have said, "It is a safe enclosure to the extent that I know my
mac is safe." That then is the question.

There are several Mac-specific virii in the wild. I have not seen
any for a long, long time. If you have an updated anti-virus
application on your machine you're almost certainly correct.

However, Word and other Office files can have macro virii. Most of
these virii don't affect Macs, but they can be passed along to
Windows users. As long as you have your Macro virus protection
checkbox checked in the Preferences/General tab, any file you open
that does not get flagged as having macros should be safe to pass
on. Any file you open that gets flagged as having macros should be
examined by your anti-virus software (and I recommend manually, with
macros disabled) to make sure nothing malicious exists. If your
anti-virus scan is up to date, any office file you generate should
be safe.

Your pdf files should be safe in any regard.

Is the following scenario being done and what is the likely hood?
If I send an email with a pdf attachment to 10 people. Are other people
intercepting such innocent enclosures and bugging them and sending them on
to my addressees? I will assume it can be done. I also assume that if my
email became such a target it would be random. Ie. No one wants to get me
or my group (which is unrecognizable by email)

Possible, but extremely improbable. Since both the email and the
attachments are sent as tens to millions of individual packets, your
file last exists as a file at your ISP's server until it hits your
addressee's server. In between, packets may take different paths
through different servers, certainly their order is never guaranteed
to be continuous. So unless your ISP or your addressee's ISP has
been hijacked by a bad guy, you'd have to assume you're being
deliberately targeted to make that scenario credible.

I assume that for a pdf to be a problem, an executable program needs to be
substituted for the pdf doc and yet still maintain it's icon and extension.
Would that be correct? I noticed that some of the recent swen email
attached a file that was an .exe Is that not an automatic tip. Is there
not a way for such hackers to send the program without the .exe?
Or other extensions that mark it as an executable program?
What other extensions are there?

this isn't exhaustive, and you shouldn't rely on extensions, but
these are *capable* of carrying malicious code (most of which runs
only on Windows machines):

0.386,.ADE,.ADP,.ADT,.APP,.ASP,.BAS,.BAT,.BIN,.BTM,.CBT,.CHM,.CLA,
..CLASS,.CMD,.COM,.CPL,.CRT,.CSC,.CSS,.DLL,.DOC,.DOT,.DRV,.EML,
..EMAIL,.EXE,.FON,.HLP,.HTA,.HTM,.HTML,.INF,.INI,.INS,.ISP,.JS,.JSE,
..LIB,.LNK,.MDB,.MHT,.MHTM,.MHTML,.MP3,.MSO,.MSC,.MSI,.MSP,.MST,
..OBJ,.OCX,.OV?,.PCD,.PGM,.PIF,.PPT,.PRC,.REG,.RTF,.SCR,.SCT,.SHB,
..SHS,.SMM,.SOURCE,.SYS,.URL,.VB,.VBE,.VBS,.VXD,.WSC,.WSF,.WSH,
..XLS,.XLT

Greater fear:
I have told members of the team that so far, people are not making email
that is getting through reputable servers, such that when you download it,
and see its content in a split window view, let alone opening into its own
window, that this will execute a program.

Not necessarily - on unpatched Outlook or OE systems, viewing the
file in the preview window may allow malicious code to run. If they
have their email client set to display HTML in messages and to allow
network access, HTML code (called webbugs) in messages from spammers
can send their email address back to the spammers server which gets
them listed as an active address on spam lists, though the webbugs
can't run malicious code.