ID #210

Why are HTML emails a security hazard?

Applies to: Grid System

There are many reasons why HTML email is a security hazard and many bad things that can happen to you or your computer by simply even previewing the message in a preview pane without even opening it.

* Using images in HTML mail to gather demographic information about you when your mail program contacts the remote server where the image is hosted in order to allow you to view the image. Using this plus Javascript, many other 'spying' functions can be performed

* Using javascript to track recipients and "listen" to all forwarded messages

* Invisible images that monitor recipients and transmit information about them

* Monitoring the path of a confidential e-mail messages

* Silent capture of valid email addresses for use by spammers

* Executing arbitrary code from email using backdoors in MS Office

* Abusing bugs in mail clients to execute programs attached to emails

* Using ActiveX scripts in html email to steal private local files

* Javascript in html emails sending out recipients' private information

* Using javascript to initiate a denial of service attack

* Execution of malicious java applets

* Distribution of malicious worms that infect recipients' machines

More information regarding html and email based security threats, can be found here.

Last update: 2011-02-17 16:00
Author: FAQ Admin
Revision: 1.4

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ