The Anatomy of an E-Mail Hack
How does an e-mail virus spread? How should you protect yourself?
July 7, 2010— -- If only inboxes came with a warning label.
Delivery notices from the post office, messages from out-of-touch friends and headlines from seasonal sporting events look innocent enough when they arrive in emailform.
But they all can bear malicious links ready to unleash computer-enabled chaos with just a single click.
Most of us have received the horrified e-mail: "My e-mail was hacked!!! I'm so sorry!" Some of us have even sent one ourselves. But how exactly do e-mail viruses spread? And what should you do if one ensnares you?
"The goal of a computer virus, really, is to self-propagate," said Aaron Higbee, chief technology officer of the New York-based computer security firm Intrepidus Group. "You have to look at the motivation of the people these days and, most of the time, it's money."
Written by a programmer or purchased by a criminal, an e-mail virus is a piece of computer code transmitted via email and intended to run on any computer.
Sometimes, the code is embedded in an attachment and installed after the victim opens it up. But increasingly, Higbee said, the code is installed when the victim clicks on a Web link and is directed to an infected site.
Once it gets its hooks into your computer, the virus can scan word documents, spreadsheets and address books, on the prowl for other active e-mail addresses to target.
"Usually, that initial attack is just to set-up and maintain access. They just want to turn your computer into an infected bot that just waits for instructions," Higbee said.
Without your knowledge, he said, a hacker could use your so-called "zombie computer" as part of a greater network of machines to do their nefarious bidding.
Some hackers could sell or rent time with your computer, others might install code that logs keystrokes and steals passwords so that when you go to your online banking site, it learns how to sign in as you to siphon money out of your account.
For some victims, the telltale sign of a computer hijack is when the confused e-mail arrives from an estranged ex.
But for most, Higbee said, "The bounceback [e-mails] will usually be the first clue that the computer is infected."