The Anatomy of an E-Mail Hack

If only inboxes came with a warning label.

Delivery notices from the post office, messages from out-of-touch friends and headlines from seasonal sporting events look innocent enough when they arrive in emailform.

But they all can bear malicious links ready to unleash computer-enabled chaos with just a single click.

Most of us have received the horrified e-mail: "My e-mail was hacked!!! I'm so sorry!" Some of us have even sent one ourselves. But how exactly do e-mail viruses spread? And what should you do if one ensnares you?

"The goal of a computer virus, really, is to self-propagate," said Aaron Higbee, chief technology officer of the New York-based computer security firm Intrepidus Group. "You have to look at the motivation of the people these days and, most of the time, it's money."

Written by a programmer or purchased by a criminal, an e-mail virus is a piece of computer code transmitted via email and intended to run on any computer.

Sometimes, the code is embedded in an attachment and installed after the victim opens it up. But increasingly, Higbee said, the code is installed when the victim clicks on a Web link and is directed to an infected site.

Hackers Want to Turn Your Computer Into a Zombie

Once it gets its hooks into your computer, the virus can scan word documents, spreadsheets and address books, on the prowl for other active e-mail addresses to target.

"Usually, that initial attack is just to set-up and maintain access. They just want to turn your computer into an infected bot that just waits for instructions," Higbee said.

Without your knowledge, he said, a hacker could use your so-called "zombie computer" as part of a greater network of machines to do their nefarious bidding.

Some hackers could sell or rent time with your computer, others might install code that logs keystrokes and steals passwords so that when you go to your online banking site, it learns how to sign in as you to siphon money out of your account.

For some victims, the telltale sign of a computer hijack is when the confused e-mail arrives from an estranged ex.

But for most, Higbee said, "The bounceback [e-mails] will usually be the first clue that the computer is infected."

First Clue of a Virus: Bounceback E-Mails From People You Didn't E-Mail

If you start seeing messages letting you know that e-mails you didn't send didn't reach their intended recipients, it's time to start making sure your anti-virus software is installed and up-to-date, he said.

While many computer users might assume they're safe because they installed anti-virus safe once upon a time, Higbee said that installing software once isn't necessarily enough.

"A lot of people will have something that comes with the computer that updates for 30 days or one year, but once it expires it's no longer effective," he said. "First make sure that it's running ... and your computer is getting the updates."

If the software has lapsed, he advised installing antivirus software from a full-service company that offers free updates with the program. If the virus is still present after running virus removal and scanning programs, he said you might have to reload the entire the system.

After e-mailing everyone in your address book and letting them know about the breach, he said you should be good to go.

Sam Masiello, director of messaging security research at McAfee, said that though viruses no longer destroy computers, they can still wreak havoc on a person's life in other ways.

  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...