PREVENTING E-MAIL ATTACKS
Nechukhayeva N.V., Petrechuk L.N.
National metallurgical academy of Ukraine
У статті розглянуті
деякі з основних способів запобігання вірусним атакам на персональний комп'ютер
через електронну пошту. Описана робота Filter-додатків,
що знижують вірогідність шкоди "E-bombing",
що маскуються під імена файлів.
of the simple ways of identification and prevention of the user's personal
computer from email attacks are considered in the article. Filenames
of the often met e-mail bombs are represented and importance of the Mail Filter
Applications' Use is shown.
, e-mail bombing, attacks, viruses, identification, filter packages.
Email bombing (E-bombing) is
the process of sending large number of mails into someone's mailbox with an
intent to affect the OS of a PC or a network. It is also termed as 'email
flooding', as the targeted mailbox is flooded with a barrage of mails. When one's
mailbox is flooded with unwanted and junk emails, mailbox capacity will get
exhausted and it leads to inability to receive any mails further. This action
prevents the PC from reading the legitimate mails. It can even be used to
completely overload any company's mail server. E-bombing can also crash the OS and
the mail servers. It has the capacity to consume the whole system. It can help
to restrict the overflow by limiting the user quota to a certain capacity.
Let us remember the well-known
viruses as Melissa and The ILOVEYOU. Melissa was so powerful because it
capitalized on a vulnerability found in the Microsoft Word programming language
known as VBA (Visual Basic for Applications). VBA is a complete language that
can be programmed to perform actions such as modifying files and distributing
emails. It also includes a rather useful yet dangerous function known as
"auto-execute". The Melissa virus was programmed by inserting
malicious code into a document, enabling it to be executed whenever someone
The ILOVEYOU virus, which was
first detected in May of 2000, was simpler than Melissa. The malicious code in
it came in the form of an attachment. Any recipient who clicked on the
attachment unknowingly executed the code. This email virus then distributed
copies of itself to contacts in the user's address book, enabling the infection
to spread at a rapid rate. Because ILOVEYOU was also known to unload different
types of infections, some experts have labeled it a Trojan rather than a virus.
Anyway, it won't help a user to
prevent email bombers from attacking their computers. But if they are running a
network having multiple users, the last ones can check these filenames in the
hard disk drives of the network and thereby prevent from attacking other
computers by email bombing. Take a look at the Table 1.
if your computer is running slow :open a few programs and see if they open
normally. Open your web browser to see if you can navigate the web. One of the
common symptoms of a virus is a slow computer. There can be other reasons for
slowness, including the need for more memory, fragmented hard drive, or
spyware. Check if you are getting p pop-ups, programs starting and then
closing, messages appearing on the screen, Windows locking up or shutting down
on its own are all signs that your computer may be infected with a virus. Check
if your modem or hard disk is running constantly. Look at the activity light on
your modem: If it is constantly lit, you may have a virus. If you hear your
hard drive constantly making noises, this can be a sign. If you are only
getting these symptoms, however, it may not be a virus. These symptoms, along
with symptoms in the previous steps, are signs of a virus.
Reaction: If you
find an email bomb, configure your router using your Network Service Provider.
Also update the current version of your email delivery software. Spamming
the emails may also help to some extent but it never is the permanent solution.
your mail handling system and firewall properly.
Examples of Email Bombs and
their Filenames. Table 1
Use Proxy Servers
It's difficult to spam and
filter every if the email bombs are incoming from many IP addresses. In this
case proxy servers will help to minimize the problem. The computers in the
network will be connected to this proxy server which is just another computer.
The client computers send request for information and resources of other computers
to the proxy server and the last one addresses the request and sends the
information after filtering the messages. This is done according to the
filtering rules of the proxy. It checks for malware content and filters the
messages from suspicious IP addresses and protocols before transmitting it to
Monitor Simple Mail Transfer
Simple Mail Transfer Protocol
(SMTP) is a method of authenticating the exchange of messages that are
transmitted or received across the Internet protocols. The clients in the
network use Post Office Protocol (POP) or the Internet Message Access Protocol
(IMAP), of their system to access their mailbox. The Mail Submission Agent,
sends a mail or transfers any information to the Mail Transfer Agent (MTA), through
SMTP. The MTA connects to the SMTP and then analyzes the mail exchange record
and the IP address of the sender, and then only accepts the message. Security
mechanisms such as authentication and negotiation are processed during the
exchange of data. Internet Engineering Task Force (IRTF) works on the
authentication process and finds ways to strengthen the system.
Mail Filter Applications' Use
Filter packages are
exclusionary schemes that are used to filter the mails according to the source
Siphon (Mac OS)
Chomper (Windows 95/85/NT)
Buster (Windows 9x/ ME/ NT/ XP/ 2000)
(Windows 9x/ ME/ NT/ XP/ 2000)
С.В. Гошко Энциклопедия по защите от вирусов.
Серия: Аспекты защиты. СОЛОН-Пресс, 2004 г.