0

So I recently encountered a phishing email, I didn't follow the link of course, but I noticed it had a attachment file of 1KB I didn't download it, but was wondering whether it was possible to be infected with malware just from simply opening the email? I've read numerous times in regards to spam emails to not even open them?

I accessed my emails via " outlook.com " using Microsoft Edge if that makes any difference to the circumstance.

EmailMalicious
  • 1
  • Does this answer your question? [Why is it dangerous to open a suspicious email?](https://security.stackexchange.com/questions/135884/why-is-it-dangerous-to-open-a-suspicious-email) – browly May 14 '20 at 20:34

1 Answers1

-1

it was possible to be infected with malware just from simply opening the email?

Yes, technically it is. [1, 2] Images can have embedded content that is run when your browser or email client trusts external senders (e.g. showing pictures in emails by default). This is why it is especially important to not trust pictures in emails by default unless you know the sender (at home and in corporate environments).

It is of course easier (and additional attack methods are made possible) for an attacker to include a malicious payload in an attachment or website to which they link to in an email -- even at 1KB (though admittedly this is a very small attachment size).

[1] https://www.opswat.com/blog/image-borne-malware-how-viewing-image-can-infect-device

[2] http://www.acenyethehackerguy.com/2017/11/capturing-creds-through-email-and-html.html

coderichardson
  • 180
  • 6
  • I'm skeptical. I didn't watch the full presentation related to the first link, but I watched more than half anyway, and in the end it looks like you can put malware in an image, but you still need to execute a "decoder" that runs the payload. He managed to put the decoder inside the image as well, creating an executable image, but that image had to be run as JavaScript in – reed May 15 '20 at 10:30