New worm in Email doesn't need an attachment
Now just previewing an email can be infectous according to this 'Business News Factor'article :
A handful of Bagle worm variants are attacking Windows users with an insidious new twist: They can infect computers without tricking them into opening a file attachment -- opening an e-mail is all it takes.
The passel of new worms sport a virtual alphabet soup of labels: "Bagle.q," "Bagle.r," "Bagle.s" and "Bagle.t." Some security firms have dubbed the new variants "beagle." They are mutations of the original Bagle worm first discovered in January.
Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft (Nasdaq: MSFT - news) has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk.
The e-mails carrying the new Bagle variants do not have attachments. Experts speculate that the virus writers developed this non-attachment technique to bypass a common firewall technique called "gateway scanning," which intercepts any e-mail with an attachment.
When a user open an e-mail carrying one of these new Bagle variants, the e-mail "goes back out to the Internet and tries to find a certain server that has the Bagle executable on it and bring it down through HTTP," Belthoff said.
This is a two-step process, he explained. First, the carrier e-mail connects though Port 81 to the host server, and opens up a maliciously coded HTML file. Then, a visual basic script (VBS) file is sent to the victim's machine, which connects to the same server and downloads the virus via HTTP.