Version: * | |
For: Outlook Express 5.0+ | Windows Mail 6.0+
Last Reviewed/Updated: 18 Feb 2014 | Published: 26 Sep 2001 | Status: Active
An email client is a program that allows users to compose, send, receive, and read email messages. Outlook Express (OLEXP) is the email client included with Windows 98, Windows ME, Windows 2000 Professional, and Windows XP. Windows Mail (WMAIL), the successor to Outlook Express, is the email client included with Windows Vista.
OLEXP/WMAIL organizes email messages into folders. The default OLEXP/WMAIL folders are listed under Local Folders and include an Inbox, Outbox, Sent Items, Deleted Items, and Drafts folder (OLEXP/WMAIL), and a Junk E-mail folder (WMAIL).
By default, when an OLEXP/WMAIL folder is opened, two panes appear; 1.) a top right pane that lists the folder's email messages, and 2.) a bottom right pane, known as the Preview Pane, that displays the email message selected in the top right pane. Also by default when an OLEXP/WMAIL folder is opened, the last email message listed in the top right pane is automatically selected and, therefore, displayed in the Preview Pane. The OLEXP 5.0, 5.5, 6.0, and WMAIL 6.0 Preview Panes are shown below:
Email is frequently used to distribute malware, including, but not limited to, viruses, worms, and trojans. The most common method for distributing malware through email involves packaging the malware as an email attachment. For infection to occur, the attachment must be executed. In the vast majority of cases, execution of the attachment requires the user to interact with the attachment, for example, by double clicking the attachment or otherwise trying to open or run it. In a few cases, however, simply opening the email message, itself, can execute the attachment. Here, the email message, itself, contains specially crafted code that executes the attachment as soon as the email message is opened. One of the most infamous worms of all time, W32.Nimda.A@mm (symantec.com) (described by Symantec 18Sep01), is an example of malware packaged as an email attachment in which infection is triggered by simply opening the email message.
A less common method for distributing malware through email is attachment independent and involves packaging the malware into the email message, itself. For infection to occur, the email message simply needs to be opened. Two of the first examples of malware packaged into an email message in which infection is triggered by simply opening the email message included the VBS.BubbleBoy (symantec.com) worm (described by Symantec 09Nov99) and the Wscript.KakWorm (symantec.com) worm (described by Symantec 30Dec09).
By default, when an OLEXP/WMAIL folder is opened, the last email message listed in the folder is automatically selected and opened in the OLEXP/WMAIL Preview Pane. This behavior, intended as a convenience, is unfortunate for, if the last email message listed in an OLEXP/WMAIL folder harbors malware in which infection is triggered by simply opening the email message, then simply opening the OLEXP/WMAIL folder results in malware infection. Also by default, selecting any email message in the OLEXP/WMAIL top right pane automatically opens the email message in the Preview Pane. This behavior, also intended as a convenience, is also unfortunate for, if any email message listed anywhere in an OLEXP/WMAIL folder harbors malware in which infection is triggered by simply opening the email message, then simply selecting the email message, including to delete it, results in malware infection.
Fortunately, the default behavior of OLEXP/WMAIL, to automatically open email messages (in the Preview Pane), can be disabled by disabling the OLEXP/WMAIL Preview Pane. After the OLEXP/WMAIL Preview Pane is disabled, OLEXP/WMAIL folders can be opened, and email messages listed in the folders can be selected and deleted without the email messages being opened and triggering malware infection. This Web page describes how to prevent infection by malware that exploits OLEXP/WMAIL Preview Pane vulnerabilities by disabling the Preview Pane.