Viruses can involve current versions of Microsoft Outlook in only one way: A user open a virus-infected attachment received via an Outlook e-mail message.
Because this is the most common way viruses spread, many system administrators block certain attachments at the server or use the Outlook Email Security Update to block such attachments at the client.
In the past, viruses took advantage of Outlook's programming capability and weak security and used automation to propagate. This is no longer possible, thanks to Outlook's security features. Users need to "do something" to infect their computer by email.
Beginning with the Outlook 2000 post-SP1 security update, it's unlikely that anyone will be affected by the HTML vulnerabilities or viruses that use the address book to propagate. While older versions of Outlook are still in use, virus writers moved on and found newer and better ways to infect computers. In most cases, they use some form of social engineering to convince users to open attachments which then install the virus.
These exploits are not limited to Outlook users - anyone who uses email is at risk from these new viruses - and any that viruses that collect addresses from your computer are more likely to get the addresses from a compromised web-based email account or social media account, not Outlook's address book.
The best way to avoid a virus infection is to think before opening attachments: if the email message doesn't make sense, don't open the attachment.
One time, long, long ago, Outlook's preview pane was insecure but it's now slightly more secure than opening a message to read it. In either case, thanks to Outlook's inability to use "active content" it's safe to read mail in either the reading pane or an opened message.
This page provides information on how to protect your computer from Outlook-related viruses. While the tips target Outlook, many of the tips apply to any email client.
Outlook Client Protection
To protect your machine from becoming infected with a virus received via Microsoft Outlook, you should:
Install the latest service packs and updates for your version of Outlook
Update Outlook, Internet Explorer, other web browsers, and other Windows components
Tighten e-mail attachment security
- Block additional file types by adding extensions to the Level1Add key.
- If you use both Outlook 2000 and Word 2000, install the Word 2000 SR-1 Update Mail Command Security to block possible unauthorized sending of messages through the plain text or HTML WordMail or "Office envelope" feature.
- If you use Outlook 2000, install the Microsoft Outlook CDO Security Update to apply the same level of security to the Collaboration Data Objects programming interface.
- If you use Outlook 98 and need to restore CDO for use by forms or applications, install the Microsoft Outlook CDO Security Update.
- Block .eml attachments. See Outlook Does Not Restrict Access to EML Attachments.Consider installing the Outlook E-mail Security Update. We do not recommend this patch for all systems. Do not install it unless you read the documentation and understand what it will do to your add-ins. If you install the Outlook E-mail Security Update, you may also want to install these updates that depend on it:
See Scanning for File Attachments for more ideas on tightening e-mail attachment security.
Practice good anti-virus safety
- Never open a file attachment that you did not expect to receive.
- Install an anti-virus program, keep it updated and scan all attached files before opening them. Remember that an anti-virus program may not protect you against the very latest viruses. It may only be as good as your last update.
Other optional protection ideas
- You may want to tighten the ability of Windows Script Host to run scripts on your system.
- You can use VBA code in Outlook 2000 or 2002 to convert all incoming HTML messages to either rich text or plain text. See To convert incoming HTML messages to Outlook Rich Text or plain text format.
- Configure Outlook 2003 to display all messages in plain text. Tools, Options, Preferences, E-mail Options and check the box to Read all standard mail in plain text.
- Use the Microsoft Personal Security Advisor to check for issues with permissions, hotfixes and other possible security vulnerabilities.
Scanning for File Attachments
Instead of blocking certain file attachments, you may want to look at these methods of controlling what happens to attachments.
- The Outlook Rules Wizard (and other automatic processing tools) can move all messages containing file attachments for a separate folder for later review.
- With Outlook 2000, you can write code to move incoming messages containing file attachments with certain extensions (.vbs, .exe, etc.) to a separate folder for later review. See To quarantine application file attachments with Microsoft Outlook 2000 VBA for sample code.
Also, make sure you know what type of file is actually attached. Some viruses use a double file extension, such as .jpg.vbs. If Windows is set not to show the extension for known file types, the recipient will see the attachment listed as a harmless .jpg file, not a potentially dangerous .vbs file. The solution is to use Tools | Folder Options or View | Options, depending on your Windows version, to change the setting to show extensions for all files.
Confirming File Transmissions
If you are concerned about viruses that use Outlook to propagate, you may want to require confirmation of all outgoing messages that contain file attachments. For a code sample, see To require confirmation when sending file attachments (Microsoft Outlook 2000 VBA)
Another approach is to set up Outlook not to send mail automatically. For Exchange Server users, this means setting up offline folders, working offline and synchronizing periodically. For Internet mail users, the exact settings depends on your version of Outlook, mode and Internet connection type, but you'll generally find the right options in Tools | Services, Tools | Accounts or Tools | Options.
Note, however, that the latest viruses include their own SMTP engine for sending mail, so these techniques may not actually block virus propagation.
More Information
Most versions of Outlook provide a way to filter largish incoming messages.
If you want to provide protection at the server level, as well as on the client, these tools can help:
- Anti-virus Tools
- Content Control Tools -- attachment filtering, among other techniques
Also see:
How to learn to operate outlook & ics calender dekstop files on windows? Entrepreneur in search of teams, learning, resources, intrapreneurship, remote jobs, more online for startups across multiple industries, sectors. Quora com profile Harsh-Entrepreneur
Thank you.
They did find some malware and it has been removed. No virus. I'm using Outlook 2007. I continue to receive multiple advertisements, but only to my ATT e-mail account. Here is the header, it look like to me that ATT is allowing this junk to go through. X-Antivirus: AVG for E-mail
X-Apparently-To: cftaylor45@att.net via 98.136.215.13; Mon, 07 Jul 2014 18:24:20 +0000
X-YahooFilteredBulk: 216.71.150.216
Received-SPF: pass (domain of opportune-by-distinct.milliry.com designates 216.71.150.216 as permitted sender)
X-YMailISG: _J2ZEnYWLDu9QjNhT_1aP55Uvm5OK.woM0Y3.Wp4Mr14G0w4
MmCGkKYk2SQFXweZuGy9bRtRCYsSac38dTkin227HNo94xRdw.ze3eu1ILPV
Pec4fmoHMnF3gUE1M7V37xv8QAE0YRyhvjuKPdq.dCHbInYr6CmXhCMg7tKA
U1JdWJPMfdFBLzDHhG_igX1vXycmIIdEqme4g3mK_osbuqp5aEeUGrWtfDZa
LPdKazdmpFjSfHumVwxXJw.wb2IR0mj7sglRmNJxqWoHdnWi868ENNLn1VAS
CSIjLL7K3xUTo5TjSpanXbouYp38nQdPc.2Awik7vjx1K.02SRe9NMamNZS9
Mcu03hDhr8V86no3Snz5BVBu0kojffS9AZWr0Qe48vtZ5CGdOCDujMfKIE.4
ZrR_cKSkJJb1_UaAyMOsfl1HPbd2jGtjP2NvSbtGExd99R6sXIS2In8NSeQY
QnqJOt8Z2veSwr6.6ImYiO0M2eHvUbWssFkEaoHBCiBCSs_otaAZ3MOZ.MJ4
UqwBsP0kumjvu24_gyKn4Mxqx4zyYoVcdh4HBfVKDnlkDBmKJbTYGiv.YfyC
e2uh.nOukM7rR1qXOgoMSJjMCXntDk_naXHchBKN4xURxuQPquApZTPs9Ls8
TH8I7VJTR1UX6jegRj8cbqegMnpNzGNbHhMYad4rlcMUq59hqB9ESSmYD34P
OkBtgaJRa6HMAioHio4MdKOSHMipTb_UNmPKxP4pLag5QN.eoeA4CuDcHXA3
1c01D0QA1c_tnsIJ5ebJ9un6Rqcgxe1aZaneEnQQSgM07MB6.Aw8bjnzzjhk
P9udb0DMVz4RW.NR0b3uRAvT2iWpt4O8aj4R7w4OTWSX5N0WMB9mvMLED37O
itNq8ppYFy8AXrBRDKHlemTpfxzpo0ILc_NXJdq_kiDVD2gNjgEJcOV98GBW
dLpVaNX5n6z9lU6n4tl0o1sUCwtaROzm_v_xrcz9Yf7f54OE2IBx632lYASp
uw.RrZgVEC3kc4.CzJAhXKX_Y8hGUsGPV5Xwh4OM2Rbjt1iljtaP7c4ICiBV
ukR6M1Jc.5m.he.obW974DXr6OMLH0IvwDO6zR3uB0vQqm.yMP3uYLH2nVPO
6NmDEVGawuNf.sIs_23U_Um5EP7CPnhOgq4gOp2bg1b_Uv.lO4xLIwZVZbzn
DVexQXlNM8Qr7p8zzhiH27IUvucdhbLpufYrMI4a9fJvS3qrjckXYHZpqZiB
o75IJz5.RXZiMKJjMDTHbmeefvw2HD.xTNWOYFwYhO63WR15jXfMJ7ml2Hkk
EaDgSYkBylPVuA8CbQDu9P.somst0kpDNjkLFdQ3.UwJxgP_zYCgIAPAxA7d
Cw6KhEMUKMDg8pgYojfp
X-Originating-IP: [216.71.150.216]
Authentication-Results: mta1091.sbc.mail.bf1.yahoo.com from=; domainkeys=neutral (no sig); from=; dkim=neutral (no sig)
Received: from 8.7.44.44 (EHLO fgateway13.isp.att.net) (204.127.217.83)
by mta1091.sbc.mail.bf1.yahoo.com with SMTP; Mon, 07 Jul 2014 18:24:20 +0000
Received: from opportune-by-distinct.milliry.com ([216.71.150.216])
by att.net (frfwmxc13) with ESMTP
id ; Mon, 7 Jul 2014 18:24:18 +0000
X-Originating-IP: [216.71.150.216]
Received: from opportune-by-distinct.milliry.com (216.71.150.216) by jetteadam.net (PowerMTA(TM) v4.0r8) id g5syZQ4O2ez for ; Mon, 07 Jul 2014 11:24:11 PDT (envelope-from )
Date: Mon, 07 Jul 2014 11:13:27 PDT
Mime-Version: 1.0
Content-Type: text/html
From: Vydox Male Supplement
To: cftaylor45@att.net
Subject: [Bulk] =?UTF-8?Q?_cftaylor45_Get__your__free__trial__of__Vydox__Today!___?=
It gets through in part because the SP{F record reduces the change it will be labeled spam:
Received-SPF: pass (domain of opportune-by-distinct.milliry.com designates 216.71.150.216 as permitted sender)
I keep getting advertising e-mails that go to my junk folder. The sender is using a fake AT&T user name. My cable provider informed me that I have a virus that is causing this and wants to charge me to "fix" it. I was using Windows software to keep me safe. I have since used CCleaner to clean up my system, Malewarebytes anti-malware to clean the system and AVG 2014 to remove any virus. What am I missing?
Did those products find anything? If the cable provider said you are infected (because of things their monitoring equipment picked up), you probably are - you are unlikely to get the mail your virus sends though, so it might be unrelated. The spam viruses have their own smtp server, they don't use outlook. If you look at the message header on the spam, the IP address in it will show if it comes from your computer or from another computer.
If you called the cable company to ask about it and they said it was coming from you, they could be clueless. :)
if you aren't sure how to read the header, you can post it here and I'll look at it. (I'll remove all personal information before approving it.)
https://www.slipstick.com/outlook/email/to-view-internet-headers/
I am having trouble with email coming into me as 'returns. undeliverable. These are email that I never send out in the first place. They seem to come from mainly China. I have ruin all the virus systems that I can think of but somewhere there is a virus or worm that is generating these return. here is an example of the type of return that I get. ll the text is in Chines but this ***@126.com is the main culprit.
This morning I got 196 "returns" on emails that I never even sent.
Please help. T
Some spammer is using your email address as the 'from' address - there is nothing you can do about it, other than create a rule to delete the mail. If any of the NDR's have the full header of the original message, triple check to verify it was not sent through your SMTP server (if so, change your password asap). You may want to consider changing your password regardless.