Complete Guide to Email Viruses & Best Practices to Avoid Infections

You’re probably familiar with email viruses and the unpleasant consequences they can have for users, but are you aware of the serious implications that an infection could have for your company?

Email viruses are extremely prevalent and can compromise sensitive information, destroy data, harm hardware and waste copious amounts of time, resources and energy. User-downloaded viruses are responsible for 2,000,000 to 5,000,000 attacks per day. Some notorious viruses have resulted in billions of dollars worth of damages. 

The majority of computer viruses are email viruses, making an effective email security strategy critical in protecting your business from viruses, malware, and other malicious threats. With the rapid evolution of email attacks such as zero-day exploits and ransomware, traditional antivirus software is insufficient in protecting users against dangerous and costly attacks. In order to provide effective email protection, this technology must be implemented as part of a proactive, fully supported cloud email security solution that provides comprehensive, real-time email vigilance.

What are Email Viruses and How Do They Work?

Email viruses, which constitute the majority of computer viruses, consists of malicious code that is distributed in email messages, and can be activated when a user clicks on a link in an email message, downloads an email attachment or interacts in some other way with the body of an infected email.

Virus emails are usually programmed to be sent to everyone in the victim's address book once his or her computer has been infected, and tend to proliferate very quickly as a result.

How Is an Email Virus Delivered?

Viruses are commonly linked to phishing attacks, in which threat actors send out fraudulent emails from spoofed or compromised accounts that appear as if they have been sent from authorized sources with the goal of tricking users into sharing sensitive information. These attacks often leverage stealthy social engineering techniques to manipulate psychology and deceive victims. Spam, ransomware, business email compromise (BEC), whaling and ransomware are among other attacks that are notorious for infecting systems and compromising networks with email viruses. Viruses can be included as an attachment in a malicious email, or in the body of the email itself. 

Some viruses capitalize on nothing but user naivety. Have you ever forwarded a chain letter, a virus warning or a desperate plea for help? If so, you probably fell for a hoax and helped to spread a virus. In these scenarios, the virus is the email itself. Collectively, these emails clog up mail servers and inboxes and frequently result in denying service to legitimate users while the system processes these bulk messages.

Types of Email Viruses

There are many different forms of email viruses, and new zero-day viruses are rapidly emerging, making securing email in this modern digital threat environment even more complex. Some types of email viruses are more dangerous than others. A few of the most threatening types of email viruses include:

• Boot sector viruses: For the majority of users, this type of virus is one of the most dangerous types that exist. These viruses spread on the master boot record, making them very difficult to remove and frequently resulting in a full system reformat.
• Direct action viruses: This type of virus is one of the two main types that infect files. These viruses work through files that they attach to, rather than hiding in a computer’s memory or installing themselves. When a user clicks on an infected file, the attached virus is activated and continues to spread. Although direct action viruses make files inaccessible, they don’t affect a system’s performance.
• Resident viruses: Like direct action viruses, resident viruses infect files. However, this type of virus installs itself on a PC. These viruses are especially dangerous because they can persist even after the primary source of the virus is removed.
• Multipartite viruses: This type of virus can spread in various ways and can behave in a different manner depending on factors such as a PC’s operating system. These viruses can infect the boot sector as well as files on a computer and can spread extremely rapidly and be very difficult to remove as a result.
• Keyloggers: A keylogger is a type of spyware that, when installed on a device, enables a malicious actor to track and log the keys that the users strikes on his or her keyboard, capturing information that is typed such as personal and financial data, PIN codes and account numbers, credit card numbers, usernames, passwords, and other sensitive data without the user's knowledge. This information can be used to commit fraud or identity theft.
• Polymorphic viruses: This type of virus changes its signature when it reproduces, masquerading as a different and seemingly harmless file. These viruses are especially threatening because antivirus programs have a very hard time detecting them. Because traditional antivirus software can only blacklist a single virus variant, many programs take months to identify a single polymorphic virus.

Polymorphic Viruses and Pattern Avoidance

Polymorphic viruses are those which have code in them that changes how they operate, thus defeating detection by normal methods. These complex and especially dangerous viruses employ various tactics to modify themselves during each infection. They vary their physical file makeup by encrypting their codes and using different encryption keys generated by mutation engines each time that they infect a device. This technique allows the majority of polymorphic viruses to remain undetected by antivirus software which is engineered to recognize a static, unchanging code.

Polymorphic viruses are usually spread via spam email, malware or infected websites. VIRLOCK, one of the most notorious polymorphic viruses, evolved to combine file infection and ransomware, making it especially difficult to detect and remove.

How are Email Viruses Detected?

As computer viruses have become increasingly problematic, methods of detection have evolved to combat them. There are several different methods that antivirus programs employ to identify viruses, malware and other computer threats. These methods include:

• Signature-based detection: Traditional antivirus software relies heavily on signature-based detection to identify viruses and malware. In this method, each time a new malware variant is discovered and arrives in the hands of an antivirus company, a signature of the file is extracted and added to the signatures database of the antivirus software. This approach has its limitations, as threat actors have tried to outsmart signature-based antivirus software by creating advanced viruses which modify themselves as a method of disguise to avoid matching existing virus signatures.
• Heuristics: Heuristic analysis is a popular and effective method for detecting previously unknown viruses, as well as new variants of viruses already in the wild by examining code for suspicious properties. This technique determines the susceptibility of a system to a particular threat using various weighing methods or decision rules. Heuristics analysis is one of the few methods capable of identifying polymorphic viruses.
• Real-time protection: Real-time protection refers to the automatic protection provided by many antivirus and anti-malware programs, which monitors systems for suspicious activity.
• Sandbox detection: This behavior-based detection technique runs programs in a virtual environment, logging programs’ actions and behaviors. Depending on the actions logged, antivirus engines that utilize this technique can determine whether a program is malicious or not. This technique has proven to be highly effective, but is rarely used in end-user antivirus solutions due to its slowness.
• Data mining techniques: In this relatively new approach to virus and malware detection, data mining and machine learning algorithms are used to classify the behavior of a file and determine whether it is malicious or benign depending on a series of features that are extracted from the file.

Regardless of the techniques that it utilizes to detect viruses and other threats, antivirus software has its limitations. For instance, antivirus programs are often ineffective in detecting zero-day viruses. Even those that use non-signature-based methods frequently fall short. Virus designers test the new viruses that they create on established antivirus applications to ensure that they are not detected before releasing these viruses into the wild.

Best Practices for Recognizing Email Viruses & Preventing Infections

Knowing how to recognize an email virus, as well as implementing basic email security best practices, is imperative in protecting yourself and your company from infection. Here are some tips for identifying viruses and preventing infection:

• Refrain from clicking through links embedded in email messages
• Avoid opening potentially dangerous email attachments that are included in emails from unknown senders
• Scan all attachments for malware
• Keep an eye out for phishing emails - See what if you clicked on a Phishing link
• Keep your mail client, operating system and web browser updated and patched
• Do not open any executable files included as email attachments - attackers often name these files with two extensions in an effort to disguise them
• Ensure that your mail program is set to not automatically download and open attachments or display HTML content
• Verify the source of any suspicious email that you receive
• Avoid forwarding emails unless you have verified that they are legitimate 
• Be cautious when sharing your email address - if it gets in the wrong hands, it can be used to send a convincing email containing a virus your way 
• Get a text preview in your email service - content previews give you a glance at the content in an email without having to click on the email
• Close pop-up ads by right-clicking on them in your taskbar - not by clicking the “X” in the corner 
• Implement a comprehensive, fully-managed cloud email security solution that provides complete end-to-end control of your email
• Always remember: act smart, not fast!

How to Protect Against Email Viruses

Antivirus software plays an important role in protecting against email viruses; however, this technology must be implemented as an element of a comprehensive, multi-layered cloud email security solution to effectively combat advanced attacks.

Defense in depth is imperative to a successful email security approach. No one single security feature or piece of antivirus software is sufficient in protecting against today’s sophisticated email threats like ransomware, spear phishing, and zero-day attacks. Look for an cloud email security solution comprised of multiple layers of protection that work harmoniously to detect and block avanced and emeging threats in real-time, prevening the potential harm and tremendous inconvenience that can result from email viruses or other malicious threats.

How Guardian Digital Can Help

Guardian Digital EnGarde Cloud Email Security provides proactive, multi-tiered protection against viruses, malware, spam email and the other dangerous attacks that threaten email users every day. Benefits of choosing EnGarde to secure your business email include:

• Multi-layered architecture, where individual layers of security work in concert to provide complete, resilient protection
• Fully-managed, end-to-end control of your email, preventing malicious messages from reaching the inbox
• Adaptive antivirus engines and advanced heuristics technologies capable of detecting the most advanced polymorphic viruses and malware variants
• Secure endpoint encryption using strong cryptography
• Tighter security, flexible implementation and eliminated risk of vendor lock-in through the use of a transparent, collaborative development approach
• Centrally managed cloud-based administration
• Exceptional 24x7x365 customer support, conveniently providing you with the peace of mind to focus on aspects of running your business besides email security

Want to learn more about viruses and how to prevent them from infecting your devices and networks?

Do you have any questions or concerns about computer viruses and how to protect against them that haven’t been addressed in this article? Please do not hesitate to contact us. We would love to help!