Forum Discussion

nigelss's avatar
nigelss
Up to speed
9 months ago
Solved

VM Webmail interface security issue?

The VM webmail inbox displays a list of posts on the left hand side and the content of the currently selected email on the right. If i delete that email, webmail automatically selects and displays the next email in the inbox. That email could be a malicious email  which I would have selected for immediate deletion without allowing it to be displayed. I can find no way of stopping webmail from automatically displaying the content of the next message when I delete one. I believe that just the act of opening some malicious emails can infect one's tablet, laptop, whatever, even without clicking on any links in the message or opening any attachments. I am currently using a tablet because my laptop was infected by a spoof vm email last Friday. The laptop is quarantined and not able to access the internet. I changed all my passwords using my tablet to make sure there was no possibility of malware on the laptop logging my keystrokes. I have been incredibly careful about which sites I have visited with the tablet and intended to use it for banking etc. while I resolve what to do about the laptop situation. When I last used VM webmail with my tablet on Tuesday and deleted a message it did as described above and automatically opened another spoof VM email. Is my tablet now unsafe to use too? HOw can I stop automatic display of email content. Can your internet security team please advise? Thanks.


  • nigelss wrote:

    The VM webmail inbox displays a list of posts on the left hand side and the content of the currently selected email on the right.

    HOw can I stop automatic display of email content


    That sounds as if you have VM Webmail set to display the "Vertical" view of your emails.

    You could try changing that to the  "List" view, With that setting the right hand panel  just shows a list of the Subject lines of the emails in the inbox and you have to click on an email to open it.. 

    • Click on "View" at the top of that right pane.
    • That will give you a list of the view options. I think the "List" setting is what you are asking for.

    To improve the security of  incoming email click on the cog icon) again top right. Then from the drop down list click on Security .

    Then make sure that the box against "Allow pre-loading of externally linked images" is unticked. I think that is VM's default setting but it may have been updated at some point. It's definitely safer not to allow the system to open allow those links to be opened by default.

    If that box is unticked it means that if an email does contain external links you will be asked whether you want to allow them to be accessed. Only allow them if you trust the sender.

    Coenoby

     

  • goslow's avatar
    goslow
    Alessandro Volta

    You normally have to do something to enable malware via an email. In your previous topic you said that you opened a PDF, clicked a link and entered some of your account info.

    If you are using VM webmail you would have some protection from the security settings of the browser and any anti-virus on the device you are using as well as whatever security measures VM uses on its email services (if they work). You could (I assume) also set incoming emails to read as text only if you are concerned about HTML content.

    For improved features and security, migrate away from VM email altogether and use another/better email provider.

    • nigelss's avatar
      nigelss
      Up to speed

      I did some research last weekend. There has been a huge increase in the number of malicious emails getting through to users. They are typically sent using outlook on an infected machine. All trace of sending the emails is deleted from outlook. Remote malware sends lists of email addresses to the infected machine which sends the malicious emails. Doing this means the emails pass the three main tests (spf, dkims, forgotten the third one) and get through to the target mailbox. Take that email that knocked my laptop out, admittedly by my own stupidity. Virustotal.com tests revealed that only 1 out of 60 antivirus companies flagged it as dangerous. I tried running that company's antivirus software on the laptop after it was infected. Full scan which took hours. It found the email, no surprise there, but nothing else - clean bill of health - on a known infected machine. Someone changed the pdf file association to use google chrome acrobat reader instead of adobe and it was not me! I scanned the pdf with defender before opening it last Friday. Clean bill of health. Not the case. Also ran a full scan of defender on the infected laptop. Nothing found. Bottom line is that at this time many more malicious emails will get past email filters as being from valid senders because they are valid senders. Email malware checks will not flag them as dangerous. Only 1 out of 60 companies picked up the trojan on analysing the dodgy email I received. Once infected, antivirus scans do not detect problems. Also from what I read last weekend, the malware is expert at evading detection on an infected machine. I will probably do a factory reset on this tablet just to be sure before logging in anywhere else. I don't think there is any possibility of  cleaning the laptop and being sure it is clean. Wipe and reinstall everything? Cut my losses, buy a new laptop and install apps I use because the laptop is old and cannot run W11? Tempting. What a situation, and all because of a stupid click.

    • nigelss's avatar
      nigelss
      Up to speed

      Thanks for the plain text suggestion. I will look for the option next time I log in to webmail after factory resetting this tablet. Yes, I did open an attachment, but according to an article I read, modern versions of html make it possible for cybercriminals to inject malware within the html itself, so no need to click a link or open an attachment. That is why I am concerned about VM webmail automatically opening messages. Only displaying plain text will get round the html issue, but how many people actually do that?

      I do not usually use VM webmail. I use a really good email client on my laptop (not Outlook!) but I don't have that option at present because there ain't no way my laptop is going on-line while infected. Since posting in that other topic some days ago I now know that the malware involved is much more deadly than stealing some login details. I would still ask VM to answer my original question about stopping automatic display of email content and their view on malicious no-click html emails.

  • goslow's avatar
    goslow
    Alessandro Volta

    It is easy (and understandable) to go into security overdrive after a malware incident but, as I think you mentioned on another post, this was the first time it has happened to you over a long time of you using computers.

    Dealing with malware is a never-ending cat-and-mouse exercise between the scammers and the hardware/software suppliers. If you keep your devices up to date with security updates, and you exercise all practical standard security precautions, then you have done all you can to minimise the risks.

    Preventing the laptop from connecting to the internet is wise until you have resolved the malware issue. If you use Windows Defender you could use both the scan from within Windows and the offline version outside of Windows (accessible via 'Scan Options'). I have also found Malwarebytes is a useful tool too (which I think you can use for free for a basic scan).

    I think you said you had an image of your laptop the day before the malware incident happened. Assuming that disk image is unaffected, then you could restore from that. That is what backup images are for after all! Particularly good if you have one from the day before it all happened.

    • nigelss's avatar
      nigelss
      Up to speed

      Been on the net since 1995. Yes, everything is kept upto date. Windows Defender off-line and full scans run last weekend. Nothing detected. Malwarebytes is not an option. No way the infected laptop is going on the internet. I have no way of downloading an executable and getting it onto the infected machine via flashstick. The laptop did its best to protect itself. It took a human idiot to take the fatal actions in my case!

  • goslow's avatar
    goslow
    Alessandro Volta

    In which case just re-image the laptop if you have a good image from the day before the malware incident.

    • nigelss's avatar
      nigelss
      Up to speed

      I don't know for sure I do have a good image. Acronis boot recovery software says it is corrupt. I did recover my user files to an external drive anyway, all reported successful, so it could be my user stuff was not corrupted but other stuff is. I cannot take the chance of trying a full restore on original hard drive. If it fails I lose everything so if there is a problem with the backup files I recovered I'm in even bigger trouble. That's why I would do it on a clone, and I would have to buy another drive to try it. But is that just throwing money away when it could go towards a new laptop as my current one is 10 years old?

      • goslow's avatar
        goslow
        Alessandro Volta

        Prices start from £10-ish for a cheapo-matic 2.5" SSD, £20-ish for a 256GB brand name SSD. Certainly cheaper than a new laptop!

  • coenoby's avatar
    coenoby
    Very Insightful Person

    nigelss wrote:

    The VM webmail inbox displays a list of posts on the left hand side and the content of the currently selected email on the right.

    HOw can I stop automatic display of email content


    That sounds as if you have VM Webmail set to display the "Vertical" view of your emails.

    You could try changing that to the  "List" view, With that setting the right hand panel  just shows a list of the Subject lines of the emails in the inbox and you have to click on an email to open it.. 

    • Click on "View" at the top of that right pane.
    • That will give you a list of the view options. I think the "List" setting is what you are asking for.

    To improve the security of  incoming email click on the cog icon) again top right. Then from the drop down list click on Security .

    Then make sure that the box against "Allow pre-loading of externally linked images" is unticked. I think that is VM's default setting but it may have been updated at some point. It's definitely safer not to allow the system to open allow those links to be opened by default.

    If that box is unticked it means that if an email does contain external links you will be asked whether you want to allow them to be accessed. Only allow them if you trust the sender.

    Coenoby

     

    • nigelss's avatar
      nigelss
      Up to speed
      • Many thanks for your advice. So it's list view for me, and plain text if I can find the option again. Allow preloading is already unticked as I recall.