GMail allows attachment with virus to get through!

Today I got tons of e-mail messages in my GMail account purported to have come from none other than my wife from, well, none other than her gmail account. Initially I thought they came from somebody else’s machine which had been infected with some virus. Unfortunately, the arrival of these virulent messages coincided with her notebook being online. The strangest thing is she has got Trend Micro OfficeScan running on her notebook. The same virus scanner would quickly identify the payload of the messages to contain the WORM_NYXEM.E worm when I used the ‘Show Original’ button on GMail.

Another thing I don’t understand is GMail is supposed to scan attachments on incoming messages for virus. I suppose the virus scanner GMail uses doesn’t know about this virus yet? Impossible!

Also, GMail should be able to easily identify that the messages’ sender identity has been spoofed. GMail seems to be supporting SPF (Sender Policy Framework) and it should be able to identify the originating addresses of the messages as not coming from its machines.

2 Comments (+add yours?)

  1. amin
    Jun 17, 2006 @ 11:39:12

    maybe they haven’t got this new virus’ definition?

    Reply

  2. myusri
    Jun 17, 2006 @ 15:08:17

    Dear amin,

    Actually after some “investigative” work after the episode, it was confirmed that the viral e-mail messages did not come from my wife’s notebook. It came from somebody at a housing development office in the super hi-tech Cyberia. But the funny thing is the virus did not try to impersonate many people. It only impersonated my wife and this person.

    Typically, GMail would have put these messages into the spam folder but I think because the “sender” was my wife who is in my address book, it decided to err on the “safer” side. I don’t know.

    If you actually try to look at the raw e-mail message (“show original”), you could see the virus payload is there and Trend Micro would immediately detected it as the “raw” e-mail message would have ended up in the browser cache.

    I think GMail should have at least pulverized the virus payload. If it knew about the virus, that is. Maybe you are right. GMail could not detect this virus somehow. Kind of impossible with Google resources but who knows.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: