[BlackberryFan2009]

How safe is receiving emails on the BB Bold 9700?

What if i open an email with a virus attached. How safe is receiving emails via the BB device?

[Radius]

BB's use a JVM, meaning nothing executes natively on the phone. You are safe from viruses.

[Laura Knotek]

There are no known viruses for BlackBerry. Any Windows virus would have no effect.

Posted from my BlackBerry using BerryBlab

[amazinglygraceless]

$64,000 question. If said infected file / attachment is saved to the memory card
is it not possible to infect ones computer. The thing is like any other removable
drive, correct?

[elvin1983]

$64,000 question. If said infected file / attachment is saved to the memory card
is it not possible to infect ones computer. The thing is like any other removable
drive, correct?

I believe so, I had something similar to this happen to me once. Some moron from my work wanted me to look at something he had saved to his flash drive. Plugged it into my computer, and some program that was on his flash drive burrowed itself into my computer, causing all kinds of havoc. It then proceeded to copy itself and add it to any flash drive that was plugged into the computer, which happened to include my BB, and my boss' BB (both of which I placed into "Mass Storage Mode" to access the media card). Luckily I caught it before plugging my BB into my personal computer at home where it could then cause the same havoc.

I would assume that downloading a virus infected attachment directly to the media card would carry the virus in a similar fashion.

[amazinglygraceless]

Thanks Elvin. It's good to get that on the table. I think people tend to look at
only half of the virus equation when it comes to smartphones, especially BBs.

[elvin1983]

Thanks Elvin. It's good to get that on the table. I think people tend to look at
only half of the virus equation when it comes to smartphones, especially BBs.

Yep, I know I probably wouldn't have thought about it if something like this hadn't happened to me... It's kind of scary, makes you think about where you're plugging your BB into to get at the files you have stored. Something you happen to pick up off of someone's computer or e-mail could be easily transferred onto your personal PC, or a work PC. Nasty stuff...

[Branta]

I would assume that downloading a virus infected attachment directly to the media card would carry the virus in a similar fashion.

It is undesirable to save malware from emails, but almost certainly not too dangerous, unless you went to some trouble to ensure filenames and locations. The Windows "autorun" system relies on having a file "autorun.inf" in the root of the removable drive. This file contains a reference to the malicious file to be automatically executed - without it nothing happens when you connect on the PC. It is unlikely you would save the mail attachment to the root of the USB device, and unlikely you would name it "autorun.inf" AND also save a malicious executable.

[Thud Hardsmack]

Thanks Elvin. It's good to get that on the table. I think people tend to look at
only half of the virus equation when it comes to smartphones, especially BBs.

+1 on this; we have a few coworkers that seem to think their devices are some sort of "firewall" and will use them to check out suspicious sites/attachements thinking that by doing so they're impervious to infection. And these are people that know better than to open such emails and go to.. unsafe.. sites, but feel quite safe using their phones for such things. It's gotten so prevalent here that IT not only put out a few memos on the subject, they've disabled all terminal USB ports; only active ones are in IT. They just don't realize that the device can CARRY malware without being infected, just like Linux and Macs, and will propagate anything as soon as it's plugged in and/or email forwarded, as mentioned above.

[elvin1983]

It is undesirable to save malware from emails, but almost certainly not too dangerous, unless you went to some trouble to ensure filenames and locations. The Windows "autorun" system relies on having a file "autorun.inf" in the root of the removable drive. This file contains a reference to the malicious file to be automatically executed - without it nothing happens when you connect on the PC. It is unlikely you would save the mail attachment to the root of the USB device, and unlikely you would name it "autorun.inf" AND also save a malicious executable.

That also makes sense, and isn't something that I had originally thought of. The malicious file that wormed it's way onto my computer, and then copied itself onto my media card did have an autorun file attached to it, and as I explained above, I didn't download it from an e-mail.

Is it incorrect to think that an autorun file could somehow be buried into a malicious e-mail attachment?

[Radius]

What you guys are describing isn't as easy as you think it is. The original virus did not come in an email, it's what's called an autorun trojan.

If you plug in the memory card into the PC and autorun is enabled (which it should NEVER be) then you can get infected and infect other flash drives and perpetuate the little bugger.

In order to get it in the correct place on your media card you need to specifically save it there otherwise it won't work anyhow.

So getting one via email is not so easy.

[Thud Hardsmack]

That also makes sense, and isn't something that I had originally thought of. The malicious file that wormed it's way onto my computer, and then copied itself onto my media card did have an autorun file attached to it, and as I explained above, I didn't download it from an e-mail.

Is it incorrect to think that an autorun file could somehow be buried into a malicious e-mail attachment?

I think that would depend on the type of attachment, but as all attachments are code and must be read and executed in order to be displayed I don't think it's out of the question. I think it would be easily inserted if it was a txt file and saved to storage that way. I remember the Conficker worm could write its own autoplay file, stick that on removeable media, and it looked like you were only opening a folder. I can't remember if it harvested addresses and sent itself in emails though.

[Branta]

Is it incorrect to think that an autorun file could somehow be buried into a malicious e-mail attachment?

That is a frequently encountered scenario - the fear of most IT admins in a business environment. Here is (quickly and roughly) one way it is done.

Like many parasites the malware exists in two forms for different parts of its life cycle. There is (a) one or more files which install onto the computer's hard disk, and execute every time the PC is started, (b) the file combination which exists on the USB or other removable storage, and sometimes (c) an executable file designed to be attached to email.

Let's start at the initial distribution with type (c). Bad Guy creates and packages a Windows executable which is the primary loader for the malware. Because nobody will look at it if it is named Virus.exe, he renames it "CelebrityNude.jpg.exe". He attaches this to an email, or puts it onto a website with a URL in spammed email, and relies on a dumb default in Windows. This hides ".exe" from naive users who will see "CelebrityNude.jpg" and (Bad Guy hopes) will click on it from within the mail program hoping to see a naked female. Instead Windows will apply the default action for the .exe file type, and the file is executed as a program which installs malware to the PC as type (a) file, and the user is disappointed when no picture appears.

Type (a) loads automatically every time the computer is started, and has two actions. (a1) it looks for USB devices getting attached and writes type (b) files to the USB, and more importantly (a2) it does something bad like try to steal passwords, and/or open a remote control backdoor so the bad guy can take control of the victim's PC over the internet and use it for more evil which he doesn't want to do directly from his own computers. (It may become a zombie in a botnet and be used for mass spamming)

Type (b) files have only one purpose in life. They hide on USB storage devices and wait to be connected to another Windows computer with Autorun enabled, so they can install type(a) files to the PC. In some cases type (b) may even be a simple generic downloader which connects to Bad Guy's server and pulls down the latest version of the malware to be installed.

[amazinglygraceless]

What you guys are describing isn't as easy as you think it is.

"Not easy" does not mean "not possible" and that is the whole point. It's just
to make sure people do not develop some sort of myopia and think everything
they do on the device is completely bulletproof.

[elvin1983]

Now that I've been thinking about this whole thing, I do remember how the program got on my PC in the first place, when it asked me what I wanted to do with the flash drive originally, I clicked on the icon to view the files using the program on the flash drive, which threw the stuff on my PC, but I don't think that explains how the same program automatically placed itself on my media card, and my boss's...

Anyways, back on topic, I can understand what you're saying Radius, thanks for the clarification!

[elvin1983]

That is a frequently encountered scenario - the fear of most IT admins in a business environment. Here is (quickly and roughly) one way it is done.

Like many parasites the malware exists in two forms for different parts of its life cycle. There is (a) one or more files which install onto the computer's hard disk, and execute every time the PC is started, (b) the file combination which exists on the USB or other removable storage, and sometimes (c) an executable file designed to be attached to email.

Let's start at the initial distribution with type (c). Bad Guy creates and packages a Windows executable which is the primary loader for the malware. Because nobody will look at it if it is named Virus.exe, he renames it "CelebrityNude.jpg.exe". He attaches this to an email, or puts it onto a website with a URL in spammed email, and relies on a dumb default in Windows. This hides ".exe" from naive users who will see "CelebrityNude.jpg" and (Bad Guy hopes) will click on it from within the mail program hoping to see a naked female. Instead Windows will apply the default action for the .exe file type, and the file is executed as a program which installs malware to the PC as type (a) file, and the user is disappointed when no picture appears.

Type (a) loads automatically every time the computer is started, and has two actions. (a1) it looks for USB devices getting attached and writes type (b) files to the USB, and more importantly (a2) it does something bad like try to steal passwords, and/or open a remote control backdoor so the bad guy can take control of the victim's PC over the internet and use it for more evil which he doesn't want to do directly from his own computers. (It may become a zombie in a botnet and be used for mass spamming)

Type (b) files have only one purpose in life. They hide on USB storage devices and wait to be connected to another Windows computer with Autorun enabled, so they can install type(a) files to the PC. In some cases type (b) may even be a simple generic downloader which connects to Bad Guy's server and pulls down the latest version of the malware to be installed.

Ah I see I see, good to know! I never knew any of this stuff...

Another question, for you & Radius, and whomever else may know, I didn't know that autorun was a "program" of sorts that could be turned off, I thought it was just a process that happens automatically, like when you put a CD-ROM disc into the drive, and it automatically opens the program/process. Am I incorrect? Can someone clarify?

If there's a way to disable the autorun, it would be beneficial if you do happen to have some infected files on your flash drive, or your BB media card, whether they were recieved from another infected computer, or an e-mail attachment, even if the possiblilty of that is slim.

[Branta]

If there's a way to disable the autorun, it would be beneficial if you do happen to have some infected files on your flash drive, or your BB media card, whether they were recieved from another infected computer, or an e-mail attachment, even if the possiblilty of that is slim.

Go to Microsoft Support and search for "disable autorun"

This gets done on all my Windows machines as soon as I get them.

Update: These look like the most relevant search results for most users:
How to disable the Autorun functionality in Windows
Update to the AutoPlay functionality in Windows

If you are confident about registry editing and want to configure it manually or make custom changes, the setting is "NoDriveTypeAutoRun" and a search for this as keyword should produce helpful articles.

[Radius]

Go to Microsoft Support and search for "disable autorun"

This gets done on all my Windows machines as soon as I get them.

Same, that and UAC completely nuked but that's kinda the opposite of that we're aiming for here. haha