Can spyware install when you click an email?

Discussion in 'General Software' started by Orange Marmelade, Dec 9, 2016.

  1. Orange Marmelade

    Orange Marmelade n00b

    Jan 28, 2016
    Hey guys.

    I got 5 e-mails within minutes in my inbox from a company named USA. The subject discussed within these emails were not of interest to me. Yet I got these emails all of a sudden. This got me thinking about an old question I have.
    Can spyware get installed or code executed, just by the user clicking on an email and reading the text contents, without opening any attachments, or following any link within this email?

    Internet is quite divided. Some say an email cannot unless you open attachments. Others say it is definitely possible.

    So what's the definite answer?
    Last edited: Dec 9, 2016
  2. Tiberian

    Tiberian DILLIGAFuck

    Feb 12, 2012
    Generally speaking unless your email client itself (meaning if you use a locally installed email client program like Outlook, Thunderbird, etc and not just use a browser based solution like Gmail, Yahoo,, etc) is pretty secure there is always the possibility that some rogue code created for a nefarious purpose can go to work on said client without the end user's absolute knowledge of it happening. Given that case, I guess I should say it's entirely possible for a browser based solution as well if someone knew the overall code that well but that's like a one-shot in infinity situation that someone could know that much all at the same time and be able to construct some code to take advantage of every possible exploitable aspect of the code being run as the application itself.

    Anytime I find people that are absolutely certain that something is or can be totally completely secure I just laugh and respond "Yeah, and bumblebees cannot fly, it's a proven fact with research done by N.A.S.A. but they fucking do it anyway, probably just to spite the engineers..." or something similar.

    I haven't used any locally installed email clients in oh, 13+ years now since I created my Gmail account around the time that went live, I have other web based email accounts with the big names also. It's more convenient to me to do things that way but not everyone has that option (say in a work environment where you're required to use the tools the employer provides) and so that's my email "type" of choice. I don't believe that security exists anymore with respect to computers and technology - if there's information out there someone has or can or will create a method for extracting it, and that includes creating tools to be left around aka the spyware or tools to just create problems aka the malware.

    tl;dr Most anything is possible given the talent to create the exploit and the fact that software is exploitable as well.
  3. hedron

    hedron Limp Gawd

    Apr 24, 2008
    Tiverton, you're saying browser based email is more secure?
  4. bigdogchris

    bigdogchris [H]ard as it Gets

    Feb 19, 2008
    If the emails are in your Inbox and you display rich text or HTML it could be possible for an email to automatically load malware through an advertisement. No different than a web browser. This is why email in your Junk/Spam folders do not load images.
  5. Nenu

    Nenu [H]ardened

    Apr 28, 2007
    If you allow HTML/rich text or open strange attachments, welcome to someone elses internet.
    My emails look bland, no inline images, no links load anything, no content loads from any website or other servers, not even when replying.
    I dont allow scripting except for essentials on web based email. All blocked except those needed for email to function.
    Helps keep my system in good shape.
  6. Verge

    Verge [H]ardness Supreme

    May 27, 2001
    It certainly can, assuming they are targeting a vulnerability in your mail client. Pretty rare, but it can happen.
  7. JHefile

    JHefile Necrophilia Makes Me [H]ard

    Jun 22, 2003
    Just don't open the attachment. We get them at work sometimes and are warned to just delete them. I opened one by accident one time and my work antivirus caught it right away.
  8. rezerekted

    rezerekted 2[H]4U

    Apr 6, 2015
    I use web only for email and I have noscript installed in Firefox so on my PC, no, it can't, because the scipt can't run until I enable it in noscript.
  9. st4rk

    st4rk Gawd

    Sep 19, 2003
    I only read my email on throwaway vms, and only with cmd and powershell mapi connections. You can never be too safe!
  10. cass1

    cass1 n00b

    Jun 23, 2017