I received a malicious email, how do I make sure I'm safe?
I logged into Gmail and I had an email from Amazon about rating a recent order. I didn't recognize the company, but decided to open the email, then immediately saw it wasn't from Amazon and looked like it was a "bad" email with a lot of random stuff and someone trying to exploit something.
I am on 16.04. I always read Ubuntu is pretty safe because of everything requiring root. Is there any software I should run to make sure nothing is on my system now or anything I should do to make sure I am safe? I am usually careful about emails but this one got me.
I'd consider it unlikely that your system got attacked in any way, but it's not possible to rule out entirely.
Most "spam" e-mails have random looking characters in an attempt to bypass (poorly-implemented) spam filters, but that doesn't immediately mean that it could constitute a threat.
Unless the e-mail itself contained some sort of image (and IIRC Gmail blocks images unless you manually open then) and you saw that image, it's very hard to inject anything malicious into an e-mail, save for maybe a CSS/HTML zero-day (like CVE-2008-2785, CSS), but that seems unlikely. Even so, most browser-based exploits don't tend to work well due to browser sandboxing and other similar security features, although these are still vulnerable to exploit (see CVE-2016-1706).
But let's go down the image route because it's the most likely. Image malware is a fascinating subject, but it really boils down to it being relatively rare because you can only exploit certain versions of a certain program, typically only on a certain operating system. As one can guess, these bugs tend to be fixed alarmingly quickly.
The window for these sorts of attacks is very small, and you were unlikely to be hit by one, if it were present. Due to the nature of these exploits, they can (potentially) be used to break out of the sandbox provided by browsers. For an example as to how something like this can happen, look at CVE-2016-3714 for ImageMagick. Or, specifically for Google Chrome (or, more exactly, libopenjp2
), see CVE-2016-8332.
It could be possible that the e-mail you received had a maliciously-crafted image inside it that exploited some bug in the image rendering engine, infecting your machine. This is already pretty unlikely, and if you kept your system up-to-date, you should have nothing to worry. For example, in the case of the OpenJPEG exploit mentioned earlier, any system running version 2.1.2 (released September 28, 2016) would be safe from this exploit.
If you do feel as though you or your system have been infected, it's a good idea to run the standard checks, including clamav
, rkhunter
, ps -aux
, netstat
, and good old fashioned log searching. If you really feel your system's been infected, wipe it and start from scratch from a recent known-good backup. Be sure to keep your new system as up-to-date as possible.
But, it's more than likely nothing in this case. E-mails are less attack vectors now as they are junk magnets. If you want, HowToGeek even has an article on the matter that just opening an e-mail usually isn't enough anymore. Or, even, see this SuperUser answer saying the exact same thing.
General pointers:
- check the time on all hidden files in your home.
- check with
top
andps
if you see any weird processes running. - check Google for parts of the content of the email. See if others reported problems that are about this mail.
- check.
/var/log
new written log files and examine them.
But in general I would believe you are fine. Gmail does not have permissions to do something on your disk without consent. Chrome and all browsers are sandboxed. That alone should make it fairly safe. If not just plain safe.
If you want we can analyze the mail if you are willing to add the content of that mail to your question.
ClamAV is a good Anti-Virus tool for Ubuntu. There are many questions and answers on how to get ClamAV, so I suggest you to look around here on Ask Ubuntu and one example is this one ->
Installing and accessing Clam AV Antivirus in 12.04