VietNamNet Bridge – It’s necessary to prohibit to email compressed files or the compressed files comprising “.exe” files inside in order to minimize the risks of having email system hacked – Director of VNCERT (the Vietnam Computer Emergency Response Team) Vu Quoc Khanh has suggested.

Khanh gave a warning at the conference discussing the method to implement the project on utilizing information technology in the finance sector, and that a lot of email systems of ministries and branches now contain the dangerous holes which make them easily attacked by hackers.

Khanh stressed that even though the email systems have been equipped with the features allowing to ensure the security for the systems (not allowing to send“.exe” files, checking viruses in attached files…), a lot of holes still exist that allow hackers to send fake emails with viruses attached.

In other words, compressed files can pave the way for hackers to attack information system.

At the conference, Khanh carried out an experiment to prove his viewpoint. Khanh created a fake email under the name of an officer of the information center, then sent a compressed file (.rar) from the mail server emkey.cz, (but forging that the email was sent from the information center) to huyxx.@mic.gov.vn.

After the attached file was downloaded and extracted, one would get an “.exe” file with the icon like a word file, which is very difficult to be recognized when displayed on Windows Explorer.

With sophisticated tricks, hackers can send fake emails with viruses to the mail severs installed with anti-virus software as well. Computer users would mistake the file with viruses for Word file (.doc). Therefore, they may accidentally click the dangerous files to activate the attached viruses.

Therefore, Khanh has strongly recommended that Vietnam should prohibit to transfer compressed files or the compressed files with “.exe” files inside.

Khanh has also given warning about the problems in creating and using passwords, thus paving the way for hackers to discover passwords and hijack the systems.

He has cited the report of an international institution as saying that Vietnamese password has been listed as one of the three most easy-to-guess passwords in the world, just after Indonesian and Italian. 14 percent of accounts can be exposed in passwords after 1000 times of analyzing Vietnamese dictionary, while 7.8 percent of accounts can be exposed in passwords after analyzing the common global dictionary.

The danger hung over the email systems run by ministries, branches and state agencies has been warned for a long time.

Information technology experts have said some software pieces have been designed specifically to steal the information from ministries and branches, which can “deceive” normal anti-virus software pieces.

They also said that most of the applications have latent SQL Injection and XSS errors which allow hackers to exploit information illegally, or even hijack the systems. A lot of web servers cannot be configured well, thus creating holes for hackers to penetrate into the systems. The bad web application development has caused a lot of serious errors.

The Intelligence Report released by Symantec on July 16, 2012, showed that the email-virus danger has become serious with the alarmingly increasing number of virus-infected emails.

In May 2012, one virus was found in every 1504 emails. Meanwhile, in June, one virus was present in every 541 emails.

However, experts believe that the danger level in Vietnam is still lower than the global average level (one virus in every 365.1 emails in May, and one virus in every 316.7 emails in June).

The report also pointed out that spam emails remain unsettled. In June 2012, 64.2 emails in every 100 emails sent were spam. However, the average proportion of the world is higher than in Vietnam, 66.8 percent for June and 67.8 percent for May.

Compiled by Kim Mai