Currently, there are ways for detecting malware, viruses, and other harmful code in certain types of e-mails, such as those sent using the POP3 and IMAP protocols and those sent using the product Exchange. For example, e-mails received in Microsoft Outlook (Exchange) are thoroughly examined before they are opened or previewed by the recipient and even before they are placed in an Inbox. Certain types of so-called “4W” sensors (i.e., sensors for detecting where, when, who, and why with respect to e-mails) are presently available to prevent e-mails from infecting a computing device.
However, as noted, this is only available for certain types of e-mails. A large percentage of e-mails, particularly e-mails that are sent using a Web-based service, sometimes referred to as “Web mails,” do not fall into these categories (POP, IMAP or Exchange) and are currently not vetted to the extent desirable for malware. In particular, they are not examined for cross-site scripting (XSS), such as insertion of unknown JavaScript and malformed HTML elements. These Web mail e-mails include messages sent through Hotmail and Gmail. These two programs are used by a vast number of people and are popular attack targets. Hotmail and Gmail e-mails are susceptible to cross-site requests and forgery attacks. For example, a Gmail message with attachments may be redirected to an account from where “Contacts” information belonging to the recipient may be obtained.