October 23, 2003 - 12:00
GFI’s Email Security Testing Zone, has launched a set of new email tests. The tests enable administrators to find out free of charge if their network is protected against emails that use different exploits to try to break into and infect a system, including an email with a long subject, an attachment with no filename, an attachment with a long filename, the Popup Object Exploit and an attachment with a double file extension.
“GFI’s Email Security Testing Zone gives administrators the opportunity to test whether their networks are protected against the latest email threats,” said Sandro Gauci, security researcher at GFI. “Our new tests check if an email client is vulnerable to emails that use exploits like the Popup Object Exploit or take advantage of certain simple tricks - such as a long subject or an attachment with no filename, a long filename, or a double file extension. Emails that use such exploits are dangerous as they can circumvent client level antivirus and/or content filtering protection, granting a malicious user unauthorized access to that machine and through it, to the network.”
The security tests added to GFI’s free zone are the following:
- Long subject attachment checking bypass test [for Outlook Express 6 and Outlook 2000] - This test checks whether an email system accepts emails with long subjects; in some versions of Outlook and Outlook Express, long subjects can be used to bypass attachment checking.
- Attachment with no filename vulnerability test - This test examines whether an email system accepts executable code that can bypass content checking security solutions. Because this attachment has no filename, the executable code it contains will not be detected by most content checking software, and the code can be executed using Outlook.
- Long filename vulnerability test - Attachments with long filenames can be used to trick a user into double-clicking an attachment, thereby executing the malicious code it contains on the system: as the long filename is truncated by the email client, the attachment can be made to look like an innocent file (for example, a JPG image file). This test indicates whether a system can block emails that use this exploit.
- Popup Object Exploit vulnerability test - The Popup Object Exploit automatically launches files on the vulnerable system, so a secure email system should not accept emails that contain this exploit.
- Double file extension vulnerability test - This test checks whether your email system accepts emails which contain attachments with double file extensions, for example mypicture.jpg.hta. The actual file extension for this attachment would be HTA (HTML application), which is executable code. However, this exploit may trick users into thinking that this is a harmless JPG image file.
Testing if a system is vulnerable to these email threats
Email users can sign up for these and other tests by submitting their name and email address at GFI’s Email Security Testing Zone, http://www.gfi.com/emailsecuritytest/. They will then receive harmless tests by email, through which they can check if their email system is vulnerable to a number of email threats. The zone also includes tests for threats such as emails containing infected attachments, emails with malformed MIME headers, HTML mails with embedded scripts and email attacks that can circumvent default Outlook 2002 (XP) security settings.
About GFI MailSecurity
GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and antivirus solution that removes all types of email-borne threats before they can affect your email users. GFI MailSecurity's key features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an exploit shield, to protect against present and future viruses based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a Trojan & Executable Scanner, to detect malicious executables; and more. Pricing starts at US$295 for 10 users and includes a year of free antivirus engine updates. More product information can be found at http://www.gfi.com/mailsecurity/.
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.