A test of the 'Email Security Testing Zone'


1) GFI's Access exploit vulnerability test E-Mail
(I passed this one without a problem)

GFI's Access exploit vulnerability test has just been performed on your computer. Opening this mail automatically activates the test.

* If you can see gfi-test.txt

If the text file gfi-test.txt appears on your desktop, then you are vulnerable to this exploit.

Embedded VBA code within an Access database file (.mdb) that in turn lies within an Outlook Express email file can circumvent security measures in certain circumstances. Vulnerabilities within Internet Explorer and Outlook allow such content to be executed automatically.

The text file demonstrates this: It has read vital information about your system, showing you that, in fact, it could have done anything it wanted on your system had it contained harmful code.

* If you cannot see gfi-test.txt

If you are cannot see the file, this means you have effective client-based email security. Note that, for your network to be secure, every machine on your network must have such client-based protection installed, including your servers. Server levelsecurity is recommended as additional protection.



2) CLSID extension vulnerability test E-Mail
(As the attached file didn't open after clicking on it, I presume I passed this one also. As a double-check, I opened it with ACDSee and nothing happened)



Your mail server has just accepted and sent you an email containing an attachment with a hidden CLSID extension! This means it is relying on desktop level security to protect you. You should now try to run the attachment.

* If you can run this file

If you can run this file, then you are vulnerable to this type of attack. Attachments which end with a CLSID file extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files - such as JPG or WAV files - that do not need to be
blocked. This method can also circumvent attachment checking in some email content filtering solutions.

The enclosed attachment looks like a simple JPG file but is actually a CLSID file that contains code. If you open this file, it creates a text file on your desktop, gfi-test.txt, that has read vital information about your system.

* If you cannot run this file

If you are unable to run the file, this means you have effective client-based email security. Note that, for your network to be secure, every machine on your network must have such client-based protection installed,
including your servers. Server level security is
recommended as additional protection.



3) VBS attachment vulnerability test E-Mail
(As I passed this one also, for now I have 100% efficiency)



Your mail server has just accepted and sent you an email containing a .vbs attachment! This means it is relying on desktop level security to protect you. You should now try to run the attachment.

* If you can run this file

If you can run this file, then you are vulnerable to attacks by email viruses like the LoveLetter, and AnnaKournikova. VBS files contain commands which, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms. As you can see, the enclosed attachment has read vital information about your system, showing you that, in fact, it could have done anything it wanted on your system had it contained harmful code.

* If you cannot run this file

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //