Latest news
GFI Launches Email Security Testing Zone
Posted on 08 April 2002.
Test if your email system is vulnerable to email viruses & attacks!
London, UK, 15 November 2001 - GFI has launched an Email Security Testing Zone to enable organizations to check whether their email systems are vulnerable to email viruses and attacks. The zone, http://www.gfi.com/emailsecuritytest/, allows visitors to discover instantly if their system is secure against current and future email threats, such as emails containing infected attachments, emails with malformed MIME headers, and HTML mails with embedded scripts.
The need to protect against current and future email threats
Virus-writers can modify existing viruses at any point, meaning that simply protecting against known email viruses is not enough: email systems must be secure against both current and future email threats. This can only be achieved by protecting against all currently known methods of email infection. To see if their email systems are protected in this way, organizations can now use GFI's Email Security Testing Zone.
"Often, it is only upon infection by an email virus that businesses realize they are vulnerable to email-borne threats. GFI's Email Security Testing Zone now allows organizations to instantly discover if they are vulnerable, enabling them to take proactive steps to defend their email system," explained Nick Galea, GFI CEO.
GFI's Email Security Testing Zone currently includes 4 tests:
* VBS attachment vulnerability test This test checks whether a mail server blocks VBS attachments. VBS files contain commands which, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms. The LoveLetter or Love Bug, and AnnaKournikova are examples of viruses transmitted using this method.
* CLSID extension vulnerability test This test reveals whether a mail server detects and blocks files with CLSID extensions. Attachments having a CLSID extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files - such as JPG or WAV files - that do not need to be blocked.
* MIME header vulnerability test This test examines whether a corporate system is protected against emails using the MIME exploit. The MIME exploit makes use of a malformed MIME header and an IFRAME tag to trick Outlook Express into running an attached VBS file. The VBS file is automatically executed upon opening the email, thus making this exploit very dangerous when combined with virulent code. An example of this is the notorious Nimda virus and its variants.
* ActiveX vulnerability test Through this test, users can discover if their machine is vulnerable to the ActiveX exploit. ActiveX within HTML content can circumvent security measures in certain circumstances. Vulnerabilities within Internet Explorer and Outlook allow such content to be executed.
Users can sign up for these tests by submitting their name and email address at GFI's Email Security Testing Zone. They will then receive harmless tests by email, through which they can check the vulnerability of their email system. For more information and to request the tests, please visit: http://www.gfi.com/emailsecuritytest/.
About GFI
GFI has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is the developer of FAXmaker, Mail essentials and LANguard, and has supplied applications to clients such as Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award, and was named one of 1999's fastest growing software companies for Windows by Microsoft Corp. and CMP Media.
London, UK, 15 November 2001 - GFI has launched an Email Security Testing Zone to enable organizations to check whether their email systems are vulnerable to email viruses and attacks. The zone, http://www.gfi.com/emailsecuritytest/, allows visitors to discover instantly if their system is secure against current and future email threats, such as emails containing infected attachments, emails with malformed MIME headers, and HTML mails with embedded scripts.
The need to protect against current and future email threats
Virus-writers can modify existing viruses at any point, meaning that simply protecting against known email viruses is not enough: email systems must be secure against both current and future email threats. This can only be achieved by protecting against all currently known methods of email infection. To see if their email systems are protected in this way, organizations can now use GFI's Email Security Testing Zone.
"Often, it is only upon infection by an email virus that businesses realize they are vulnerable to email-borne threats. GFI's Email Security Testing Zone now allows organizations to instantly discover if they are vulnerable, enabling them to take proactive steps to defend their email system," explained Nick Galea, GFI CEO.
GFI's Email Security Testing Zone currently includes 4 tests:
* VBS attachment vulnerability test This test checks whether a mail server blocks VBS attachments. VBS files contain commands which, when executed, can do virtually anything on the recipient's PC. This includes running malicious code such as viruses and worms. The LoveLetter or Love Bug, and AnnaKournikova are examples of viruses transmitted using this method.
* CLSID extension vulnerability test This test reveals whether a mail server detects and blocks files with CLSID extensions. Attachments having a CLSID extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files - such as JPG or WAV files - that do not need to be blocked.
* MIME header vulnerability test This test examines whether a corporate system is protected against emails using the MIME exploit. The MIME exploit makes use of a malformed MIME header and an IFRAME tag to trick Outlook Express into running an attached VBS file. The VBS file is automatically executed upon opening the email, thus making this exploit very dangerous when combined with virulent code. An example of this is the notorious Nimda virus and its variants.
* ActiveX vulnerability test Through this test, users can discover if their machine is vulnerable to the ActiveX exploit. ActiveX within HTML content can circumvent security measures in certain circumstances. Vulnerabilities within Internet Explorer and Outlook allow such content to be executed.
Users can sign up for these tests by submitting their name and email address at GFI's Email Security Testing Zone. They will then receive harmless tests by email, through which they can check the vulnerability of their email system. For more information and to request the tests, please visit: http://www.gfi.com/emailsecuritytest/.
About GFI
GFI has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is the developer of FAXmaker, Mail essentials and LANguard, and has supplied applications to clients such as Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award, and was named one of 1999's fastest growing software companies for Windows by Microsoft Corp. and CMP Media.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
