GFI released an update to its email exploit engine today which can detect any viruses that exploit a newly discovered Outlook 2002 vulnerability. The new Outlook vulnerability, MS04-009, was yesterday upgraded to “high risk” by Microsoft Corp, which issued a patch against it on Tuesday (more details at http://www.microsoft.com/technet/security/bulletin... ). The vulnerability is related to the way mailto URLs are handled and could allow Internet Explorer to execute code on affected machines.
To exploit this vulnerability, attackers could simply create an HTML email that either lures the recipient into clicking a link in the message body or that contains a fake image that can automatically launch a link without requiring user intervention. The payload of such an attack could include running JavaScript under the My Computer (local) Security Zone. This means that the attacker could execute code on the local disk of unpatched machines and/or access user files.
-
New viruses based on this exploit can be caught by GFI’s gateway-level exploit engine
Users of GFI MailSecurity for Exchange/SMTP " GFI’s email content checking, exploit detection, threats analysis and anti-virus solution " simply need to download the latest exploit engine updates to allow GFI MailSecurity to detect any new viruses that use this exploit to propagate and infect systems. Information on how to update the GFI MailSecurity exploits database and technical information about the exploit are available at http://www.gfi.com/news/en/ms04009exploit.htm .
The difference between a virus engine and an exploit engine
Anti-virus software is designed to detect known malicious code. An email exploit engine takes a different approach: it analyses the code for exploits that could be malicious. Email exploit detection software analyzes emails for exploits - i.e., it scans for methods used to exploit the OS, email client or Internet Explorer - that can permit execution of code or a program on the user's system. It does not check whether the program is malicious or not. It simply assumes there is a security risk if an email is using an exploit in order to run a program or piece of code.
In this manner, an email exploit engine works like an intrusion detection system for email. The email exploit engine might cause more false positives, but it adds a new layer of security that is not available in a normal anti-virus package, simply because it uses a totally different way of securing email.
An exploit engine needs to be updated less frequently than an anti-virus engine because it looks for a method rather than a specific virus. Although keeping exploit and anti-virus engines up-to-date involve very similar operations, the results are different. Once an exploit is identified and incorporated in GFI MailSecurity’s exploit engine, that engine can protect against any new virus that is based on a known exploit. That means the exploit engine will catch the virus even before the anti-virus vendor is aware of its emergence, and certainly before the anti-virus definition files have been updated to counter the attack.- Further information is available at http://www.gfi.com/mailsecurity/wpexploitengine.ht... .
About GFI MailSecurity for Exchange/SMTP
GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email-borne threats before they can affect an organization's email users. GFI MailSecurity's key features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an exploit shield, to protect against present and future viruses based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a Trojan & Executable Scanner, to detect malicious executables; and more. Further information and a full evaluation version are available at http://www.gfi.com/mailsecurity/ .
About GFI
GFI is a leading provider of Windows-based network security, content security and messaging software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; GFI MailEssentials server-based anti-spam software; GFI LANguard Network Security Scanner (N.S.S.) security scanning and patch management software; GFI Network Server Monitor that automatically sends alerts, and corrects network and server issues; and GFI LANguard Security Event Log Monitor (S.E.L.M.) that performs event log based intrusion detection and network-wide event log management. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the US, the UK, Germany, Cyprus, Romania, Australia and Malta, and operates through a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion (GEM) Packaged Application Partner of the Year award.
All product and company names herein may be trademarks of their respective owners.
Ultimi Articoli
FDA approva la prima terapia genica per bambini con anemia falciforme dai 2 anni
Teatri OSCAR e ANGELI il cartellone della stagione 2026 -27
Lecco Film Fest 2026, quattro giorni “con tutte le sue creature” tra cinema, territorio e nuove generazioni
Diritti Umani - L’Università di Parma entra nella rete Scholars at Risk per la tutela della libertà accademica
Premio Ombudsman 2026, riconoscimento alle istituzioni UE e a Europol per trasparenza e sicurezza digitale
H2iseO, completati gli impianti a idrogeno di Iseo ed Edolo: parte la sperimentazione ferroviaria
XENOPRED, dall’Università di Parma una piattaforma per prevedere la risposta ai farmaci
Ztl Roma, stop alla gratuità per auto elettriche: dal 1 luglio permesso a pagamento
Intelligenza artificiale negli ITS lombardi, accordo tra Regione Lombardia e Google for Education