OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Menashe Eliezer (menashe_at_finjan.com)
Date: Thu Sep 12 2002 - 13:13:02 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    First, I would like to point out that there are still users which use
    Outlook 2000. Outlook 2000 can be also used for sending and receiving such
    messages.

    Finjan Software response:
    Finjan Software products are not vulnerable.
    SurfinGate for E-Mail reassembles fragmented messages, and then performs
    security analysis and applies content management rules.
    SurfinShield is installed on end users machines. It gets the reassembled
    message from the E-Mail client, and proactively monitors the behavior of
    active content included or attached to the E-Mail message.

    BTW,
    CERT has approached Finjan Software, and we've replied.
    Beyond Security Ltd. probably hasn't received yet the response from CERT.

    Regards,
    Menashe Eliezer
    Manager, Malicious Code Research Center
    Finjan Software
    http://www.finjan.com/mcrc

    Prevention is the best cure!

    -----Original Message-----
    From: Aviram Jenik [mailto:avirambeyondsecurity.com]
    Sent: Thursday, September 12, 2002 3:45 PM
    To: bugtraqsecurityfocus.com
    Subject: Bypassing SMTP Content Protection with a Flick of a Button

      Bypassing SMTP Content Protection with a Flick of a Button
    ------------------------------------------------------------------------

    Article reference:
    http://www.securiteam.com/securitynews/5YP0A0K8CM.html

    SUMMARY

    Forget underground hacking tools. How about using Outlook Express as
    your attack platform?

    Beyond Security's SecurITeam has discovered a new method of bypassing
    many SMTP-based content filter engines.
    This discovery is alarming since it requires from the attacker nothing
    more than an Outlook Express client and employs a rarely-used feature
    called 'message fragmentation and re-assembly' that is available in
    Outlook Express. Using this feature, an attacker can send e-mails that
    will bypass most SMTP filtering engines including gateway Virus
    scanners, content filters, Firewalls that do SMTP checking, etc.

    Impact:
    Anyone wishing to bypass SMTP filtering engines can utilize the
    mentioned method to bypass most types of content checking, and deliver
    its payload to the end-client without any trouble, whether it is a
    Virus, Trojan or a file type that is not allowed by the corporate
    policy.

    The information has been provided by <mailto:noamrbeyondsecurity.com>
    Noam Rathaus, Beyond Security Ltd.

    --
    Aviram Jenik
    Beyond Security Ltd.
    http://www.BeyondSecurity.com
    http://www.SecuriTeam.com
    

    Know that you're safe: http://www.AutomatedScanning.com