SlideShare ist ein Scribd-Unternehmen logo

Why You Need an Email Exploit Detection Engine

GFI Software
GFI Software

This white paper explains what email exploits are, provides examples of common email exploits, and discusses why a non signature-based approach (in other words, a different approach than just that of a virus engine) is needed to protect against email exploits.

Technologie
1 von 6
Downloaden Sie, um offline zu lesen
GFI White Paper Why you need an email exploit detection engine The danger of email exploits This white paper explains what email exploits are, provides examples of common email exploits, and discusses why a non signature-based approach (i.e., not a virus engine) is needed to protect against email exploits.
Contents Introduction 3 What is an exploit? 3 Difference between antivirus software and email exploit detection software 3 Exploit engine requires less updates 3 The Lessons of Nimda, BadTrans.B, Yaha and Bugbear 3 Other examples of exploits 4 The GFI MailSecurity exploit engine 4 About GFI® 5 Why you need an email exploit detection engine 2
Introduction Virus-writers are using increasingly complex and sophisticated techniques in their bid to circumvent antivirus software and disseminate their viruses. A case in point was the notorious Nimda virus that used multiple methods to spread itself and was based on an exploit rather than on the virus/trojan behavior for which antivirus products typically search. Antivirus software, though essential, cannot combat such threats alone; an email exploit detection tool is also necessary. What is an exploit? An exploit uses known vulnerabilities in applications or operating systems to execute a program or code. It ‘exploits’ a feature of a program or the operating system for its own use, such as executing arbitrary machine code, read/write files on the hard disk, or gain illicit access. What is an email exploit? An email exploit is an exploit launched via email. An email exploit is essentially an exploit that can be embedded in an email, and executed on the recipient’s machine once the user either opens or receives the email. This allows the hacker to bypass most firewalls and antivirus products. Difference between antivirus software and email exploit detection software Antivirus software is designed to detect known malicious codes. An email exploit engine takes a different approach: it analyses the code for exploits that could be malicious. This means it can protect against new viruses, but most importantly against unknown viruses/malicious code. This is crucial as an unknown virus could be a one-off piece of code, developed specifically to break into your network. Email exploit detection software analyzes emails for exploits – i.e., it scans for methods used to exploit the OS, email client or Internet Explorer – that can permit execution of code or a program on the user’s system. It does not check whether the program is malicious or not. It simply assumes there is a security risk if an email is using an exploit in order to run a program or piece of code. In this manner, an email exploit engine works like an intrusion detection system (IDS) for email. The email exploit engine might cause more false positives, but it adds a new layer of security that is not available in a normal antivirus package, simply because it uses a totally different way of securing email. Antivirus engines do protect against some exploits but they do not check for all exploits or attacks. An exploit detection engine checks for all known exploits. Because the email exploit engine is optimized for finding exploits in email, it can therefore be more effective at this job than a general purpose antivirus engine. Exploit engine requires less updates An exploit engine needs to be updated less frequently than an antivirus engine because it looks for a method rather than a specific virus. Although keeping exploit and antivirus engines up-to-date involve very similar operations, the results are different. Once an exploit is identified and incorporated in an exploit engine, that engine can protect against any new virus that is based on a known exploit. That means the exploit engine will catch the virus even before the antivirus vendor is aware of its emergence, and certainly before the antivirus definition files have been updated to counter the attack. This is a critical advantage, as shown by the following examples that occurred in 2001. The Lessons of Nimda, BadTrans.B, Yaha and Bugbear Nimda and BadTrans.B are two viruses that became highly known worldwide in 2001 because they infected a colossal number of Windows computers with Internet access. Nimda alone is estimated to have affected about 8.3 million computer networks around the world, according to US research firm Computer Economics (November 2001). Why you need an email exploit detection engine 3
Nimda is a worm that uses multiple methods to automatically infect other computers. It can replicate through email using an exploit that was made public months before Nimda hit, the MIME Header exploit. BadTrans.B is a mass-mailing worm that distributes itself using the MIME Header exploit. BadTrans.B first appeared after the Nimda outbreak. With their highly rapid infection rate, both Nimda and BadTrans.B took antivirus vendors by surprise. Though the vendors tried to issue definition file updates as soon as they learned about each virus, the virus had already succeeded in infecting a large number of PCs by the time the antivirus updates were released. Though both viruses used the same exploit, antivirus vendors had to issue a separate definition file update for each. In contrast, an email exploit detection engine would have recognized the exploit used and identified the attempt to automatically launch an executable file using the MIME header exploit. As a result, it would have blocked both worms automatically, preventing infection. Other examples of exploits Double extension vulnerability Viruses: Klez, Netsky and Lovegate. What it does: Malicious files are given a double extension such as filename.txt.exe to trick the user into running the executable. URL spoofing exploit Viruses: No virus/worm has been found to be using this method. However it has been used to inject backdoors on Windows computers. What it does: Allows spammers and phishers (scammers, or people trying to defraud computer users) to fool users to visit a malicious website instead of a legitimate one. Object data file execution Viruses: Bagle.Q. What it does: Allows attackers to automatically infect unpatched versions of Internet Explorer/Outlook (Express) by downloading and executing code from an HTTP site. The GFI MailSecurity exploit engine The exploit engine configuration in GFI MailSecurity Why you need an email exploit detection engine 4
GFI MailSecurity™ for Exchange/SMTP includes an email exploit detection engine as one of several key components designed to provide comprehensive protection against email threats. Drawing on GFI’s research on email exploits, this engine detects signatures of currently known email exploits and blocks any messages containing those signatures. GFI MailSecurity contains checks for all important email exploits and can also automatically download new exploit checks as they become available. Other GFI MailSecurity features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an HTML threats engine, to disable HTML scripts; a Trojan & Executable Scanner, to detect malicious executables; and more. For further information and to download a full trial, please visit http://www.gfi.com/mailsecurity. About GFI GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. Why you need an email exploit detection engine 5
USA, CANADA AND CENTRAL AND SOUTH AMERICA GFI 1036 may11 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

Empfohlen

Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Denise Bailey
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Private Cloud
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareYoungjun Chang
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systemsSejahtera Affif
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
Chapter 3 Ensuring Internet Security
Chapter 3 Ensuring Internet SecurityChapter 3 Ensuring Internet Security
Chapter 3 Ensuring Internet SecurityPatty Ramsey
 

Empfohlen

Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Denise Bailey
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...
Microsoft Unified Communications - Securing Exchange Server 2007 Messaging Wh...Microsoft Private Cloud
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareYoungjun Chang
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systemsSejahtera Affif
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
Chapter 3 Ensuring Internet Security
Chapter 3 Ensuring Internet SecurityChapter 3 Ensuring Internet Security
Chapter 3 Ensuring Internet SecurityPatty Ramsey
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 
Sonic Wall Email Security End User
Sonic Wall Email Security End UserSonic Wall Email Security End User
Sonic Wall Email Security End UserRichard Daemen
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMohsin Dahar
 
S T M U T M
S T M U T MS T M U T M
S T M U T MOscar Urcid
 
Computer virus-and-antivirus
Computer virus-and-antivirusComputer virus-and-antivirus
Computer virus-and-antivirusVishwarajYadav
 
Raport Symantec Malware 2010
Raport Symantec Malware 2010Raport Symantec Malware 2010
Raport Symantec Malware 2010Transmix Romania
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyYhal Htet Aung
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Love Steven
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithmsUltraUploader
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesAlireza Ghahrood
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Web Security
Web SecurityWeb Security
Web SecurityTripad M
 
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack Group
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack GroupWHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack Group
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack GroupSymantec
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashTrend Micro
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attackBhavesh soni
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
Eseminar1
Eseminar1Eseminar1
Eseminar1Shiva Krishna Chandra Shekar
 
Data Backups
Data BackupsData Backups
Data BackupsGFI Software
 
GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI Software
 
Antivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonAntivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonGFI Software
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 
Sonic Wall Email Security End User
Sonic Wall Email Security End UserSonic Wall Email Security End User
Sonic Wall Email Security End UserRichard Daemen
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMohsin Dahar
 
Computer virus-and-antivirus
Computer virus-and-antivirusComputer virus-and-antivirus
Computer virus-and-antivirusVishwarajYadav
 
Raport Symantec Malware 2010
Raport Symantec Malware 2010Raport Symantec Malware 2010
Raport Symantec Malware 2010Transmix Romania
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyYhal Htet Aung
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Love Steven
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithmsUltraUploader
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesAlireza Ghahrood
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Web Security
Web SecurityWeb Security
Web SecurityTripad M
 
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack Group
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack GroupWHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack Group
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack GroupSymantec
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashTrend Micro
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attackBhavesh soni
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 

Was ist angesagt? (19)

Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
 
Sonic Wall Email Security End User
Sonic Wall Email Security End UserSonic Wall Email Security End User
Sonic Wall Email Security End User
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 
S T M U T M
S T M U T MS T M U T M
S T M U T M
 
Computer virus-and-antivirus
Computer virus-and-antivirusComputer virus-and-antivirus
Computer virus-and-antivirus
 
Raport Symantec Malware 2010
Raport Symantec Malware 2010Raport Symantec Malware 2010
Raport Symantec Malware 2010
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
 
Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet Cyber Security – Virus and the Internet
Cyber Security – Virus and the Internet
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithms
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File Inclusion
 
Web Security
Web SecurityWeb Security
Web Security
 
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack Group
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack GroupWHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack Group
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack Group
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attack
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modeling
 
Eseminar1
Eseminar1Eseminar1
Eseminar1
 

Andere mochten auch

GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI Software
 
Antivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonAntivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonGFI Software
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerGFI Software
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementGFI Software
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 
Europese autoverkopen april 2014
Europese autoverkopen april 2014Europese autoverkopen april 2014
Europese autoverkopen april 2014Auto Verkopen
 
Sending Faxes in real-time over an IP Network
Sending Faxes in real-time over an IP NetworkSending Faxes in real-time over an IP Network
Sending Faxes in real-time over an IP NetworkGFI Software
 
Autoverkopen juni 2014
Autoverkopen juni 2014 Autoverkopen juni 2014
Autoverkopen juni 2014 Auto Verkopen
 

Andere mochten auch (13)

Data Backups
Data BackupsData Backups
Data Backups
 
GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment Strategies
 
Antivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization ComparisonAntivirus Scanning Performance and System Resource Utilization Comparison
Antivirus Scanning Performance and System Resource Utilization Comparison
 
Greylisting
GreylistingGreylisting
Greylisting
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManager
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log Management
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
 
Basic security
Basic securityBasic security
Basic security
 
Industrial Revolution
Industrial RevolutionIndustrial Revolution
Industrial Revolution
 
Europese autoverkopen april 2014
Europese autoverkopen april 2014Europese autoverkopen april 2014
Europese autoverkopen april 2014
 
Sending Faxes in real-time over an IP Network
Sending Faxes in real-time over an IP NetworkSending Faxes in real-time over an IP Network
Sending Faxes in real-time over an IP Network
 
Autoverkopen juni 2014
Autoverkopen juni 2014 Autoverkopen juni 2014
Autoverkopen juni 2014
 

Ähnlich wie Why You Need an Email Exploit Detection Engine

Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...IRJET Journal
 
Hackers don’t discriminate
Hackers don’t discriminateHackers don’t discriminate
Hackers don’t discriminateGFI Software
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catchiYogi
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
Computer virus
Computer virusComputer virus
Computer virusDark Side
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
Computer infections and protections(final)
Computer infections and protections(final)Computer infections and protections(final)
Computer infections and protections(final)allisterm
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
토토어택: Understanding the Threat and complete guide
토토어택: Understanding the Threat and complete guide토토어택: Understanding the Threat and complete guide
토토어택: Understanding the Threat and complete guidePak Plants
 
Viruses, Biometrics, Encryption
Viruses, Biometrics, EncryptionViruses, Biometrics, Encryption
Viruses, Biometrics, Encryptionmonroel
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 

Ähnlich wie Why You Need an Email Exploit Detection Engine (20)

email security
email securityemail security
email security
 
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
Emotet: A Sophisticated and Persistent Malware for Stealing Information, its ...
 
Hackers don’t discriminate
Hackers don’t discriminateHackers don’t discriminate
Hackers don’t discriminate
 
Antivirus
AntivirusAntivirus
Antivirus
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
IT viruses
IT viruses IT viruses
IT viruses
 
Hamza
HamzaHamza
Hamza
 
Internet security
Internet securityInternet security
Internet security
 
Computer virus
Computer virusComputer virus
Computer virus
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Computer infections and protections(final)
Computer infections and protections(final)Computer infections and protections(final)
Computer infections and protections(final)
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
토토어택: Understanding the Threat and complete guide
토토어택: Understanding the Threat and complete guide토토어택: Understanding the Threat and complete guide
토토어택: Understanding the Threat and complete guide
 
Viruses, Biometrics, Encryption
Viruses, Biometrics, EncryptionViruses, Biometrics, Encryption
Viruses, Biometrics, Encryption
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
Spyware
SpywareSpyware
Spyware
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 

Mehr von GFI Software

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013GFI Software
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data BackupsGFI Software
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class SeriesGFI Software
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™GFI Software
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security SolutionsGFI Software
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web SecurityGFI Software
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR SpamGFI Software
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
Binary translation
Binary translationBinary translation
Binary translationGFI Software
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareGFI Software
 

Mehr von GFI Software (20)

Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class Series
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security Solutions
 
Maxmp greylisting
Maxmp greylistingMaxmp greylisting
Maxmp greylisting
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your Network
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR Spam
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Binary translation
Binary translationBinary translation
Binary translation
 
Stopping Malware
Stopping MalwareStopping Malware
Stopping Malware
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
 

Kürzlich hochgeladen

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Kürzlich hochgeladen (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

Why You Need an Email Exploit Detection Engine

  • 1. GFI White Paper Why you need an email exploit detection engine The danger of email exploits This white paper explains what email exploits are, provides examples of common email exploits, and discusses why a non signature-based approach (i.e., not a virus engine) is needed to protect against email exploits.
  • 2. Contents Introduction 3 What is an exploit? 3 Difference between antivirus software and email exploit detection software 3 Exploit engine requires less updates 3 The Lessons of Nimda, BadTrans.B, Yaha and Bugbear 3 Other examples of exploits 4 The GFI MailSecurity exploit engine 4 About GFI® 5 Why you need an email exploit detection engine 2
  • 3. Introduction Virus-writers are using increasingly complex and sophisticated techniques in their bid to circumvent antivirus software and disseminate their viruses. A case in point was the notorious Nimda virus that used multiple methods to spread itself and was based on an exploit rather than on the virus/trojan behavior for which antivirus products typically search. Antivirus software, though essential, cannot combat such threats alone; an email exploit detection tool is also necessary. What is an exploit? An exploit uses known vulnerabilities in applications or operating systems to execute a program or code. It ‘exploits’ a feature of a program or the operating system for its own use, such as executing arbitrary machine code, read/write files on the hard disk, or gain illicit access. What is an email exploit? An email exploit is an exploit launched via email. An email exploit is essentially an exploit that can be embedded in an email, and executed on the recipient’s machine once the user either opens or receives the email. This allows the hacker to bypass most firewalls and antivirus products. Difference between antivirus software and email exploit detection software Antivirus software is designed to detect known malicious codes. An email exploit engine takes a different approach: it analyses the code for exploits that could be malicious. This means it can protect against new viruses, but most importantly against unknown viruses/malicious code. This is crucial as an unknown virus could be a one-off piece of code, developed specifically to break into your network. Email exploit detection software analyzes emails for exploits – i.e., it scans for methods used to exploit the OS, email client or Internet Explorer – that can permit execution of code or a program on the user’s system. It does not check whether the program is malicious or not. It simply assumes there is a security risk if an email is using an exploit in order to run a program or piece of code. In this manner, an email exploit engine works like an intrusion detection system (IDS) for email. The email exploit engine might cause more false positives, but it adds a new layer of security that is not available in a normal antivirus package, simply because it uses a totally different way of securing email. Antivirus engines do protect against some exploits but they do not check for all exploits or attacks. An exploit detection engine checks for all known exploits. Because the email exploit engine is optimized for finding exploits in email, it can therefore be more effective at this job than a general purpose antivirus engine. Exploit engine requires less updates An exploit engine needs to be updated less frequently than an antivirus engine because it looks for a method rather than a specific virus. Although keeping exploit and antivirus engines up-to-date involve very similar operations, the results are different. Once an exploit is identified and incorporated in an exploit engine, that engine can protect against any new virus that is based on a known exploit. That means the exploit engine will catch the virus even before the antivirus vendor is aware of its emergence, and certainly before the antivirus definition files have been updated to counter the attack. This is a critical advantage, as shown by the following examples that occurred in 2001. The Lessons of Nimda, BadTrans.B, Yaha and Bugbear Nimda and BadTrans.B are two viruses that became highly known worldwide in 2001 because they infected a colossal number of Windows computers with Internet access. Nimda alone is estimated to have affected about 8.3 million computer networks around the world, according to US research firm Computer Economics (November 2001). Why you need an email exploit detection engine 3
  • 4. Nimda is a worm that uses multiple methods to automatically infect other computers. It can replicate through email using an exploit that was made public months before Nimda hit, the MIME Header exploit. BadTrans.B is a mass-mailing worm that distributes itself using the MIME Header exploit. BadTrans.B first appeared after the Nimda outbreak. With their highly rapid infection rate, both Nimda and BadTrans.B took antivirus vendors by surprise. Though the vendors tried to issue definition file updates as soon as they learned about each virus, the virus had already succeeded in infecting a large number of PCs by the time the antivirus updates were released. Though both viruses used the same exploit, antivirus vendors had to issue a separate definition file update for each. In contrast, an email exploit detection engine would have recognized the exploit used and identified the attempt to automatically launch an executable file using the MIME header exploit. As a result, it would have blocked both worms automatically, preventing infection. Other examples of exploits Double extension vulnerability Viruses: Klez, Netsky and Lovegate. What it does: Malicious files are given a double extension such as filename.txt.exe to trick the user into running the executable. URL spoofing exploit Viruses: No virus/worm has been found to be using this method. However it has been used to inject backdoors on Windows computers. What it does: Allows spammers and phishers (scammers, or people trying to defraud computer users) to fool users to visit a malicious website instead of a legitimate one. Object data file execution Viruses: Bagle.Q. What it does: Allows attackers to automatically infect unpatched versions of Internet Explorer/Outlook (Express) by downloading and executing code from an HTTP site. The GFI MailSecurity exploit engine The exploit engine configuration in GFI MailSecurity Why you need an email exploit detection engine 4
  • 5. GFI MailSecurity™ for Exchange/SMTP includes an email exploit detection engine as one of several key components designed to provide comprehensive protection against email threats. Drawing on GFI’s research on email exploits, this engine detects signatures of currently known email exploits and blocks any messages containing those signatures. GFI MailSecurity contains checks for all important email exploits and can also automatically download new exploit checks as they become available. Other GFI MailSecurity features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an HTML threats engine, to disable HTML scripts; a Trojan & Executable Scanner, to detect malicious executables; and more. For further information and to download a full trial, please visit http://www.gfi.com/mailsecurity. About GFI GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. Why you need an email exploit detection engine 5
  • 6. USA, CANADA AND CENTRAL AND SOUTH AMERICA GFI 1036 may11 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.