GEN:SID | 1:795 |
Message | Virus - Possible Worm - txt.vbs file |
Summary | This rule has been placed in deleted.rules. It has been superceded by sid 721.
|
Impact | Mail worms may spread rapidly because users execute them.
|
Detailed Information | Windows systems are often configured not to display file extensions. By adding a second extension, users get confused and think that an executable is a text - e.g. loveletter.txt.vbs gets displayed as loveletter.txt but is a visual basic script and not a plain text.
|
Affected Systems | |
Attack Scenarios | Famous worms (ILOVEYOU, KOURNIKOVA) are based on this method.
|
Ease of Attack | Very easy. One needs to attach a file and hope that it gets executed.
|
Corrective Action | Use antivirus software. Configure mail clients securely, especially when using windows desktops. Educate your mail users. Deny all attachments at the gateway if you can.
|
Additional References | See websites of antivirus companies.
|