Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

blocking BHX files with MIME

from [lsi] Network Security [Permanent Link]
Subject: blocking BHX files with MIME
Date: Tue, 16 May 2006 12:53:11 +0100 
..is done by filtering for the following string:

YmVnaW4gNj

This string appears as the first ten bytes of the first line of a BHX 
file encoded in MIME (eg. as it appears in an email).  So all BHX 
files can be filtered by searching for that string.

I forward this info as I've seen some BHX files come in recently 
attached to fake bounce messages, I presume its a virus of some kind 
but I didn't bother to open one so I couldn't be sure ... of course 
if you/your users have a use for BHX attachments, don't block them.

This technique is a variation of that used to block all EXEs, ZIPs 
and WMFs previously detailed in this forum and also on the web at 
various places, including here: 
http://www.spampalforums.org/phpBB2/viewtopic.php?t=6286

Stu

---
Stuart Udall
stuart at@cyberdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: RE: McAfee 8.0 crashing Dell D620's, pauls
Next by Date:  Indemnifying virus handlers - 'Hold harmless' statements of work?, Bill Stout
Previous by Thread:  Extracting signature snippets from AV databases, Bill Stout
Next by Thread:  Re: blocking BHX files with MIME, Peter Kosinar
Indexes:  [Date] [Thread] [Top] [All Lists]