Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: GMail blocking "executable" attachments

from [Scovetta, Michael V] Network Security [Permanent Link]
Subject: RE: GMail blocking "executable" attachments
Date: Wed, 20 Apr 2005 19:44:21 -0400 
Mike,
  Wow, I really didn't expect that. That could be considered a
vulnerability. *.txt files should not be executed, even if the
underlying content is in a binary format. A few things I've noticed:

1. Renaming foo.exe to foo (no extension) prevents foo from being
executed. It seems that just about any other extension (com, bat, .bar,
.txt) all have it executed.

2. It seems that only .exe files. Renaming batch files to .xyz doesn't
work, and renaming it to a .zip brings it up in winzip (or whatever is
registered for .zip files). .com files also don't work if you change the
extension. 

Consider renaming new_virus.exe to new_britney_spears.mp3 and pushing it
out to kazaa or something. People download it, and click on it in
Explorer. The file does whatever it wants to, because it's an
executable, and isn't picked up by winamp/etc.

Does anyone know if there's a registry key to disable this "feature"?

Michael Scovetta
Computer Associates
Senior Application Developer


-----Original Message-----
From: Michael Silk [mailto:michaelslists@gmail.com] 
Sent: Wednesday, April 20, 2005 7:30 PM
To: Scovetta, Michael V
Cc: webappsec@securityfocus.com
Subject: Re: GMail blocking "executable" attachments

I'm pretty sure they do.

It's depends on where the content will be delievered, I guess. If the
extension makes a difference as to whether it is executed or not then
there is no point checking the internal content. If the file is
executed based on it's header, then definately check it.

For example, find an executable, rename it to .txt and then go into
dos and type:
"whatever.txt". In my windows 2k and presumably XP, it will run it as
an executable, and not open it with notepad. If you double-click on it
from explorer, notepad opens it.

There should probably be a setting [but I suspect there already is] to
perform such a scan on the scanners you have on your servers.

-- Michael


On 4/19/05, Scovetta, Michael V <Michael.Scovetta@ca.com> wrote:

All-

I've noticed that G-Mail blocks attachments that contain "executable"
files. (A zip file containing an .MDB, and even a zip file containing

a

zip file containing an .MDB). I assume they'd block all the usual
suspects, but isn't that sort of the point of sending e-mails with
attachments? Renaming the enclosed .MDB to .TXT allows it to be send
through, so it's not really a major problem. Do you think Google

should

be deep-scanning the files for content, or just the extension, and

would

running a virus detector against it be just as good?

No real issue here, I just thought it was interesting-not sure if

other

major email providers do the same thing.

Regards,

Michael Scovetta
Computer Associates
Senior Application Developer
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SV: suggesting passwds to users, Fredrik Hesse
Next by Date:  Re: GMail blocking "executable" attachments, Michael Silk
Previous by Thread:  Re: GMail blocking "executable" attachments, James Riden
Next by Thread:  MSDN Webcast: Know Your Options for Data Validation (Level 300), David Raphael
Indexes:  [Date] [Thread] [Top] [All Lists]