Viruses find way round server-based protection

Source: CW360

E-mail viruses can circumvent server-based antivirus protection and attack users of certain Microsoft e-mail clients when part of the malicious code is hidden in the header of an e-mail message, according to a security expert.

"The affected e-mail clients are flawed in the way they handle the headers, allowing the attacker to hide and deliver a virus," said Valentijn Sessink, a consultant at Linux company Open Office VOF in Amsterdam.

The problem has been experienced with Outlook Express 5.5 and 6.0, Sessink said. Other versions of Outlook and Outlook Express may also be affected. The most recent version of Outlook Express is 6.0, which comes with Internet Explorer 6.0. Outlook Express for the Macintosh appears not to be affected.

Affected Outlook clients will interpret the manipulated code as a command to display an attachment, while clients that don't have the bug will only display a couple of squares in the subject field and indecipherable code in the body of the message. Server-based virus scanners that only scan attachments won't catch the virus because, technically speaking, it is not an attachment but a malformed header, Sessink said.