Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:729 |
Message | VIRUS OUTBOUND .scr file attachment |
Summary | This event is generated when network traffic indicating the use of a multimedia application is detected. |
Impact | This may be a violation of corporate policy since these applications can be used to bypass security measures designed to restrict the flow of corporate information to destinations external to the corporation. |
Detailed Information | Multimedia client applications can be used to view movies and listen to music files. Some also include file sharing facilities. Use of these programs may constitute a violation of company policy. Clients may also contain vulnerabilities that can give an attacker an attack vector for delivering Trojan horse programs and viruses. |
Affected Systems | All systems running multimedia applications |
Attack Scenarios | A user can download files from a source external to the protected network that may contain malicious code hidden in the file giving an attacker the opportunity to gain access to a host inside the protected network. |
Ease of Attack | Simple. |
Corrective Action | |
Additional References |
--
DID:744920
--
http://www.aanval.com/