E-mail viruses can circumvent server-based antivirus protection and attack users of certain Microsoft Corp. e-mail clients when part of the malicious code is hidden in the header of an e-mail message, a Dutch expert said Friday.
"The affected e-mail clients are flawed in the way they handle the headers, allowing the attacker to hide and deliver a virus," said Valentijn Sessink, a consultant at Linux company Open Office VOF in Amsterdam.
The problem has been proven on Outlook Express 5.5 and 6.0, Sessink said. Other versions of Outlook and Outlook Express are likely affected, he said. The most recent version of Outlook Express is 6.0, which comes with Internet Explorer 6.0. Outlook Express for the Macintosh appears not to be affected.
Affected Outlook clients will interpret the manipulated code as a command to display an attachment, while clients that don't have the bug will only display a couple of squares in the subject field and indecipherable code in the body of the message. Server-based virus scanners that only scan attachments won't catch the virus because it, technically speaking, is not an attachment, but a malformed header, Sessink said.
Users relying on server-based protection, for example in a company or at home where certain Internet service providers offer e-mail scanning, are at risk. Desktop antivirus protection will still catch the virus when the attachment is opened, Sessink said.
Alex Shipp, senior antivirus technologist at MessageLabs Ltd., which operates an e-mail virus scanning service, said that although his service would catch a virus hidden in the way described by Sessink, it is possible that other services wouldn't.
News source: ITWorld - Hidden viruses can circumvent server-based protection