POP3: .JSE

This signature detects e-mail attachments that have the extension .jse and were received through POP3. Because .JSEs (JavaScript Encoded) files contain scripts, this can indicate an incoming e-mail virus. Attackers can create malicious scripts, tricking users into executing the file and infecting the system.

Extended Description

Since .jse files can contain script, malware writers can exploit this vulnerability by inserting malicious code. A target system is compromised if an unsuspecting user opens a malicious .jse file, which is usually received by e-mail. The impact on the target system is dependent on the instructions contained in the malicious .jse file.

References

URL: http://www.cknow.com/vtutor/FileExtensions.html http://www.novatone.net/mag/mailsec.htm http://support.microsoft.com/?kbid=235309

Short Name

POP3:EXT:DOT-JSE

Severity

Major

Recommended

False

Recommended Action

Drop

POP3: .JSE

Extended Description

References

Found a potential security threat?