POP3: .URL

This signature detects e=mail attachments with the extension .url received through POP3. This can indicate an incoming e-mail virus. .URLs (Internet Shortcut) contain a link to a Web location. Attackers can create a malicious shortcut, tricking the user into executing the file and send the user to a malicious Web site.

Extended Description

Malware authors can include malicious links in Internet shortcut files that have the extension .url. Remote attackers can compromise a target system if unsuspecting users open and execute malicious .url files. The impact on the target system is dependent on the instructions contained in the malicious .url file.

References

URL: http://www.cknow.com/vtutor/FileExtensions.html http://www.novatone.net/mag/mailsec.htm http://support.microsoft.com/?kbid=235309

Short Name

POP3:EXT:DOT-URL

Severity

Major

Recommended

False

Recommended Action

Drop

POP3: .URL

Extended Description

References

Found a potential security threat?