<img src="http://www.knightofavl.com/images/ChrissirhC.jpg";>
-----Original Message----- From: "Randall M" <[EMAIL PROTECTED]> To: "'Micheal Espinola Jr'" <[EMAIL PROTECTED]>,"'Full Disclosure'" <[email protected]> Date: Tue, 26 Apr 2005 18:39:51 -0500 Subject: RE: [Full-disclosure] Re: email attack vector just got wider > > Just my 2cents worth. About the only defense is using programs such as > MailSecurity to block and alert when anything is encrypted or password > protected. > > > > thank you > Randall M > > "If we ever forget that we're one nation under God, then we will be a nation > gone under." > - Ronald Reagan > _________________________________ > > > > > _____ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Micheal > Espinola Jr > Sent: Tuesday, April 26, 2005 11:56 AM > To: Full Disclosure > Subject: [Full-disclosure] Re: email attack vector just got wider > > > an update: > > My latest finding is that Adobe PDF's with embedded attachments can be > bundled and distributed as a Secure Electronic Envelope (eEnvelope). > eEnvelopes are designed to protect documents in transit with the use of > encryption. > > Password protected .ZIP's are typically addressed at the SMTP gateway by AV > software with the option to strip or reject compressed file attachments that > are not readily scan-able (due to the password protection, etc). > > Although Adobe recommends enabling scanning all file types in order to scan > a PDF (and ass/u/me'ing its embedded contents as well), an AV scanner is not > currently going to be able to scan this encrypted content until the content > has been rendered/unencrypted at the desktop. > > While many AV vendors have factored certain compressed archive standards > into their products, I have seen no indication that this is being addressed > for this relatively new and already widely deployed product. > > Call me a worry-wort, but I foresee this is the next "in" for malware > distribution. > > > > On 4/25/05, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote: > > Perhaps not "just". My apologies for those that are aware of this, but it > seems Adobe 6 also had this capability - although many people have been > unaware of this. I recently upgrade from 5 to 7, so I missed this potential > issue from the get-go. > > Someone pointed out to me that Symantec does have a bulletin stating that by > setting your AV to "scan all files" you can detect a virus inside a file > embedded into a PDF. > > Unfortunately, this does not address the blocking of certain attachments > outright. > > > > On 4/25/05, Micheal Espinola Jr <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > wrote: > > It seems most people I know haven't noticed that the new version of Adobe > Acrobat (7) now allows for embedded/attached documents. > > Since PDF's have generally been considered a safe document format and are > typically not blocked by content/attachment scanners, this now opens an > email-based attack vector that anti-virus providers [to the best of my > knowledge] are not currently addressing. > > Many thanks to Adobe for creating another issue for us to deal with, and > especially for not having the forethought to coordinate with anti-virus > vendors to prepare for assuredly future exploitation of the technology. > > > -- > ME2 > > my home: <http://www.santeriasys.net/> > my photos: < <http://mespinola.blogspot.com/> > http://mespinola.blogspot.com/> > > > > > -- > ME2 > > my home: < <http://www.santeriasys.net/> http://www.santeriasys.net/> > my photos: < <http://mespinola.blogspot.com/> > http://mespinola.blogspot.com/> > > > > > -- > ME2 > > my home: <http://www.santeriasys.net/> > my photos: <http://mespinola.blogspot.com/> > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
![http://www.knightofavl.com/images/ChrissirhC.jpg"](http://www.knightofavl.com/images/ChrissirhC.jpg"){kind=link}