A friendly forum to get help and support
 
PortalPortal  HomeHome  GalleryGallery  FAQFAQ  SearchSearch  RegisterRegister  Log in  

Share | 
 

 The CLSID file

View previous topic View next topic Go down 
AuthorMessage
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: The CLSID file    4/11/2012, 20:51

I just got an email from a friend with an attachment that didn't have a file extension. I deleted the email without opening the attachment. If you ever get an email from someone you know with a file attached that doesn't have a file extension, here's what to be aware of:

Why is this type of content dangerous? Attachments that end with a Class ID (CLSID) file extension do not show the actual file extension saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are actually innocent files, such as JPG or WAV files. This method may also circumvent attachment checking in some email content filtering solutions.

Which viruses made use of this method? There are no well-known successful worms or viruses that use this method to trick the user into running an email attachment. However, this method is ripe for exploitation and can be used by hackers to inject Trojan horses inside a corporate network or in future viruses.

How can I protect against this in GFI MailSecurity? Enable the email exploit engine from the GFI MailSecurity configuration. This test is caught as CLS-ID file extension (ID:1).

Will a worm that uses this method run automatically? Attachments are not normally executed automatically. However many users are very easily fooled into running dangerous files as proven by worms such as LoveLetter. Attachments using a CLSID extension may further entice the user into running them as their real extension is hidden.

How does it work exactly? The CLSID file in the example is actually an MDB file. MDB (Microsoft Database) will execute code in the same way as EXE and VBS files, and should therefore be treated as dangerous.

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: The CLSID file    4/11/2012, 23:37

Repa

You said
Quote :
How can I protect against this in GFI MailSecurity? Enable the email exploit engine from the GFI MailSecurity configuration. This test is caught as CLS-ID file extension (ID:1).


Can you explain that?. I have not idea what the GFI mail seucrity configuration is.


You said
Quote :
The CLSID file in the example is actually an MDB file

what example?

Fay
Back to top Go down
View user profile
angelface1961
Royal Geek
Royal Geek
avatar

Number of posts : 579
Location : Iron Range
Registration date : 2009-01-10
Mood : fine

PostSubject: Re: The CLSID file    4/12/2012, 00:20

I must be really tired, you used a LOT of big words and my brain missed most of what you said. Good questions Faye.
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: The CLSID file    4/12/2012, 01:36

fay47 wrote:
Repa

You said
Quote :
How can I protect against this in GFI MailSecurity? Enable the email exploit engine from the GFI MailSecurity configuration. This test is caught as CLS-ID file extension (ID:1).

Can you explain that?. I have not idea what the GFI mail seucrity configuration is.

I'm sorry ladies, I was in a hurry and not paying attention. Needed to get to my income tax returns and copied some information from the following website without paying attention to everything it said.

http://www.gfi.com/emailsecuritytest/faq.htm

I should have left out the part that you are asking questions about. I just wanted to communicate that this type of attachment is potentially dangerous.

The GFI MailSecurity test is explained here:

http://www.gfi.com/emailsecuritytest/

You said
Quote :
The CLSID file in the example is actually an MDB file
what example?

If you decide to sign up to take the test described at the above link, I think they are referring to the file they will send you to test your email system vulnerability against this kind of file. You need to read the information at the above link to understand fully what they are talking about. I found it kind of interesting.

Fay
Sorry about not being more specific previously. Now, back to my income tax return!

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: The CLSID file    4/12/2012, 10:10

Repa,

Thanks for the information. I am going to look into a bit when I get a chance. Does kind of concern me.

Good luck on you taxes!!!

Fay
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: The CLSID file    4/12/2012, 21:12

I need to do some more reading on this. From what I read, the clsid's can be on files that have an extension - like .txt etc, but the clsid will not show. So you click on a file thinking it is a .txt file - and it executes soemthing pointed to by the clsid - scary.

I need to try the tests again. I selected the ones that I thought might apply to me and ran the test. Most of them were caught by my ISP's filter as a Virus and was directed to their message center. It had flagged them as a virus insread of jut as junk mail so would not even let me select them to be delivered. I kind of wanted to see what the clsid file looked like.

I don't know what happened to a couple of the tests- I did not see them in my inbox or the message center and Avast did not give a warning message. So dont know where they went. I went back and tried to run the test again to make sure I had selected them, but it didn't work - said it had already been done.

I may have to wait a while and then try again.

I want to try to find out if there is some way to make the clsid on the files show up when you look at the file name.

I always thought a .txt file was safe, now I will be paranoid about opening any file
Sad

Fay
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: The CLSID file    4/12/2012, 23:21

fay47 wrote:
I need to do some more reading on this. From what I read, the clsid's can be on files that have an extension - like .txt etc, but the clsid willI always thought a .txt file was safe, now I will be paranoid about opening any file

LOL, I already am paranoid! Yea, and CLSID files can have no extention too, or one you can't see. My computers are not toys and I don't take any chances. I'll dump any email from a friend that doesn't look right. Have received emails from friends that a hacker got into their account and sent the email with malicious links, suspicious files, etc. There is even a way to have malicious code in the body of an email and therefore recommend that people using an email client on their computer like Outlook make sure their preview pane is not enabled. That is also why I recommend going to the ISP's email web page or signing up for services like hotmail instead of using an email client on the computer.

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: The CLSID file    4/13/2012, 23:39

Too bad we can't just enjoy our computers instead of having to worry about all the people out there that just want to cause problmes for others.

Fay
Back to top Go down
View user profile
Sponsored content




PostSubject: Re: The CLSID file    

Back to top Go down
 
The CLSID file
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» All Nokia BB5 MCU PPM CNT Flash File Here By ..::sunny boy::..
» Gfive W1 mtk 6253 4 sim flash file
» All Nokia BB5 Flash File
» All Nokia BB5 MCU+PPM+CNT FLASH FILE HERE TESTED By *********®™
» After the Fact Revelation

Permissions in this forum:You cannot reply to topics in this forum
Geeks, Geeks and More Geeks :: Windows Computer Help :: Computer Security-
Jump to: