Signature Detail

Short Name	POP3:EXT:DOT-MDB
Severity	High
Recommended	No
Recommended Action	Drop
Category	POP3
Keywords	.mdb e-mail attachment
Release Date	2004/07/28
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

POP3: .MDB

This signature detects e-mail attachments that have the extension .mdb and were received through POP3. Because .MDBs (MS Access Application) files can contain scripts, this can indicate an incoming e-mail virus. Attackers can create malicious scripts, tricking users into executing the file and infecting the system.

Extended Description

Since .mdb files can contain scripts, malware writers can insert malicious code in the scripts. A target system is compromised when an unsuspecting user opens an .mdb file, which is usually received by e-mail. The impact on the target system is dependent on the instructions contained in the malicious .mdb file.

References

URL: http://www.cknow.com/vtutor/FileExtensions.html
URL: http://www.novatone.net/mag/mailsec.htm
URL: http://support.microsoft.com/?kbid=235309

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

POP3: .MDB

Extended Description

References