Signature Detail

Short Name	POP3:EXT:DOT-VBE
Severity	High
Recommended	No
Recommended Action	Drop
Category	POP3
Keywords	.vbe e-mail attachment
Release Date	2004/07/28
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

POP3: .VBE

This signature detects e-mail attachments with the extension .vbe received through POP3. This can indicate an incoming e-mail virus. .VBEs (VBScript Encoded Script File) contain scripts. Attackers can create malicious scripts, tricking the user into executing the file and infecting the system.

Extended Description

Virus and worm authors can exploit .vbe files by inserting malicious code. A target system is compromised if an unsuspecting user opens a malicious .vbe file. Such a file is usually received by e-mail. The impact on the target system is dependent on the instructions contained in the malicious .vbe file.

References

URL: http://www.cknow.com/vtutor/FileExtensions.html
URL: http://www.novatone.net/mag/mailsec.htm
URL: http://support.microsoft.com/?kbid=235309

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

POP3: .VBE

Extended Description

References