Virus authors and Trojan writers are using fresh malware tricks to fool traditional content filtering packages, email security firm MessageLabs says. A feature of Microsoft Outlook can be exploited to evade content filters and persuade an email recipient that an attachment is safe to open - even when it contains malicious code.
How the New Exploit Works The exploit relies on especially crafted email headers, creating an attachment with three file-extensions. Standard email packages will not generate these headers; these emails must either be created by hand, or using hacker tools (many of which are freely available, MessageLabs warns). The first extension (e.g. .jpg) is visible to the email user, and is intended to persuade them that the attachment is "safe". The final extension (also, for example, .jpg) is used by Microsoft Outlook to set the icon to represent the application for opening the attachment. However, the unusual middle extension (.EXE) is used by Outlook to determine how to launch the attachment, therefore an .EXE file will be executed if a user double clicks on an infected attachment. Other examples may include .COM, .PIF, .SCR, or .VBS. Read the full story at : The Register