| GEN:SID | 1:729 |
| Message | VIRUS OUTBOUND .scr file attachment |
| Summary | This event is generated when network traffic indicating the use of a multimedia application is detected.
|
| Impact | This may be a violation of corporate policy since these applications can be used to bypass security measures designed to restrict the flow of corporate information to destinations external to the corporation.
|
| Detailed Information | Multimedia client applications can be used to view movies and listen to music files. Some also include file sharing facilities. Use of these programs may constitute a violation of company policy.
Clients may also contain vulnerabilities that can give an attacker an attack vector for delivering Trojan horse programs and viruses.
|
| Affected Systems | All systems running multimedia applications
|
| Attack Scenarios | A user can download files from a source external to the protected network that may contain malicious code hidden in the file giving an attacker the opportunity to gain access to a host inside the protected network.
|
| Ease of Attack | Simple.
|
| Corrective Action | |
| Additional References | |