Modernizing Authentication — What It Takes to Transform Secure Access
The technique employs a rarely used Outlook Express feature called "message fragmentation and re-assembly" that allows users to split an SMTP-based mail message into multiple parts, the SecurITeam advisory says.
The feature is intended to enable users with lower-speed Internet connections, or with message size restrictions imposed by ISPs, to send large messages in multiple fragments. The recipient's email client reassembles the message, such that the recipient never knows it was fragmented.
Similarly, security tools won't know that the fragmented SMTP message is actually multiple parts of one whole. For example, if the sender ships out a virus in multiple parts, a virus scanner will fail to detect the virus signature, according to the SecurITeam.
The SecurITeam has assembled responses from a number of vendors detailing how or if their security products deal with the issue. The advisory can be found at: http://www.securiteam.com/securitynews/5YP0A0K8CM.html.
GFI, a UK-based vendor of email and security software, is providing a free test that administrators can run to determine whether their network is protected against the fragmentation attack. The test is available at: www.gfi.com/emailsecuritytest.