The Email Exploit engine

Introduction to e-mail exploits

What is an exploit?

An exploit uses known vulnerabilities in applications or operating systems to compromise the security of a system, for example execute a program or command, or install a backdoor. It "exploits" a feature of a program or the operating system for its own use.

What is an e-mail exploit?

An email exploit is an exploit launched via email. An email exploit is essentially an exploit that can be embedded in an email, and executed on the recipient's machine either once the user opens or receives the email. This allows the hacker to bypass firewalls and anti-virus products.

Difference between Anti Virus software & Email exploit detection software

Anti-virus software is designed to detect malicious code. It does not necessarily analyze the method being used to execute the code.

The email exploit detection engine analyses emails for exploits - i.e., it scans for methods to execute a program or command on the user's system. The email exploit engine does not check whether the program is malicious or not. Rather, it assumes a security risk if an email is using an exploit in order to run a program or command - whether or not the actual program or command is malicious.

In this manner, the email exploit engine works like an intrusion detection system (IDS) for email. The email exploit engine might cause more false positives, but it is more secure than a normal anti-virus package, simply because it uses a totally different way of checking for e-mail threats.

Furthermore, the email exploit engine is optimized for finding exploits in email, and can therefore be more effective at this job than a general purpose anti-virus engine.