CS 493, Fall 2003

Assignment #4: 10 points

Due Date: Tuesday, 11/4/03.

(2)  1.	Configure the Windows Outlook email client for your account on
	an IA lab workstation by clicking on the Outlook icon on the
	desktop.  You will be using a POP email server named mail.ia.lab.
	The Outlook configuration panel should be set up 
	as shown, using your name and IA lab email address for the 
	User and Logon Information fields.  (This panel is displayed by
	the Outlook wizard or from the Outlook "Tools->Email Accounts" 
	menu.) The email password is 'x' for all accounts.  Click on 
	"Test Account Settings" to see if your client is correctly 
	configured.  Under "More Settings..." Advanced tab, select the 
	options for "Leave a copy of messages on server" and "Remove from 
	server when deleted from Deleted Items." 

	When your setup is complete you should find a welcome message 
	requesting a reply to complete this problem.  There should also be 
	a second email with the subject: Microsoft Security Patch.  This 
	message is the subject of Problem #2 so try not to delete it.**

(3)  2.	You should have received a second email message with the subject:
	Microsoft Security Patch.  Try to read this email in Outlook and
	explain what happens.  Be careful not to delete this email from
	the server.  Try opening the attachment named update.exe and
	explain what happens.  The attachment is also available on the IA
	lab internal class website under Exploits.  What happens when you
	try to download it to the workstation using a web browser?  What 
	is update.exe and how did you identify it?**

(3)  3. Reboot target1-target5 into Windows and then login to a Windows 
	target machine as Administrator from the KVM console. (Check the 
	IA lab internal class website for target logins and passwords.)
	Configure an Outlook email client as before for your workstation 
	email address.  Turn off Symantec Anti-virus (must be Administrator)
	and read the message from Problem #2.  Open and execute the 
	attachment named update.exe.  Describe in detail what happens.**

(2)  4.	Turn on Symantec Anti-virus (or install it from the IA lab
	internal website if not already installed) and scan the target 
	machine from Problem #3.  Report your findings.  If a virus is found,  
	go to the internal class website from the target machine to obtain 
	the removal tool for update.exe.  Run the removal tool and then
	repeat the virus scan and report your results. 

(XC) 5.	Examine the other Windows targets for evidence of propagation
	of the virus from the infected target.  Hint:  Check email on
	the user accounts.**

      **For full credit, turn in commented program listings and the
        exact output of the computer runs for this problem.