CS 493, Fall 2003
Assignment #4: 10 points
Due Date: Tuesday, 11/4/03.
(2) 1. Configure the Windows Outlook email client for your account on
an IA lab workstation by clicking on the Outlook icon on the
desktop. You will be using a POP email server named mail.ia.lab.
The Outlook configuration panel should be set up
as shown, using your name and IA lab email address for the
User and Logon Information fields. (This panel is displayed by
the Outlook wizard or from the Outlook "Tools->Email Accounts"
menu.) The email password is 'x' for all accounts. Click on
"Test Account Settings" to see if your client is correctly
configured. Under "More Settings..." Advanced tab, select the
options for "Leave a copy of messages on server" and "Remove from
server when deleted from Deleted Items."
When your setup is complete you should find a welcome message
requesting a reply to complete this problem. There should also be
a second email with the subject: Microsoft Security Patch. This
message is the subject of Problem #2 so try not to delete it.**
(3) 2. You should have received a second email message with the subject:
Microsoft Security Patch. Try to read this email in Outlook and
explain what happens. Be careful not to delete this email from
the server. Try opening the attachment named update.exe and
explain what happens. The attachment is also available on the IA
lab internal class website under Exploits. What happens when you
try to download it to the workstation using a web browser? What
is update.exe and how did you identify it?**
(3) 3. Reboot target1-target5 into Windows and then login to a Windows
target machine as Administrator from the KVM console. (Check the
IA lab internal class website for target logins and passwords.)
Configure an Outlook email client as before for your workstation
email address. Turn off Symantec Anti-virus (must be Administrator)
and read the message from Problem #2. Open and execute the
attachment named update.exe. Describe in detail what happens.**
(2) 4. Turn on Symantec Anti-virus (or install it from the IA lab
internal website if not already installed) and scan the target
machine from Problem #3. Report your findings. If a virus is found,
go to the internal class website from the target machine to obtain
the removal tool for update.exe. Run the removal tool and then
repeat the virus scan and report your results.
(XC) 5. Examine the other Windows targets for evidence of propagation
of the virus from the infected target. Hint: Check email on
the user accounts.**
**For full credit, turn in commented program listings and the
exact output of the computer runs for this problem.