HELP ON POP3 FALSE ATTACHMENT SIGNATURE

["Aravinda T" <aravindat () internettrends co in>]

Hi all,

       In our company we are developing a host based IDS for all windows
platforms.In that they asked me to write code for detecting POP3 false
attachment attack.I am giving the description of this attack below.

Description:
                          Versions of MS Outlook are vulnerable to receiving
a hidden, potentially hostile attachment. An arbitrary string of characters,
supplied by the sender to the 'subject:' field, will be received and
interpreted by vulnerable versions of Outlook as an attachment to the
message. If this string is properly constructed, it can be executable and
capable of performing hostile actions on the vulnerable host. This can also
be used to circumvent Outlook's dangerous file security feature.

So, pls help me for writing signature of  this attack.Any info regarding
this one is highly appreciated.
Thanks and regards,
Aravind.



-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------