On Mon, 1 Mar 2004, Ola Thoresen wrote: > Mon, 01 Mar 2004 at 09:06 GMT "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote > > > > Since the password is the same, hopefully it won't take virus db team > > long to update the signature. > > However what IF: > > > > - there's a new virus > > - the virus just passes known (detected) worm, in a zip file > > - the zip file is password-protected, and the password always changes > > (random, included in email body), thus > > - the zip file always changes. Creating signature from zip is > > imposssible. > > - ClamAV can't extract the real content. > > > > Please forgive my ignorance, I have not used windows in a long time, but > if the Zip-file is password protected, how can the virus spread? > > How does the user trying to extract the content know the password? > Especially if it is a "random" password for each file? > I'm guessing here, but one could immagine that the worm/virus generates a random password for the ZIP archive and then writes the password in the body of the mail, hoping that the recipient will extract the archive using the provided password and run the executable.
/Jesper Juhl ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
