On Thu, 2003-10-16 at 23:08, Roberto Sanchez wrote: > Tom wrote: > > On Thu, Oct 16, 2003 at 11:01:51PM -0400, Roberto Sanchez wrote: > > > >>stuart whittaker wrote: > >> > >>>file will unzip with winzip. > >>> > >>> > >> > >>Since the message was HTML generated with some M$ tool I would > >>guess that the attachment contains a virus of some sort. > >>Maybe we are witnessing fledgling attempts at social engineering > >>to get Linux users download and execute viruses? > >> > >>Maybe I am just being paranoid. Anyone want to start a pool and > >>take bets? > >> > > > > > > I was just thinking that since most people believe "executable > > attachments bad; MSWord attachments bad" the smartest thing for virus > > writers to do would be look for buffer exploits in apps and send docs > > that exploit those. What if the mere act of unzipping a zip was the > > attack vector? Since the Windows zip is now a DLL loaded in-process > > with explorer.exe, that would be the way to go. > > > > > > Except that the attachment to the initial message was a .tgz, which > Windows cannot handle without a third party app. Had it been a .zip, > I would have immediately suspected what you said.
The OP says "file will unzip with winzip", so maybe it will. However, I took the moment to save the file and look at it. Very innocuous: $ tar tvfz dbg_log.tgz drwxr-xr-x root/root 0 2003-10-16 22:25:47 dbg_log// -rw-r--r-- root/root 10908 2003-10-16 22:25:47 dbg_log/messages -r--r--r-- root/root 372 2003-10-16 22:25:47 dbg_log/cpuinfo -r--r--r-- root/root 2099 2003-10-16 22:25:47 dbg_log/pci -r--r--r-- root/root 110 2003-10-16 22:25:47 dbg_log/cmdline -r--r--r-- root/root 188 2003-10-16 22:25:47 dbg_log/partitions -r--r--r-- root/root 145 2003-10-16 22:25:47 dbg_log/mounts -r--r--r-- root/root 124 2003-10-16 22:25:47 dbg_log/version -rw-r--r-- root/root 42 2003-10-16 22:25:47 dbg_log/fstab -rw-r--r-- root/root 378 2003-10-16 22:25:47 dbg_log/hda.fdisk-dump -- ----------------------------------------------------------------- Ron Johnson, Jr. [EMAIL PROTECTED] Jefferson, LA USA "The UN couldn't break up a cookie fight in a Brownie meeting." Larry Miller -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
