The "+" sign in indicates the contents are password protected. The zip file contains a "whatever.exe" file which is PW protected, as opposed to containing a "whatever.exe+" file.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Nurv > Sent: Wednesday, March 03, 2004 7:53 AM > To: Exchange Discussions > Subject: Re: Time to start preparing - bagle.h > > > I am seeing the file inside of the .zip as being .exe+. > Norton gateway > is not seeing this as a variable of .exe and it is letting > the message > through. I have sent Sarc a copy this file. I hope they will > release an > update to allow blocking of .exe+. > The bad part about it is the password for the exe+ is in the > body of the > message and its relying on the end user to type it in. I know > for a fact > I have some users who will do this. Scary...... > > > Steve wrote: > > >Well I think we all saw this coming. Originally it was safe to allow > >zip's to pass through and we all know that is no longer true. I > >personally have been at a 0 day infection site (when no > pattern file was > >available) twice in the past 3 weeks for two different worms > that came in > >as zip files Now this: > > > >http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VNa > me=WORM_BAGLE.H > > > > > >A worm\virus that comes in as a password protected zip. Now > things are > >going to get interesting on how we protect our mail systems. > Any one have > >any thoughts? One of the ideas that is being tossed around here is > >stripping all attachments and storing them in a central DB > and replacing > >the attachments with URLs (via 3rd party program most > likely). This would > >put all the attachments in a central store and be easier to > manage and > >during an outbreak we would have more power over the data in that > >repository and who can access it (makes cleaning up easier > too I would > >think). Anyhow, time to start planning and being > proactive....any ideas? > > > >Steve > > > >_________________________________________________________________ > >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > >Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] >To unsubscribe via postal mail, please contact us at: >Jupitermedia Corp. >Attn: Discussion List Management >475 Park Avenue South >New York, NY 10016 > >Please include the email address which you have been contacted with. > > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang= english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
