Yes,
But we all know that IE caters to the lazy people in each of us. =]On Thu, 2003-06-26 at 09:43, Richard M. Smith wrote: > Hi Peter, > > Thanks for the background info. Because of the password issue, any > security protections for .ZIP files need to be built into a unzipper > program. As a minimum, Microsoft needs to put a warning dialog in the > Windows unzipper when double-clicking on an executable file in a .ZIP > file that comes attached to an email message. Better yet, don't allow > .ZIP files to be opened from an email message. Force people to save > them first. Netscape had this second basic protection scheme in > Communicator years ago. > > Richard > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Peter Kruse > Sent: Thursday, June 26, 2003 8:57 AM > To: [EMAIL PROTECTED] > Subject: SV: [Full-Disclosure] A worm... > > > Hi Richard, > > Well, it might be the first wide-spread of it�s kind but it�s certainly > not the first to use zip to hide itself. Also it�s trendy to put > malicious code inside the new rar format and spread it. I suppose it�s > fairly easy to write a worm that packs itself with a random password and > inserts this into a e-mail sent to the victim. This way it will pass > most AV-gateway scanners since they won't have access to scan inside the > zipe archive. > > Also XP is quite vulnerable to this type of trick. If you attach a zip > file and opens it open a Windows XP to build in zip-feature will open > the zipped file in a new window from where the user can active the > malicious directly without unziping the files :-( > > Others that have used the zip trick is bogusbear. A search on google > will give you plenty hits. > > I diod write a article about this back in October 2002. Unfortunately > it�s in Danish so many of you guys won't understand a word. Anyways, I > pointed out that this would be used in future malicious code and so it > happened - I guess I got "lucky". > http://www.comon.dk/index.php?page=news:show,id=12315 > > Med venlig hilsen // Kind regards > > Peter Kruse > Kruse Security > http://www.krusesecurity.dk > > > > > -----Oprindelig meddelelse----- > > Fra: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] P� vegne af > > Richard M. Smith > > Sendt: 26. juni 2003 13:55 > > Til: [EMAIL PROTECTED] > > Emne: RE: [Full-Disclosure] A worm... > > > > > > This is the first worm that I am aware of that hides itself > > inside of a .ZIP file. This trick prevents the worm > > executable from being deleted by the Outlook Security Update. > > Looks like Microsoft will need to now think about how to > > deal with malicous code inside of attached .ZIP files. > > Outlook 2002 does provide a security warning when opening the > > .ZIP file. But everyone knows that .ZIP files are safe, > > right? I don't believe there is any security warning when > > running the .PIF file inside of the .ZIP, but I didn't try > > this particular experiment. ;-) > > > > Richard > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of KF > > Sent: Wednesday, June 25, 2003 9:11 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] A worm... > > > > > > I believe Simon is well aware of what virus this is... the > > question was > > in relation to the zipping of the payload. I believe he was > > wondering if > > > > this (zipping of payload) was some new Antivirus evasion trick or if > > there was something more to it (like simply hoping a retarded > > user would > > > > unzip and run the .pif). > > > > >>I know what it is, but since when did the pif worm start zipping > > itself? > > >>did I miss something? > > >> > > -KF > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
signature.asc
Description: This is a digitally signed message part
