Larry Seltzer to Valdis Kletnieks: > >>If they'll go to the effort of saving an encrypted .zip file, then > opening it with the provided password, they'll open a .doc file. > > I'm actually not convinced that the encrypted zip file technique was > ever very successful. There's no way to prove it was. All those worms > sent out in this way were also sent out in unencrypted form.
All? I think that's wrong. I'm fairly sure there were a few that only went out in pwded .ZIPs, but can't check just now. These were NOT the most successful ones of their era though. I can confirm (without offerring the details of the confidentially provided proof) that some of these pwded .ZIPs achieved the apparent aim of this technique -- getting past corporate policies that specifically allowed pwded .ZIP attachments _AND_ in at least a few cases got unpacked and run. > I've asked the malware companies about this over the years and never got > an answer, and I think it's because they don't know, and they can't > know. I think you're right that using pwded .ZIP, per se, does not make mass- mailers notably more successful, but it will almost certainly (still) get a few instances of such a virus unpacked and run places it wouldn't otherwise, and once upon a time that increased the chance of what I call "the Boeing effect" coming into play... Anyway, this is mainly of academic interest now, as in general the attack scenario is no longer anything like the "get really big, really fast and don't worry about making lots of noise while doing it" approach that motivated the folk behind most of those viruses we are talking about here. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
