According to a thread on the ClamAV users lists, the worm "Bagle.F" is now spreading via password protected zip files. The text body of the email message contains the password.
This appears to be the latest attempt to defeat AV scanners who cannot detect malware in zip files that they cannot unzip. The worm apparently changes the password on the fly, so that each file has a different password -- thus each zip file would have a different signature. In most organizations, it is not practical to block all zip files. Replacing zip files with URLs is clearly sometimes an option. But I wonder is there a more generic solution... some way to block (or replace with URL) only password protected zip files? There has to be a decent solution to this problem! TIA for everyone's thoughts. JK -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
