-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, October 18, 2002, Nick Andriash wrote...
>>> I have never heard of a *.zip file that was itself a virus. Is >>> that what you are referring to, and if so can you point to some >>> documentation that explains how they do it or how it works? >> http://www.microsoft.com/technet/security/bulletin/MS02-054.asp > Thanks Marcus... I have read the article, but I still remain > skeptical. Why? Because if that were true, the entire Computing > World would be up in arms about it. Anti-Virus Software Companies > would be scrambling to produce Programs that would automatically > delete all *.zip files if simply opening an archive to view the > contents would in itself unleash the virus. I think you're miss-understanding how the scanning of a zip file works. It doesn't run say winzip, then open the file, then scan it. It does it in a certain order. It locks the file, and runs a signature check. Basically it scans the archive file itself (NOT CONTENT YET) to see if it matches a fingerprint of a virus. If it does, then alert the user. If it doesn't, and the AV software supports it, run an internal extraction utility to extract the files to a temporary location, then scan the content. At no point in the process does it attempt to 'run' the file. Only after it has passed the first scan does it attempt to 'open' it. > Think of all the hundreds of thousands... or millions... of *.zip > files that are being opened each and every day. That presents a > tremendous opportunity for virus makers, yet one never hears of such > exploits. It must not be a very popular exploit... either that or > there is more to unleashing the virus than simply opening a ZIP > file. You don't often hear about Word97 macro viruses any more either, but they still exist, and I get regular notifications of them flying about. The reason you tend not to hear about them is because they require a little user interaction to get them to work... ie the user has to open it. Where as take Klez for example, you didn't even have to touch the attached files, it did everything on its own. I think the people that write viruses aren't too worried about certain methods any more. With the increasing popularity of computers and the Internet, email is the quickest way to spread a virus, you cannot hit most of the world in a file that requires you to manually send it on, or copy it to a floppy disk ;) The really sad thing is most virus creators now have lost their creativity. I used to enjoy watching out for viruses (sad eh?) purely because some of them were quite comical. Take for example Pregnant... it's not really destructive as such, but some of the messages it gives you are amusing... same with cookie monster as well... ever seen somebody try feeding the Cookie Monster cookies every 3 seconds? ;) Now creativity is limited to trying to work out how to make 30 different random subjects in really bad English. - -- Jonathan Angliss ([EMAIL PROTECTED]) -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt iQA/AwUBPbBiWyuD6BT4/R9zEQK8FQCdHwrboz3hrVlJSj3yS4n/59Ktnm8An3Pt mzzhBkcbAj98B5cCDyOHcjOa =pz3V -----END PGP SIGNATURE----- ________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html