Forwarded from: KUIJPERS Jimmy <myemailaccount@private> *.zip posses no real danger in my opinion. Winzip or similiar software was installed on many end user systems anyway. Embeding this functionality with Windows XP doesn't really increase the risk of virusses spreading at all. There are virusscanners that automaticly scan e-mails attachment, including the contents of zip files. One could also opt to have e-mails with a .zip extention quarantined so that the exchange admin can look at it and then foward it to the addressed person if he considers it safe. (An admin is much more resistant to social engineering as the average. (ofcourse this does not address the needs of home users) Zip files aren't self executing when viewed in the previeuw pane as *.scr and *.exe can be made to be. The suggestion that some people are starting to make, to block .zip attachments from outlook e-mail all together by adding it to outlook's hostile file list sound ridiculous to me. Think of all the practical applications that become impossible. Also I don't think that zipping a virus will make it spread that much faster simply because a few bytes of bandwith are saved. Any e-mail send is an e-mail send, fine, it's send 0.004246746 miliseconds faster then it would have been if it's send unzipped. What does it really matter in this age we're almost every internet user has a high speed connection and the virus itself is so small it doesn't really matter at all. Yes, even if you consider the fact that it might save this small increment of time every time a user opens. The bottle neck of the spread isn't so much bandwith, since this is plenty full, but rather the time the virus has to wait before the user decides to open the e-mails. What does it matter if the virus is there 0.004246746 sooner or even 5 seconds (oohh gosh!) if the user decides to open his/her e-mail once every 5 minutes or perhaps even less! In the end it all comes down to the question on how we reach this target group of users that remain ignorent and blindly open attachments from unknown people. In my opinion the ISP's nor the goverment can be held responsible for this, we, the security community itself. Should find a way to educate even those users that seem not to be awakened even when virus alerts reach the 11 o'clock news. So that's just my 2 cents of ranting on this subject... thanks for listening Cheers, Jimmy InfoSec News wrote: > http://www.computerworld.com/securitytopics/security/story/0,10801,89897,00.html > > By Paul Roberts > FEBRUARY 05, 2004 > IDG NEWS SERVICE > > E-mail users who were slow to update their antivirus software last > week may have been surprised to receive a flood of e-mail messages > containing .zip files from long-lost acquaintances, business partners > and complete strangers. > > The e-mail was sent by the recent Mydoom e-mail worm. The zipped > attachments were evidence of what antivirus experts say is a new trend > in virus writing circles: using compressed .zip files to hide viruses > and elude detection by antivirus engines. > > Such files are containers for one or more compressed files. Using > programs like WinZip for Windows or Unzip for Unix, users compact > files they want to store or transfer to others. The files must then be > decompressed, or "unzipped," before they can be viewed. Long a staple > of Internet and office communications, the compressed .zip file has > become embroiled in an arms race between virus writers and antivirus > technology companies, experts said. > > "We're definitely seeing a trend," said Alex Shipp, an antivirus > technology expert at MessageLabs Ltd. "It really took off in 2003. As > soon as one virus was successful with technology like this, other > virus writers took notice." > > Virus authors learned long ago to hide their creations in e-mail file > attachments, often disguising viruses as Windows screen saver (.scr) > files or Windows program information (.pif) files, said Mike Hrabik, > chief technology officer at Solutionary Inc., a managed security > services company in Omaha. > > While .zip files were occasionally used to mask virus payloads, the > practice wasn't common in virus-writing circles because .zip files, > unlike .scr and .pif files, required separate software to be installed > on the receiving system before the files can be opened and run, he > said. > > All that changed with the release of Microsoft Corp.'s Windows XP > operating system, which included native support for opening .zip > files. According to Gerhard Eschelbeck of security vulnerability > scanning company Qualys Inc., embedded support for .zip files in > modern systems makes them a rich target for worms like Mydoom. > > In switching to .zip files, virus authors were also picking up on > trends in legitimate e-mail traffic to hide their own malicious > creations, Shipp said. "When corporations started blocking .exe > [executable] files to prevent viruses from coming into their > environment, people who wanted to send .exes back and forth started > zipping them before they sent them. Virus writers noticed that and > took advantage of it," he said. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Feb 10 2004 - 05:58:31 PST