Re: [ISN] .zip files putting the zap on antivirus products

From: InfoSec News (isn@private)
Date: Wed Feb 11 2004 - 02:41:56 PST

  • Next message: InfoSec News: "[ISN] EEYE: Microsoft ASN.1 Library Bit String Heap Corruption"

    Forwarded from: Remco B. Brink <remco@private>
    
    <quote who="InfoSec News">
    > Forwarded from: KUIJPERS Jimmy <myemailaccount@private>
    > 
    > *.zip posses no real danger in my opinion. Winzip or similiar
    > software was installed on many end user systems anyway. Embeding
    > this functionality with Windows XP doesn't really increase the risk
    > of virusses spreading at all.
    > 
    > There are virusscanners that automaticly scan e-mails attachment,
    > including the contents of zip files.
    
    I'd call that a pretty dangerous thing, if you consider the following:
    
    The zipfile you find on this website [1] is a five-level nested
    zips-in-zips-in-zip archive. It is only 42KB large, but it expands to
    4.5 petabytes (that's 4.5 million gigabytes!) fully unpacked.
    
    My guess is that most antivirus programs will happily try to unfold it
    in all its glory.
    
    Is your machine swapping a lot now? 
    
    regards,
    Remco Brink
    
    [1] http://www.unforgettable.dk/42.zip
    
    -- 
                       Remco B. Brink -- QA / BW GS / CDTT
                 eating bandwith for breakfast at http://rc6.org
    
    Help! The paranoids are out to get me! 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Feb 11 2004 - 05:36:42 PST