On Tue, Jun 19, 2001 at 08:53:54PM +0200, Michel Arboi wrote: > --- Markus 'FvD' Weber <fvdat_private> a écrit : > > There is 42.zip out there, 42K total size, which consists of > > nested zip's and at the end a 4GB file (IIRC 6 levels deep, > > each level 17 'wide') ... kills most email virus checker. > > I did not know it existed. Altavista found this on > http://www.hanau.net/fgk/downloads/42.zip > > Why is this kind of attack not more common? I suspect that most filters > are vulnerable and yet, they are not listed as such (e.g. on > securityfocus). And companies continue to use them. This used to be really common with BBS's back in their day. The idea back then was to get a 1Gb file full of null charactors, compress it and upload it to the BBS, that way when the BBS's virus scanner (which also uncompressed the file) attempted to check the archive for viruses, it would either 1) consume all disk space, 2) keep the system busy for ages (some people ran 386's and 486's back then). The normal thing a user would do is upload the file and then hang up, which also leaves that dial-up line off-line while the virus scanner is checking the contents of the archive. -- Regards, Robert Davidson.
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 09:33:29 PDT