| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rms at computerbytesman.com (Richard M. Smith) Subject: A worm... This is the first worm that I am aware of that hides itself inside of a .ZIP file. This trick prevents the worm executable from being deleted by the Outlook Security Update. Looks like Microsoft will need to now think about how to deal with malicous code inside of attached .ZIP files. Outlook 2002 does provide a security warning when opening the .ZIP file. But everyone knows that .ZIP files are safe, right? I don't believe there is any security warning when running the .PIF file inside of the .ZIP, but I didn't try this particular experiment. ;-) Richard -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of KF Sent: Wednesday, June 25, 2003 9:11 PM To: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] A worm... I believe Simon is well aware of what virus this is... the question was in relation to the zipping of the payload. I believe he was wondering if this (zipping of payload) was some new Antivirus evasion trick or if there was something more to it (like simply hoping a retarded user would unzip and run the .pif). >>I know what it is, but since when did the pif worm start zipping itself? >>did I miss something? >> -KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists