lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003401c33bd9$b8aa81f0$550ffea9@rms>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: A worm...

This is the first worm that I am aware of that hides itself inside of a
.ZIP file.  This trick prevents the worm executable from being deleted
by the Outlook Security Update.  Looks like Microsoft will need to now
think about how to deal with malicous code inside of attached .ZIP
files.  Outlook 2002 does provide a security warning when opening the
.ZIP file.  But everyone knows that .ZIP files are safe, right?  I don't
believe there is any security warning when running the .PIF file inside
of the .ZIP, but I didn't try this particular experiment. ;-)

Richard

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of KF
Sent: Wednesday, June 25, 2003 9:11 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] A worm...


I believe Simon is well aware of what virus this is... the question was 
in relation to the zipping of the payload. I believe he was wondering if

this (zipping of payload) was some new Antivirus evasion trick or if 
there was something more to it (like simply hoping a retarded user would

unzip and run the .pif).

>>I know what it is, but since when did the pif worm start zipping
itself?
>>did I miss something?
>>
-KF


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ