lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <002e01c40142$276e0ed0$a4096280@rhatch> From: r.hatch at eris.qinetiq.com (Richard Hatch) Subject: Re: Backdoor not recognised Further to the emails about parsing archive passwords from email messages... Regardless of how such parsing may take place, the stream of overflows in archive tools means that an attacker could craft malicious archive files that infect/backdoor the mail scanning system. Multiple emails could be sent, with each attached malicious archive targetting different archive technologies (e.g. rar, zip, gzip, ...). You might as well just execute any attached .exe file and see if it opens any ports. >Kaspersky, NAI and possibly some other AV-vendors now parse the password >from the body of the email to extract the zip and then scan it. >Obviously this only helps if it can scan the complete email i.e. on the >mailserver. They might need to adapt to new varitions of how the >password is included in the body, which will take some analysis when new >variants emerge. --- 'The mirrors have grown vast and beautiful and very very *hungry*' The views and comments expressed in this email are the personal views and opinions of the author and should in no way be considered an official statement/release of QinetiQ. Neither the author or QinetiQ can be held liable for actions taken based on the information contained within this email.
Powered by blists - more mailing lists