[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another round of viruses - encrypted this time

To: luci-discuss@luci.org
Subject: Re: Another round of viruses - encrypted this time
From: Todd Davis <tdavis@msfw.com>
Date: Wed, 03 Mar 2004 12:06:54 -0600
In-Reply-To: <1672159148.20040303115254@mygirlfriday.info>
Organization: MSF&W
Organization: Linux Users of Central Illinois
References: <200403031905.i23J5vS10963@web5.valuenet.net> <1672159148.20040303115254@mygirlfriday.info>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org

Unfortunately, since the virus scanner doesn't "know" the password, it
can't open the zip and ends up letting the attachment through.  

We had one come in here that said it was from our email gateway.  It
stated that there were changes in place and the user needed to follow
the attached directions.  Another user received one that appeared to
come from Yahoo support on her Yahoo account that stated that her
account was being used as a spam relay.

In both cases I manually scanned the zip file which did not show any
infections.  However, after unzipping the archive and scanning the
enclosed executable the virus was reported.

On Wed, 2004-03-03 at 11:52, Gary wrote:
> Hi Mike808,
> 
> On Wed, 3 Mar 2004 19:05:57 GMT UTC (3/3/2004, 1:05 PM -0600 UTC my time),
> mike808@users.sourceforge.net wrote:
> 
> m> I heard about another spate of new viruses, several of which are hiding
> m> themselves inside encrypted zip files.
> 
> interesting. Many virus scanners will open zip files and other attachments
> and run the scanners over these as well before allowing them in the system.
> Will be interesting to see if these are picked up.
> 
> m> Since in ordler to generate a new "signature", all they need to do is change the
> m> password, this will be quite difficult to deal with if your policy requires you
> m> to "let in" attachments.
> 
> m> For those that haven't seen them, they come through in a message like this:
> 
> >> Subject: Notify about your e-mail account utilization.
> 
> As long as the subject remains relatively the same, one could key/grep on
> part of it to quarantine.
> 
> 
> --
> Gary
> 
> TEAMWORK...means never having to take all the blame yourself.
> 
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
-- 
Todd Davis (tdavis@msfw.com)
Red Hat Certified Engineer (RHCE #807101281603181)

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: Another round of viruses - encrypted this time
  - From: Gary <gary-list-luci@mygirlfriday.info>
- Re: Another round of viruses - encrypted this time
  - From: Benjamin Story <bstory@bullets.net>

References:
- Another round of viruses - encrypted this time
  - From: mike808@users.sourceforge.net
- Re: Another round of viruses - encrypted this time
  - From: Gary <gary-list-luci@mygirlfriday.info>

Prev by Date: Re: Another round of viruses - encrypted this time
Next by Date: Re: Another round of viruses - encrypted this time
Prev by thread: Re: Another round of viruses - encrypted this time
Next by thread: Re: Another round of viruses - encrypted this time
Index(es):
- Date
- Thread