[65625] in North American Network Operators' Group
new nasty email virus trick to bypass scanners
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Wed Dec 3 17:20:46 2003
Date: Wed, 03 Dec 2003 17:24:19 -0500
To: nanog@nanog.org
From: Mike Tancsa <mike@sentex.net>
Errors-To: owner-nanog-outgoing@merit.edu
OK, here is a nasty virus trick. The message gets sent in a password
protected zip file. The text of the messages says here are my pics and
enter in the passwd xxxx to view the archive.
The big problem is that normal avscanners cannot open the zip file to scan
the contents since it is password protected.
However, the user can be easily socially engineered to open the file and
blam. The text of the message is nice and enticing making it look like
private email with dirty pictures accidentally sent to the user...
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
