On Thursday 04 December 2003 10:58 am, jef moskot wrote:
> I've heard of a new strategy for spreading viruses/worms. The victim
> receives a message with an attached passworded zip file. The password is
> included in the text of the message.
>
> Granted, we should hope that our users should be educated enough to not
> fall for this, but if we had educated users in the first place, we
> wouldn't have so many people using Outlook.
>
> Any ideas for how to handle this situation?
One approach (very brute force, but a start perhaps?) would be to recognise a
password-encrypted zip file, and when one is found, attempt decryption using
each word in the body of the message it's attached to as the potential
password.
If one of them successfully decrypts the zip, it can then be scanned in the
normal way, if not then the password must be being sent to the recipient by
some other means (which anyone with a sense of security would be doing
anyway), so we can probably assume the content is okay.
I've no idea what sort of resource load this woiuld add to a machine, but
anyone got any better ideas (very welcome)?
Antony.
--
RTFM may be the appropriate reply, but please specify exactly which FM to R.
Please reply to the list;
please don't CC me.
-------------------------------------------------------
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
