Even better viruses

Lots of sites have bans on executable attachments. If you send them an .exe or .scr file, for example, the attachment will be removed from the email or the intended recipient won’t even get your email. Generally, they allowed you to send executables in .zip files. Or, put a password on the .zip file so that the virus scanner doesn’t even bother to look at it.

Of course, this is a hole. Just have your virus send out a passworded .zip file and include the password in the body of the email. Some users will still open the attachment and your virus will spread. That was my thought, anyway. The solution is to not allow any executables anywhere. You can still see filenames inside of an encrypted .zip file, so your email scanner can just look at the filenames and drop or block any executables even in the .zip file.

It seems that virus writers have finally gotten around to exploiting this. Some people are gullible enough to open anything. Evidently I’m in the addressbook of one of the most well-connected gullible people there is. Every time a new virus crops up, I get a few copies “from” well-known Perl hackers. I say “from” because, of course, the from address has been forged. Yesterday, I started getting emails that went something like this. This one is particularly clever:

  Dear  user of "Everybody.org" mailing system,    Our main mailing  server will be temporary  unavaible  for next two days,   to  continue receiving mail in these days you  have  to configure our  free  auto-forwarding service.    Advanced details  can  be found  in  attached file.    In order to read the attach you have to use the  following password: 33803.    Sincerely,     The  Everybody.org team                             http://www.everybody.org  [2. application/octet-stream; MoreInfo.zip]...    

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.