|
Posted by Gabriele Neukam on November 24, 2005, 1:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On that special day, Uriel, (urielw@nospam.xyz) said...
> Here are some steps that you can take to help protect yourself from being
> affected by viruses distributed in Zip files:
There is already an error in this line. The vulnerability will be
abused by a *trojan horse function*, which of course may be *part* of a
self replicating file, which again is a *worm*. Viruses *insert*
themselves into other programs, and are started when running said
infected programs.
Exploiting a buffer overflow is not initiated by running an infected
program, it is an attack on badly implemented functions, often caused
by (consciuosly) malformed header informations in a prepared file.
Read for example
http://secunia.com/advisories/17420/
Gabriele Neukam
Gabriele.Spamfighter.Neukam@t-online.de
--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
|
|
Posted by Uriel on November 24, 2005, 2:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
In principle, something that properly fits the definition of a virus could
be distributed in a zip file. The problem with
> Here are some steps that you can take to help protect yourself from being
> affected by viruses distributed in Zip files:
is that it's ambiguous. "Distributed" how? "Distributed" in the sense that
the zip file contains an .exe which, when run, introduces a virus onto the
system?
You mention "The vulnerability." What IS winzip 8's vulnerability problem?
Is this actually documented anywhere?
On that special day, Uriel, (urielw@nospam.xyz) said...
> Here are some steps that you can take to help protect yourself from being
> affected by viruses distributed in Zip files:
There is already an error in this line. The vulnerability will be
abused by a *trojan horse function*, which of course may be *part* of a
self replicating file, which again is a *worm*. Viruses *insert*
themselves into other programs, and are started when running said
infected programs.
Exploiting a buffer overflow is not initiated by running an infected
program, it is an attack on badly implemented functions, often caused
by (consciuosly) malformed header informations in a prepared file.
Read for example
http://secunia.com/advisories/17420/
Gabriele Neukam
Gabriele.Spamfighter.Neukam@t-online.de
--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
|
|
Posted by Gabriele Neukam on November 25, 2005, 10:24 am
If you were Registered and logged in, you could reply and use other advanced thread options
> You mention "The vulnerability." What IS winzip 8's vulnerability problem?
> Is this actually documented anywhere?
This vulnerability is at first a theoretical one. I gave an example
below, you'll only have to follow the link.
If this isn't enough convincing, read
http://www.juniper.net/security/auto/vulnerabilities/vuln1977.html
and note the line
"Affected Products:
Microsoft Corporation Windows Various
WinZip International LLC WinZip 9.0 and before"
Solution: Install WinZip 9.01 or higher. How many people read this
advisory and will heed this advice?
This specific flaw would basically crash WinZip. But if someone finds
out where to place the code, that it will end in a working portion of
the ram, it might turn into a real danger.
Such things have happened before, as with
http://www.microsoft.com/technet/security/advisory/911302.mspx
And WinZip is spread wide enough, that someone might feel inclined to
test the possibilities of a WinZip worm.
Gabriele Neukam
Gabriele.Spamfighter.Neukam@t-online.de
--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
|
|
Posted by Robert Baer on November 26, 2005, 12:31 am
If you were Registered and logged in, you could reply and use other advanced thread options
> On that special day, Uriel, (urielw@nospam.xyz) said...
>
>
>>You mention "The vulnerability." What IS winzip 8's vulnerability problem?
>>Is this actually documented anywhere?
>
>
> This vulnerability is at first a theoretical one. I gave an example
> below, you'll only have to follow the link.
>
> If this isn't enough convincing, read
>
> http://www.juniper.net/security/auto/vulnerabilities/vuln1977.html
> and note the line
> "Affected Products:
> Microsoft Corporation Windows Various
> WinZip International LLC WinZip 9.0 and before"
>
> Solution: Install WinZip 9.01 or higher. How many people read this
> advisory and will heed this advice?
>
> This specific flaw would basically crash WinZip. But if someone finds
> out where to place the code, that it will end in a working portion of
> the ram, it might turn into a real danger.
>
> Such things have happened before, as with
>
> And WinZip is spread wide enough, that someone might feel inclined to
> test the possibilities of a WinZip worm.
>
>
> Gabriele Neukam
>
> Gabriele.Spamfighter.Neukam@t-online.de
>
>
Even Pkzip/unzip from Feb 1993?
|
|
Posted by Gabriele Neukam on November 26, 2005, 10:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Even Pkzip/unzip from Feb 1993?
No idea. They were specifically talking about WinZip, and other packers
aren't mentioned at all. Theoretically, I could try it with an
alternative archiver like ALzip or 7zip, but that required a machine
that is still needed afterwards, so I can't check it out.
Gabriele Neukam
Gabriele.Spamfighter.Neukam@t-online.de
--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
|
| Similar Threads | Posted | | Re: Can just opening a winzip file introduce virus? | November 24, 2005, 11:21 am |
| Re: Can just opening a winzip file introduce virus? | November 25, 2005, 10:09 am |
| Web pages keep opening up - Virus ? | August 13, 2005, 12:35 am |
| Task manager window is not opening : | January 13, 2007, 1:49 pm |
| Browser keeps opening unsolicited urls | June 11, 2008, 7:28 am |
| strange error message on opening page | October 5, 2008, 11:15 am |
| Is this Mac file a virus? | April 6, 2007, 9:37 pm |
| Can a PDF file contain a virus? | July 11, 2007, 3:08 am |
| Sample Virus Log File | September 9, 2005, 12:02 pm |
| help w/ unknown file- virus? | October 3, 2005, 11:41 am |
|
XML site map