Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [inbox] Re: Re: E-Mail viruses
From: "Patrick Nolan" <p.nolan () comcast net>
Date: Fri, 5 Mar 2004 19:27:13 -0800

Valdis.Kletnieks () vt edu

On Fri, 05 Mar 2004 13:36:10 CST, Curt Purdy said:

... Legitimate senders would rename the file, be it 
.exe .doc .jpg, indicate in the body of the message what the true 
extension is, and the receiver merely renames it...

So let's see.. the same bozos who read the text part of the 
virus, get the password, and use that to unzip the rest of 
the virus won't read the text part, get the rename to do, and.....

I was thinking a similar thought -- it's just the same bypass; renaming the
extension as using other text in the body to extract the attachment. In a
good scenario, the recipient checks with the sender via phone to verify what
was sent. 


Patrick Nolan

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]