Home page logo

fulldisclosure logo Full Disclosure mailing list archives

From: "I.R. van Dongen" <vdongen () hetisw nl>
Date: Sat, 06 Mar 2004 19:04:48 +0100

http-equiv () excite com wrote:

Saturday, March 06, 2004

The seems to be a lot of excitement at the moment regarding .zip files and emails. What if the actual .zip file is the email or the email is the actual .zip file:

MIME-Version: 1.0 Content-Type: application/x-zip-compressed Content-Transfer-Encoding: binary
X-Source: 06.03.04 http://www.malware.com

PK  ¯.áSÃâ D malware.exeí•[Lf†_Qk ÇŽ#Ì002†á𪭵, €ˆUlQ

Working example:


How would this work?
afaik no emailsoftware will unpack a zip archive by default.
Even then, It has to be passwordless zip, and the zip will be unpacked by the virusscanner too.



Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]