[virusinfo] Oxygen3 24h-365d [Viruses inside compressed files: an avoidable r isk - 04/09/04]

  • From: "Mike" <mikebike@xxxxxxxxx>
  • To: virusinfo@xxxxxxxxxxxxx
  • Date: Fri, 09 Apr 2004 13:07:42 -0700


From; PANDA Oxygen3 24h-365d:

"Experience is not what happens to you. 
             It is what you do with what happens to you."
              Aldous Huxley (1891-1963); British author.

         - Viruses inside compressed files: an avoidable risk -
   Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, April 9 2004 - One of the tricks used by virus writers to drop
malicious code on as many computers as possible is to compress the file that
carries the virus using a widely used compression utility, such as WinZip.
Today's Oxygen3 24h-365d report will focus on this technique and the way
high-quality antiviruses can effectively protect users from that potential
risk.

Under normal circumstances, any high-quality antivirus program will have no
problem scanning and disinfecting these types of files, provided that the
user has configured it to do so. The problem, however, arises when these
files are password-protected. When a password-protected compressed file
reaches a computer, not even the antivirus protection can access it in order
to scan its contents, as to decompress the file the user needs to enter a
password to view the content. This is not usually a problem for a good
antivirus solution, as if the compressed file is infected, it will detect it
as soon as the user runs the file.

This process, however, can cause problems in corporate networks, as even if
the mail server has an updated antivirus installed, it cannot scan it and
the infected file will therefore reach the workstations without any
problems. If the workstations are protected against malicious code, the
virus will not be able to carry out its infection, but imagine what would
happen if they weren't. On the other hand, taking as an example several
Bagle variants, which spread effectively through password-protected files,
the result is that thousands of infected files can be passing through the
server, considerably increasing network traffic. In extreme cases, they
could even saturate the e-mail server, temporarily bringing it to a halt.

The best solution for this is to have an antivirus with daily updates
against new viruses and a 24h-365d technical support service that can solve
any incidents as soon as possible. Following this philosophy and in order to
effectively protect computers against the Bagle worm, Panda Software
developed a specific detection routine for the password-protected compressed
files generated by this worm. Besides, all Panda products include the option
to automatically block these kinds of files, preventing these files from
reaching the recipient. 

------------------------------------------------------------

Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member

Other related posts:

  • » [virusinfo] Oxygen3 24h-365d [Viruses inside compressed files: an avoidable r isk - 04/09/04]
  1. Home
  2. virusinfo
  3. Archive
  4. 04-2004