From; PANDA Oxygen3 24h-365d: "Experience is not what happens to you. It is what you do with what happens to you." Aldous Huxley (1891-1963); British author. - Viruses inside compressed files: an avoidable risk - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, April 9 2004 - One of the tricks used by virus writers to drop malicious code on as many computers as possible is to compress the file that carries the virus using a widely used compression utility, such as WinZip. Today's Oxygen3 24h-365d report will focus on this technique and the way high-quality antiviruses can effectively protect users from that potential risk. Under normal circumstances, any high-quality antivirus program will have no problem scanning and disinfecting these types of files, provided that the user has configured it to do so. The problem, however, arises when these files are password-protected. When a password-protected compressed file reaches a computer, not even the antivirus protection can access it in order to scan its contents, as to decompress the file the user needs to enter a password to view the content. This is not usually a problem for a good antivirus solution, as if the compressed file is infected, it will detect it as soon as the user runs the file. This process, however, can cause problems in corporate networks, as even if the mail server has an updated antivirus installed, it cannot scan it and the infected file will therefore reach the workstations without any problems. If the workstations are protected against malicious code, the virus will not be able to carry out its infection, but imagine what would happen if they weren't. On the other hand, taking as an example several Bagle variants, which spread effectively through password-protected files, the result is that thousands of infected files can be passing through the server, considerably increasing network traffic. In extreme cases, they could even saturate the e-mail server, temporarily bringing it to a halt. The best solution for this is to have an antivirus with daily updates against new viruses and a 24h-365d technical support service that can solve any incidents as soon as possible. Following this philosophy and in order to effectively protect computers against the Bagle worm, Panda Software developed a specific detection routine for the password-protected compressed files generated by this worm. Besides, all Panda products include the option to automatically block these kinds of files, preventing these files from reaching the recipient. ------------------------------------------------------------ Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member