hackfix-virusnews: Virus writers in malicious code hide-and-seek
- From: "Christy" <snowz@xxxxxxxxxx>
- To: hackfix-virusnews@xxxxxxxxxxxxx
- Date: Mon, 08 Mar 2004 10:51:01 -0500
Virus writers in malicious code hide-and-seek
By John Leyden
Posted: 05/03/2004 at 13:48 GMT
A fresh angle of attack by virus writers is
challenging new anti-virus techniques.
The latest versions of the Bagle worm spreading this
week contain a malicious payload hidden in a
password-protected zip archive. This is the first
time the trick has been used to spread the virus in
the wild, though the ruse has been seen in lab copies
of viral code (e.g. Fearso), dating from last Summer.
The password-protected Zip archive technique enables
virus writers to hide malware in files which gateway
AV scanners normally can't open, so skipping one
layer of protection commonly used by many large
companies.
Conventional desktop AV scanners would still block
infection at the point a user unzips
password-protected viral files - assuming the correct
signature update is available - but it's obviously
desirable to stop malicious code reaching the user's
PC in the first place.
Read more here:
http://www.theregister.co.uk/content/55/36049.html
=A9 The Register.
~*~*~*~*~
To unsubscribe from our list send an email
to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.
For a complete list of email commands for our list send
an email to ecartis@xxxxxxxxxxxxx with a subject line of
"info hackfix-virusnews" without the quotes.
~*~*~*~*~
Other related posts:
- » hackfix-virusnews: Virus writers in malicious code hide-and-seek
