[pcductape] Virus writers in malicious code hide-and-seek

  • From: "Pam" <ltf01@xxxxxxxxxx>
  • To: "pcductape" <pcductape@xxxxxxxxxxxxx>
  • Date: Mon, 8 Mar 2004 18:37:11 -0600


Virus writers in malicious code hide-and-seek
By John Leyden
Posted: 05/03/2004 at 13:48 GMT

A fresh angle of attack by virus writers is
challenging new anti-virus techniques.

The latest versions of the Bagle worm spreading this
week contain a malicious payload hidden in a
password-protected zip archive. This is the first
time the trick has been used to spread the virus in
the wild, though the ruse has been seen in lab copies
of viral code (e.g. Fearso), dating from last Summer.

The password-protected Zip archive technique enables
virus writers to hide malware in files which gateway
AV scanners normally can't open, so skipping one
layer of protection commonly used by many large

Conventional desktop AV scanners would still block
infection at the point a user unzips
password-protected viral files - assuming the correct
signature update is available - but it's obviously
desirable to stop malicious code reaching the user's
PC in the first place.

Read more here:
© The Register.

To unsubscribe from this list send an email to
pcductape-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by logging into the Web interface.  

To view the message archives simply go to: 
Take a look at our homepage at http://pcductape.freewebpage.org/

Other related posts:

  • » [pcductape] Virus writers in malicious code hide-and-seek