funsec mailing list archives
RE: RE: funsec Office 2007 has 0 security issues
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 11 Apr 2007 02:29:46 +1200
Larry Seltzer to Valdis Kletnieks:
If they'll go to the effort of saving an encrypted .zip file, thenopening it with the provided password, they'll open a .doc file. I'm actually not convinced that the encrypted zip file technique was ever very successful. There's no way to prove it was. All those worms sent out in this way were also sent out in unencrypted form.
All? I think that's wrong. I'm fairly sure there were a few that only went out in pwded .ZIPs, but can't check just now. These were NOT the most successful ones of their era though. I can confirm (without offerring the details of the confidentially provided proof) that some of these pwded .ZIPs achieved the apparent aim of this technique -- getting past corporate policies that specifically allowed pwded .ZIP attachments _AND_ in at least a few cases got unpacked and run.
I've asked the malware companies about this over the years and never got an answer, and I think it's because they don't know, and they can't know.
I think you're right that using pwded .ZIP, per se, does not make mass- mailers notably more successful, but it will almost certainly (still) get a few instances of such a virus unpacked and run places it wouldn't otherwise, and once upon a time that increased the chance of what I call "the Boeing effect" coming into play... Anyway, this is mainly of academic interest now, as in general the attack scenario is no longer anything like the "get really big, really fast and don't worry about making lots of noise while doing it" approach that motivated the folk behind most of those viruses we are talking about here. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: funsec Office 2007 has 0 security issues Randall M (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Re: RE: funsec Office 2007 has 0 security issues Florian Weimer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 11)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 12)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 12)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 13)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 13)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 13)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Message not available
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 13)