Re: .zip files putting the zap on antivirus products

[InfoSec News <isn () c4i org>]

Forwarded from: Remco B. Brink <remco () rc6 org>

<quote who="InfoSec News">
> Forwarded from: KUIJPERS Jimmy <myemailaccount () fastmail fm>
>
> *.zip posses no real danger in my opinion. Winzip or similiar
> software was installed on many end user systems anyway. Embeding
> this functionality with Windows XP doesn't really increase the risk
> of virusses spreading at all.
>
> There are virusscanners that automaticly scan e-mails attachment,
> including the contents of zip files.

I'd call that a pretty dangerous thing, if you consider the following:

The zipfile you find on this website [1] is a five-level nested
zips-in-zips-in-zip archive. It is only 42KB large, but it expands to
4.5 petabytes (that's 4.5 million gigabytes!) fully unpacked.

My guess is that most antivirus programs will happily try to unfold it
in all its glory.

Is your machine swapping a lot now? 

regards,
Remco Brink

[1] http://www.unforgettable.dk/42.zip

-- 
                   Remco B. Brink -- QA / BW GS / CDTT
             eating bandwith for breakfast at http://rc6.org

Help! The paranoids are out to get me! 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.