RE: RE: funsec Office 2007 has 0 security issues

[Nick FitzGerald <nick () virus-l demon co uk>]

Larry Seltzer to Valdis Kletnieks:

> > > If they'll go to the effort of saving an encrypted .zip file, then
> opening it with the provided password, they'll open a .doc file. 
>
> I'm actually not convinced that the encrypted zip file technique was
> ever very successful. There's no way to prove it was. All those worms
> sent out in this way were also sent out in unencrypted form.

All?

I think that's wrong.  I'm fairly sure there were a few that only went 
out in pwded .ZIPs, but can't check just now.  These were NOT the most 
successful ones of their era though.  I can confirm (without offerring 
the details of the confidentially provided proof) that some of these 
pwded .ZIPs achieved the apparent aim of this technique -- getting past 
corporate policies that specifically allowed pwded .ZIP attachments 
_AND_ in at least a few cases got unpacked and run.

> I've asked the malware companies about this over the years and never got
> an answer, and I think it's because they don't know, and they can't
> know.

I think you're right that using pwded .ZIP, per se, does not make mass-
mailers notably more successful, but it will almost certainly (still) 
get a few instances of such a virus unpacked and run places it wouldn't 
otherwise, and once upon a time that increased the chance of what I 
call "the Boeing effect" coming into play...

Anyway, this is mainly of academic interest now, as in general the 
attack scenario is no longer anything like the "get really big, really 
fast and don't worry about making lots of noise while doing it" 
approach that motivated the folk behind most of those viruses we are 
talking about here.


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.