Vulnerability Development mailing list archives

password-protected zip files (was RE: Administrivia #8704)

From: Michael.Wojcik () MERANT COM (Michael Wojcik)
Date: Sun, 7 May 2000 11:34:07 -0700

-----Original Message-----
From: Blue Boar [mailto:BlueBoar () THIEVCO COM]
Sent: Saturday, May 06, 2000 1:19 PM

Moderation over the last couple days:  In the last two days,
I've received about 2000 emails... the vast majority of
which were bounces, errors, and mail gateways with virus
scanners informing me that I sent out a "virus".  Yeah,
thanks for the info. :)  That means in the future, I will
be trying to do a better job encapsulating bad code to
avoid setting those off, for the sake of my mailbox.  The
zip with a password seemed pretty good... only a couple
gateways refused to let in a zip that they couldn't open.


Ouch.  How long before we have a worm packaged in a password-protected zip
with the password in the message?  Anyone want to bet that minimal social
engineering won't have a zillion users falling for that?

Sample message text:

        Here's the document you requested.  Legal insists on making this
        "confidential" so it has to be in a password-protected ZIP file.
        Password is just your email ID (everything before the "@").

Implementation is left as an exercise for the moderately competent,
unimaginative cracker.  Of course, using a fixed password would be even
easier; the variant password is just a bell and/or whistle.

(Actually, the "you requested" bit is getting a bit tired.  I recommend
"Sorry this is so late...  Following up on last week's phone call, here's my
latest thoughts."  That should be suitably vague.  Also, let's cut down on
the multiple copies per recipient - a dead giveaway for anyone with two
neurons to rub together - by only sending the messages to, say, 10
randomly-chosen recipients in each address list.  Not that I'm advocating
doing this, of course.  Every time something like this happens, I get half a
dozen 500 KB messages from the rocket scientists in my IT department telling
me about it.)

Michael Wojcik             michael.wojcik () merant com
MERANT
Department of English, Miami University

Current thread:

Re: I love you Author evidence ?, (continued)
- Re: I love you Author evidence ? Jordan Dimov (May 07)
  - Re: I love you Author evidence ? Thierry (Apr 07)
    - Re: I love you Author evidence ? Elaine -HFB- Ashton (May 07)
    - Re: I love you Author evidence ? Roelof Temmingh (May 07)
    - Re: I love you Author evidence ? Martin Ixter (May 07)
    - Re: I love you Author evidence ? Blue Boar (May 07)
    - Re: I love you Author evidence ? Drexx Laggui (May 07)
    - Re: I love you Author evidence ? Bobcat Felidae (May 09)
    - Re: I love you Author evidence ? Sen_Ml Sen_Ml (May 09)
    - Re: I love you Author evidence ? Erik Debill (May 07)
    - password-protected zip files (was RE: Administrivia #8704) Michael Wojcik (May 07)
    - Re: I love you Author evidence ? Christofer C. Bell (May 07)
    - Re: I love you Author evidence ? Trevor Schroeder (May 07)
    - Re: I love you Author evidence ? Lynn Baier (May 07)
    - Windows NT 4.0 and Sendmail 3.0.1 for NT Brian DuRoss (May 08)
    - Re: I love you Author evidence ? White Vampire (May 08)
    - If virii are so dangerous, why is the internet still runing? Christopher Dinsmore (May 07)
  - Re: I love you Author evidence ? Joe (May 07)
    - Re: I love you Author evidence ? Blue Boar (May 07)
- Re: I love you Author evidence ? Sachs, Marcus (May 08)
- Re: I love you Author evidence ? Harmer, Mike (May 09)

(Thread continues...)