?

Log in

No account? Create an account

fanf

« previous entry | next entry »
22nd Jan 2004 | 14:02
mood: amusedamused

Message from a member of the Computing Service who often deals with hacked Windows machines to the victim of a hack...

I hate to say this but our mail servers' virus scanning is now so
good that your that youe zipped attachment (even though it was zipped)
got removed. Would it be possible for you to send us a Zip disk or a CD
(or a floppy depending on size) via the UMS?

> This is an automated message from the University of Cambridge's
> central email virus filter.
>
> The original email attachment "hacker-trail.zip"
> was believed to be infected by a virus, so it has been deleted and
> replaced by this notice. For more information about the virus filter
> and advice on what to do about this message, see
> <http://www.cam.ac.uk/cs/email/scanner/virus.html>
>
> On Thu Jan 22 09:38:38 2004 the virus scanner said:
> hacker-trail.zip/LSASS.EXE Found application ServU-Daemon.
> hacker-trail.zip/CFGMON.EXE/CFGMON.EXE Found virus or variant New Malware.b !!!

| Leave a comment | Share

Comments {6}

Ross

from: crazyscot
date: 22nd Jan 2004 14:10 (UTC)

We have customers with obnoxious mail firewalls which don't let ordinary zip files through. At least one successfully defeated theirs by sending us a password-protected zip file containing the relevant logs...

Reply | Thread

Tony Finch

from: fanf
date: 22nd Jan 2004 14:25 (UTC)

We let zips through, but not if they contain evil stuff.

Reply | Parent | Thread

Steven J. Murdoch

from: sjmurdoch
date: 22nd Jan 2004 14:36 (UTC)

I wonder how long it will be before a worm will start sending out copies of itself in password encrypted zips, and include the password in the body of the email message. If done correctly this would make life very hard for virus scanners.

Reply | Thread

Tony Finch

from: fanf
date: 22nd Jan 2004 14:47 (UTC)

Already been done.

http://vil.nai.com/vil/content/v_100856.htm

Reply | Parent | Thread

Pete

from: pjc50
date: 22nd Jan 2004 16:24 (UTC)

Don't worry, trusted computing(TM) will solve this. You'll be able to send someone an encrypted WMA file that no application other than WMP will be able to decrypt - then buffer overrun its codec inside its curtained debugger-proof memory. Finally virus writers will get the protection from scanners that they've always wanted.

Reply | Thread

ewx

from: ewx
date: 22nd Jan 2004 20:43 (UTC)

A Fire Upon The Deep gets closer and closer, and we're not even in the Beyond.

Reply | Parent | Thread