"Folder Viruses"
Results 1 to 8 of 8

Thread: "Folder Viruses"

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    206

    "Folder Viruses"

    Today a friend was trying to tell me that you can get a virus from opening a zip file or a folder. Is that possible?
    It is better to die on your feet than to live on your knees.

  2. #2
    Inside the folder may be a virus, I think netsky or bagle hid themselves inside compressed zip files...

    The zip itself? Sorta...

    It would have to exploit the software being used to decompress the file. Winzip has had a vulnerability or 2 in the past...

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Jareds411

    Well yep there is, but the original is kinda old. The first alert was in 1999


    “Virus Alert!!! Zip file virus outbreak! 12/1/99”

    A potentially hazardous e-mail attachment virus has been found to be spreading quickly. This is a variation of the previously discovered W32/ExploreZip.worm virus that we warned you of earlier this year. It is particularly pervasive in corporate networks because of its method of spreading.

    WHO IS AT RISK?
    Users of Microsoft's Outlook, Outlook Express and Exchange e-mail programs are in the highest risk group.
    Here’s a link:

    http://www.support4free.com/question...on.cfm?id=2348

    One variant of it was the 42.zip (or commonly known as the: Hello.zip). A very small zip file that grows and will consume all empty space on your HDD.



    And of course there is the Java Cache Folder Viruses:

    Java Cache folder viruses

    Sophos reports that the Java cache folder in users profile contains viruses. That is the folder c:\documents and settings\username\JPI_cache\jar\1.0 contains the viruses Troj/Femad-B, Troj/ByteV-Fam and Troj/BytVrfy-A etc.

    This problem has been documented on the Sun website. For more information see

    http://java.com/en/download/help/cache_virus.jsp

    To delete infected files you can manually clear the java cache folder or use Sophos anti virus software to delete infected files.?
    Link:

    http://www.it.canterbury.ac.nz/resou...avacache.shtml


    Cheers
    Connection refused, try again later.

  4. #4
    Banned
    Join Date
    Jul 2004
    Posts
    297
    From my personal experience, I have seen a virus that was based of of a set of folders. The folders had names that contained international charters and charters that windows would not let you use when you named a folder manually. They were 3 tiers deep and if deleted would remanifeist in a diffrent location. After about 3 hours of trying to manually rid the system of that nastey little bugger, I succeded. fdisk, format, re-install, doo da doo da.

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    On the folder itself? Never dealt with one personally, however I'm sure they exist. I always thought that when using WinZip, if a file is detected that contains a virus it will trigger from there. But that is because of the content INSIDE the folder, not the actual folder itself.
    Space For Rent.. =]

  6. #6
    Banned
    Join Date
    Apr 2004
    Posts
    843
    Originally posted here by spamdies
    From my personal experience, I have seen a virus that was based of of a set of folders. The folders had names that contained international charters and charters that windows would not let you use when you named a folder manually.
    Charters is a word commonly used near air-lines and things. I beleave what you are referring to is an old 9x flaw involving invalid "characters". There was some malware out there that took advantage of this. Infact this was a common option in things such as the batch worm generator. The idea behind it was users would have trouble removing malware. The directories themselves are in no way the cause of viral problems. Stupid people are... as with almost everything else involving computers.

    As far as buffer overflows, you would be surprised how many programs accept input from a user, expecting just a file-path, yet have no limits in both length and what type of things people can input and store into memory. http://www.google.com/search?hl=en&i...uffer+overflow

  7. #7
    Banned
    Join Date
    Jul 2004
    Posts
    297
    yes charters is a word commanly used by airlines, i fat fingered that one. I looked op some of the alt codes used to make the charaters that were in the folder names. tried to add them to a folder myself and good old win98(you are correct) whined that international charaters were not allowed in a folder name. i guess one of your specialties is spell checking.

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Well yep there is, but the original is kinda old. The first alert was in 1999
    I am afraid that I was aware of the vulnerability long before then. Back in the days of Win3.1x actually. WinZip had a "feature" that allowed you to compress an executable such that it would run automatically on unzipping Naturally, it occurred to me that the executable could be malware so I have always been very careful with zipped files. Remember I am going back to the days when a lot of AVs couldn't scan within compressed files.

    I did have some (free) software that monitored Outlook, Outlook Express and WinZip and prevented executables from automatically running from within them. You have to download/save the file/folder and run the executable manually

    I will try to find a link and post it for you. Sorry you will have to cut & paste the address as edited links don't run automatically when you edit them into a post

    Cheers

    EDIT: http://www.mo-ware.com/freeware/index.html

    ALSO: http://www.analogx.com/welcome.htm

    Have a look around, there is a variety of freeware

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •