|
-
September 17th, 2004, 11:41 PM
#1
"Folder Viruses"
Today a friend was trying to tell me that you can get a virus from opening a zip file or a folder. Is that possible?
It is better to die on your feet than to live on your knees.
-
September 18th, 2004, 12:45 AM
#2
Inside the folder may be a virus, I think netsky or bagle hid themselves inside compressed zip files...
The zip itself? Sorta...
It would have to exploit the software being used to decompress the file. Winzip has had a vulnerability or 2 in the past...
-
September 18th, 2004, 01:03 AM
#3
Jareds411
Well yep there is, but the original is kinda old. The first alert was in 1999
“Virus Alert!!! Zip file virus outbreak! 12/1/99”
A potentially hazardous e-mail attachment virus has been found to be spreading quickly. This is a variation of the previously discovered W32/ExploreZip.worm virus that we warned you of earlier this year. It is particularly pervasive in corporate networks because of its method of spreading.
WHO IS AT RISK?
Users of Microsoft's Outlook, Outlook Express and Exchange e-mail programs are in the highest risk group.
Here’s a link:
http://www.support4free.com/question...on.cfm?id=2348
One variant of it was the 42.zip (or commonly known as the: Hello.zip). A very small zip file that grows and will consume all empty space on your HDD.
And of course there is the Java Cache Folder Viruses:
Java Cache folder viruses
Sophos reports that the Java cache folder in users profile contains viruses. That is the folder c:\documents and settings\username\JPI_cache\jar\1.0 contains the viruses Troj/Femad-B, Troj/ByteV-Fam and Troj/BytVrfy-A etc.
This problem has been documented on the Sun website. For more information see
http://java.com/en/download/help/cache_virus.jsp
To delete infected files you can manually clear the java cache folder or use Sophos anti virus software to delete infected files.?
Link:
http://www.it.canterbury.ac.nz/resou...avacache.shtml
Cheers
Connection refused, try again later.
-
September 18th, 2004, 05:38 AM
#4
From my personal experience, I have seen a virus that was based of of a set of folders. The folders had names that contained international charters and charters that windows would not let you use when you named a folder manually. They were 3 tiers deep and if deleted would remanifeist in a diffrent location. After about 3 hours of trying to manually rid the system of that nastey little bugger, I succeded. fdisk, format, re-install, doo da doo da.
-
September 18th, 2004, 06:20 AM
#5
On the folder itself? Never dealt with one personally, however I'm sure they exist. I always thought that when using WinZip, if a file is detected that contains a virus it will trigger from there. But that is because of the content INSIDE the folder, not the actual folder itself.
-
September 18th, 2004, 06:23 AM
#6
Originally posted here by spamdies
From my personal experience, I have seen a virus that was based of of a set of folders. The folders had names that contained international charters and charters that windows would not let you use when you named a folder manually.
Charters is a word commonly used near air-lines and things. I beleave what you are referring to is an old 9x flaw involving invalid "characters". There was some malware out there that took advantage of this. Infact this was a common option in things such as the batch worm generator. The idea behind it was users would have trouble removing malware. The directories themselves are in no way the cause of viral problems. Stupid people are... as with almost everything else involving computers.
As far as buffer overflows, you would be surprised how many programs accept input from a user, expecting just a file-path, yet have no limits in both length and what type of things people can input and store into memory. http://www.google.com/search?hl=en&i...uffer+overflow
-
September 18th, 2004, 07:48 AM
#7
yes charters is a word commanly used by airlines, i fat fingered that one. I looked op some of the alt codes used to make the charaters that were in the folder names. tried to add them to a folder myself and good old win98(you are correct) whined that international charaters were not allowed in a folder name. i guess one of your specialties is spell checking. 
-
September 18th, 2004, 09:37 AM
#8
Well yep there is, but the original is kinda old. The first alert was in 1999
I am afraid that I was aware of the vulnerability long before then. Back in the days of Win3.1x actually. WinZip had a "feature" that allowed you to compress an executable such that it would run automatically on unzipping  Naturally, it occurred to me that the executable could be malware so I have always been very careful with zipped files. Remember I am going back to the days when a lot of AVs couldn't scan within compressed files.
I did have some (free) software that monitored Outlook, Outlook Express and WinZip and prevented executables from automatically running from within them. You have to download/save the file/folder and run the executable manually
I will try to find a link and post it for you. Sorry you will have to cut & paste the address as edited links don't run automatically when you edit them into a post 
Cheers
EDIT: http://www.mo-ware.com/freeware/index.html
ALSO: http://www.analogx.com/welcome.htm
Have a look around, there is a variety of freeware
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
