February 2nd, 2005, 10:39 PM
Watch out for .rar attachments.
From 'What's new at Ziff Davis'
Just as you begin to feel a little more secure ........... Along comes something else thats coming through the filters without being picked up.
Perhaps the past few relatively attack-free months were just a lull. It feels that way today, coming back from a quick few days off, as I scan our headlines. A chilling new advance seems to be taking place. Eschewing more popular schemes for delivering files, malware writers have seized on a little-known but widely used scheme for downloading media files. It has proved quite popular. Our story details how these new viruses are bypassing virtually every anti-virus product on the market, and what you can do to stop them.
And here you find a knock on effect of the Spam with regard to DNS servers.
Anti-virus vendors have acknowledged the presence of viruses delivered as .rar files in the past few weeks and are scrambling to develop tools to identify and eradicate the malware.
The problem as written, is that the users are gradually accepting that .zip files are a no no, but
So, no surpises there then
the novelty of the .rar format is enough to fool some users.
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
February 2nd, 2005, 11:03 PM
Gotta love those WatchGuard firewalls..... Just stripping all the potentially "nasty" content from incoming email....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
February 2nd, 2005, 11:41 PM
you said it TS! browsing threw the log files just kinda makes me feel all warm and fuzzy!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
February 3rd, 2005, 02:22 PM
February 10th, 2005, 11:06 PM
I've completely missed this attack.
Thnx for sharing the news, Foxy
February 10th, 2005, 11:29 PM
Yup, I got a info.rar in my honeypot mail account. The only way the worm could have gotten the email addy was from blog scraping. The email was customized to look like it was from the Gmail team. It was password protected.
However, clam didn't care and found it anyways
Props to the Clam sig team!