Watch out for .rar attachments.
Results 1 to 6 of 6

Thread: Watch out for .rar attachments.

  1. #1
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528

    Post Watch out for .rar attachments.

    From 'What's new at Ziff Davis'
    http://ct.eletters.whatsnewnow.com/r...-17779-0-0-0-1

    Perhaps the past few relatively attack-free months were just a lull. It feels that way today, coming back from a quick few days off, as I scan our headlines. A chilling new advance seems to be taking place. Eschewing more popular schemes for delivering files, malware writers have seized on a little-known but widely used scheme for downloading media files. It has proved quite popular. Our story details how these new viruses are bypassing virtually every anti-virus product on the market, and what you can do to stop them.
    Just as you begin to feel a little more secure ........... Along comes something else thats coming through the filters without being picked up.

    Anti-virus vendors have acknowledged the presence of viruses delivered as .rar files in the past few weeks and are scrambling to develop tools to identify and eradicate the malware.
    And here you find a knock on effect of the Spam with regard to DNS servers.

    The problem as written, is that the users are gradually accepting that .zip files are a no no, but
    the novelty of the .rar format is enough to fool some users.
    So, no surpises there then
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Gotta love those WatchGuard firewalls..... Just stripping all the potentially "nasty" content from incoming email....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    you said it TS! browsing threw the log files just kinda makes me feel all warm and fuzzy!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Junior Member
    Join Date
    Feb 2005
    Posts
    1
    Thanks for the heads up

  5. #5
    Junior Member
    Join Date
    Feb 2003
    Posts
    1
    Ouch!

    I've completely missed this attack.
    Thnx for sharing the news, Foxy

  6. #6
    Yup, I got a info.rar in my honeypot mail account. The only way the worm could have gotten the email addy was from blog scraping. The email was customized to look like it was from the Gmail team. It was password protected.

    However, clam didn't care and found it anyways

    Props to the Clam sig team!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides