in case nobody else noticed it, there was a mail worm released today
Christopher Bird
seabird at msn.com
Thu Jan 29 14:06:46 UTC 2004
Please pardon my ignorance, but I am *mightily* confused.
In a message from Michel Py is the following:
<snip>
>
>
> > and ISTR one patch for Outlook 2000 that blocked
> > your ability to save executables was released)
>
> It default in Outlook XP and Outlook 2003, which has prompted large
> numbers of persons to download Winzip, which as not stopped worms to
be
> propagated as you pointed out.
>
> Michel.
The bit I don't get is how a zip file is created such that launching it
invokes winzip and then executes the malware. When I open a normal .zip
file, winzip opens a pane that shows me the contents. After that I can
extract a file or I can "doubleclick" on a file to open it - which if it
is executable will cause it to execute. I haven't seen a case where
simply opening a zip archive causes execution of something in its
contents unless it is a self extracting archive in which case it unzips
and executes, but doesn't have the .zip suffix.
Would anyone explain to me how this occurs (and if RTFM with a pointer
to the M is the best way, then so be it!)
Thanks in advance
Chris
More information about the NANOG
mailing list