in case nobody else noticed it, there was a mail worm released today
Sam Stickland
sam_ml at spacething.org
Thu Jan 29 14:34:31 UTC 2004
Christopher Bird wrote:
> Please pardon my ignorance, but I am *mightily* confused.
> In a message from Michel Py is the following:
> <snip>
>>
>>
>>> and ISTR one patch for Outlook 2000 that blocked
>>> your ability to save executables was released)
>>
>> It default in Outlook XP and Outlook 2003, which has prompted large
>> numbers of persons to download Winzip, which as not stopped worms to
>> be propagated as you pointed out.
>>
>> Michel.
>
> The bit I don't get is how a zip file is created such that launching
> it invokes winzip and then executes the malware. When I open a normal
> .zip file, winzip opens a pane that shows me the contents. After that
> I can extract a file or I can "doubleclick" on a file to open it -
> which if it is executable will cause it to execute. I haven't seen a
> case where simply opening a zip archive causes execution of something
> in its contents unless it is a self extracting archive in which case
> it unzips and executes, but doesn't have the .zip suffix.
>
> Would anyone explain to me how this occurs (and if RTFM with a pointer
> to the M is the best way, then so be it!)
I don't think that was the point Michael was trying to make. I believe he
meant that MS stopped the ability to _even_ save executables attached to
emails to disk in some forms of Outlook, but this did nothing to stop the
spread of viruses. People simply sent executables as zipped files, which
people then had to extract to run. Dispite the fact that an external program
has to be used to get to to the executable, people still run them.
Sam
More information about the NANOG
mailing list