Mobile menu

ZIP-files transporting Blaster.exe?
Thread poster: Mats Wiman

Mats Wiman  Identity Verified
Sweden
Local time: 21:20
Member (2000)
German to Swedish
+ ...

MODERATOR
Aug 14, 2003

Dear all,

I heard this from a colleague today:
He had been told by Microsoft Sweden and the supplier of his new computer that there is only one way of staying uncontaminated by this worm is:

DO NOT ACCEPT AND OPEN ZIP FILES

Reason: Antivirus programs cannot detect the worm wrapped inside a Zip file and therefore the rascal that created this virus chose exactly to make the worm creep into Zipfiles.

Now: Is there any truth in this?
Please ask your experts and tell us all because refusing to use Zip files would certainly change our working day.

(I am 'clean' but several programs of mine has been damaged. I hope this message does not constitute a risk for ProZ.com)

BR

Mats J C Wiman
Übersetzer/Translator/Traducteur/Traductor > swe
http://www.MatsWiman.com
http://www.Deutsch-Schwedisch.com
http://www.proz.com/translator/1749
(ProZ.com deu>swe & forum moderator)
eMail : MatsWiman@tele2.se
Street: Träsk 201
Post : S-872 97 Skog
Tel : +46-612-54112
Fax : +46-612-54181
Mobile: +46-70-5769797


Direct link Reply with quote
 

gianfranco  Identity Verified
Brazil
Local time: 18:20
Member (2001)
English to Italian
+ ...
zip files are checked by the antivirus utilities Aug 14, 2003

Mats,

I think the rumours that you mention are inaccurate. Several types of files (executable, Word, Excel, etc...) contained in a zip file can host a virus and all decent antivirus utilities will check their content.

The check happens when the zip file is opened and the content extracted, the files are moved into a temporary folder and there the antivirus checks them.
In other words, opening a zip file is one of many normal ways of accepting files, not different (from the system point of view) and not more dangerous than copying from other media or downloading from the Internet.

Moreover, not accepting and not opening any zip file would amount to halt our work, as they are essential in many exchanges, so the advice to not accept zip files is not very practical.

I would rather say: buy, install and keep updated a good antivirus software

Gianfranco

PS: posting on the forum is not
dangerous for the site, that's sure...





[Edited at 2003-08-15 08:02]


Direct link Reply with quote
 

Alexander Chisholm  Identity Verified
Local time: 21:20
Italian to English
+ ...
good common sense.. Aug 14, 2003

.. is not to open email attachments from anyone you don't know or of a type you do not normally receive.
Good common sense is always the best security policy.


Direct link Reply with quote
 

Mats Wiman  Identity Verified
Sweden
Local time: 21:20
Member (2000)
German to Swedish
+ ...

MODERATOR
TOPIC STARTER
Thanks Gianfranco! Aug 15, 2003

Your expertise carries weight with me.
I sincerely hope you're right.
No ZIPs would border on disaster for us so what you say is very enouraging.

BR

Mats


Direct link Reply with quote
 

Ralf Lemster  Identity Verified
Germany
Local time: 21:20
English to German
+ ...
W32.Blaster is different Aug 15, 2003

.. is not to open email attachments from anyone you don't know or of a type you do not normally receive.
Good common sense is always the best security policy.

I agree in principle, but this policy wouldn't have helped with the latest worm, since Blaster is not transmitted via an email attachment (which is why the ZIP archive issue is irrelevant here), but attacks directly via an open Internet connection.

Good luck, Ralf


Direct link Reply with quote
 

Mats Wiman  Identity Verified
Sweden
Local time: 21:20
Member (2000)
German to Swedish
+ ...

MODERATOR
TOPIC STARTER
Conventional wisdom sometimes isn't final Aug 16, 2003

Dear all,

My colleague riposted that your answers are well known as conventional wisdom in this field.
The NEW CHARACTERISTIC of theis worm is that it does not concur.

My question was a trifle unprecise: I did not ask for what you already know, I hoped that you would ask your suppliers and/or Microsoft about the truth "Do not open ZIP files!!"

TIA

Mats


Direct link Reply with quote
 
Suzanne Blangsted  Identity Verified
Local time: 12:20
Danish to English
+ ...
blaster Aug 16, 2003

Blaster enters through open ports on your computer (port 135 I believe). To close ports and prevent intrusion into your system, you need a firewall. I use ZoneAlarm Pro. This fire wall does NOT allow anything to go through that I don't want. This fire wall can be personalized, and the "stuff" you want to get through the firewall is checked before entering into your computer, Zip files included. Of course, I also have a program for virus protection, especially for e-mails.

Direct link Reply with quote
 

Mats Wiman  Identity Verified
Sweden
Local time: 21:20
Member (2000)
German to Swedish
+ ...

MODERATOR
TOPIC STARTER
Warning! The novelty is the stowaway characteristic Aug 16, 2003

Sorry to disturb but my colleague made the following test:
1. From his infected Computer 1 he sent a file he new was infected to his cleansed reformatted computer No 2
Result:Caught by his antivirus program (AVG)

2. He then sent the whole folder containing the infected file.
Result:Caught by his antivirus program.

3. He the zipped the folder and sent it.
Result: His antivirus program did not say anything! This is exactly what Dell and Microsoft had told him ! !

So please: Check with Dell, Microsoft and others who might know more than you - for the benefit of us all.

Mats


Direct link Reply with quote
 

Klaus Herrmann  Identity Verified
Germany
Local time: 21:20
Member (2002)
English to German
+ ...
Get a better antivirus program then. Aug 17, 2003

Mats Wiman wrote:

3. He the zipped the folder and sent it.
Result: His antivirus program did not say anything! This is exactly what Dell and Microsoft had told him ! !



I don't think anyone would claim that a ZIP file can't contain a virus. It's obvious that a ZIP file can *contain* a virus, but as with email attachments, the virus has to be activated. IOW if you scan the files after you unzipped the archives, the antivirus program ought to detect the virus. No harm done unless you'd be starting an self-executing archive. A self-executing archive is a program and it's obvious that a program needs to be scanned before launching it.

As for scanning ZIP files, all I can say is that my antivirus program is able to scan the files contained in a ZIP file as well. No need to bother Microsoft with that. Obviously the program your friend uses isn't able to scan into ZIPs or it isn't setup properly. The "Scan files in ZIP files" option can disabled in the setup of the AVG I am using.


Direct link Reply with quote
 

Mats Wiman  Identity Verified
Sweden
Local time: 21:20
Member (2000)
German to Swedish
+ ...

MODERATOR
TOPIC STARTER
Blast.exe is NEW and DIFFERENT Aug 17, 2003

Klaus Herrmann wrote:
IOW if you scan the files after you unzipped the archives, the antivirus program ought to detect the virus.


Provided the worm is in the files


As for scanning ZIP files, all I can say is that my antivirus program is able to scan the files contained in a ZIP file as well. No need to bother Microsoft with that. Obviously the program your friend uses isn\'t able to scan into ZIPs or it isn\'t setup properly. The \"Scan files in ZIP files\" option can disabled in the setup of the AVG I am using.


His is too, but does not detect this worm

Read what DELL and MICROSOFT said under the new thread:

http://www.proz.com/topic/13380

whereto the discussion has been moved.


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

ZIP-files transporting Blaster.exe?

Advanced search






SDL Trados Studio 2017 Freelance
The leading translation software used by over 250,000 translators.

SDL Trados Studio 2017 helps translators increase translation productivity whilst ensuring quality. Combining translation memory, terminology management and machine translation in one simple and easy-to-use environment.

More info »
CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use SDL Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs