DO NOT OPEN A SENT ZIP FILE ! Thread poster: Mats Wiman
|
|---|
Mats Wiman 
Sweden
Local time: 02:55
Member (2000)
German to Swedish
+ ...
In memoriam
I reiterate my question from
http://www.proz.com/topic/13330
The reason is simply that this is a very important and worrying question, that has found no final answer.
This happened to a Swedish colleague:
1. From his infected Computer 1 he sent a file he knew was infected by Blast.exe to his cleansed and reformatted computer No 2
Result: His antivirus pr... See more I reiterate my question from
http://www.proz.com/topic/13330
The reason is simply that this is a very important and worrying question, that has found no final answer.
This happened to a Swedish colleague:
1. From his infected Computer 1 he sent a file he knew was infected by Blast.exe to his cleansed and reformatted computer No 2
Result: His antivirus program (AVG) struck alarm and the threat was removed.
2. He then sent the whole folder containing the infected file.
Result: His antivirus program (AVG) struck alarm and the threat was removed.
3. He then ZIPPED the folder and sent it.
Result:
His antivirus program did NOT react and did NOT strike alarm!
This is exactly what Dell and Microsoft had told him coupled with the admonition:
DO NOT OPEN ZIP FILES!!
To be added: They also said "As far as we know there is no existing antivirus program, which catches the worm in such a package, but we know they're working on it"
So please: Check with Dell, Microsoft and others who might know more than you - for the benefit of us all. (After all, if I were a virus programmer I would certainly use the option to hide the worm in the ZIP package, not in the packaged files.)
Until the antivirus programmers have found a solution
I will not open a sent ZIP file
BR
Mats J C Wiman
Übersetzer/Translator/Traducteur/Traductor > swe
http://www.MatsWiman.com
http://www.Deutsch-Schwedisch.com
http://www.proz.com/translator/1749
(ProZ.com deu>swe & forum moderator)
eMail : [email protected]
Street: Träsk 201
Post : S-872 97 Skog
Tel : +46-612-54112
Fax : +46-612-54181
Mobile: +46-70-5769797
[Edited at 2003-08-17 08:55] ▲ Collapse
| | | | Klaus Herrmann
Germany
Local time: 02:55
Member (2002)
English to German
+ ...
| So what is supposed to happen? | Aug 17, 2003 |
Ok, so let's assume the worm is not detected when *in* the ZIP file. Fair enough, it wil be detected after the files have been decompressed. I don't see where the problem is:
1. Scan ZIP file for virii
2. Open ZIP file to see the contents.
3. Unpack to a temp directory
4. Scan files in temp directory
5. Copy files to target directory
6. Start programs/open files
I think this is a quite safe approach. If you're into high security stuff, you could run 1-... See more Ok, so let's assume the worm is not detected when *in* the ZIP file. Fair enough, it wil be detected after the files have been decompressed. I don't see where the problem is:
1. Scan ZIP file for virii
2. Open ZIP file to see the contents.
3. Unpack to a temp directory
4. Scan files in temp directory
5. Copy files to target directory
6. Start programs/open files
I think this is a quite safe approach. If you're into high security stuff, you could run 1-5 on a separate computer without any connection to other computers in your network and physically reconnect the computer only after the files turn out to be safe. OTOH, I trust you're familiar with the German expression "Mit Kanonen auf Spatzen" schießen.
Gruß
Klaus ▲ Collapse
| | | | Uldis Liepkalns
Latvia
Local time: 03:55
Member (2003)
English to Latvian
+ ...
| | Uncomplete test row | Aug 17, 2003 |
Mats Wiman wrote:
1. From his infected Computer 1 he sent a file he knew was infected by Blast.exe to his cleansed and reformatted computer No 2
Result: His antivirus program (AVG) struck alarm and the threat was removed.
2. He then sent the whole folder containing the infected file.
Result: His antivirus program (AVG) struck alarm and the threat was removed.
3. He then ZIPPED the folder and sent it.
Result:
His antivirus program did NOT react and did NOT strike alarm!
4. He should have unzipped the file to test whether his antivirus program (AVG) would have detected the virus then.
I think Norton does, but after your warning I would doublecheck and prepare my computer, if I would not use Win 98.
| | |
|
|
|
00000000 (X)
English to French
+ ...
| How to open a zip file safely | Aug 17, 2003 |
There are two ways to open a zip file safely:
1. If you have a full, up-to-date antivirus: Set your antivirus (in preferences) to scan compressed files. With my version of Norton Antivirus, this setting is below the general level of security setting.
2. If you don't have a worthwhile antivirus: Set up an account with Hotmail and forward your zipped files to your Hotmail account, then go to Hotmail, logon and click on the attachment to download it. It will automatically ... See more There are two ways to open a zip file safely:
1. If you have a full, up-to-date antivirus: Set your antivirus (in preferences) to scan compressed files. With my version of Norton Antivirus, this setting is below the general level of security setting.
2. If you don't have a worthwhile antivirus: Set up an account with Hotmail and forward your zipped files to your Hotmail account, then go to Hotmail, logon and click on the attachment to download it. It will automatically be scanned by McAfee and you will know whether the file is infected or not. It is very reliable: McAfee doesn't want to blow its showcase with lousy scanning.
All the best in your future and safer zip-opening. ▲ Collapse
| | | | Mats Wiman
Sweden
Local time: 02:55
Member (2000)
German to Swedish
+ ...
TOPIC STARTER In memoriam | The improbable is the criminal's best friend | Aug 17, 2003 |
Until we get more info from Microsoft, Dell, Norton... I'd just like to remind us all of the fact that:
If you want to commit a crime, the best way to to have the victim unprepared (e.g. the US on September 11) is to do the unexpected and above all, the highly improbable.
It was highly improbable or even unthinkable that someone should run a Boeing 747 head on into a building.
"It is highly improbable" that a worm could pose a threat the way it has in fact done. ... See more Until we get more info from Microsoft, Dell, Norton... I'd just like to remind us all of the fact that:
If you want to commit a crime, the best way to to have the victim unprepared (e.g. the US on September 11) is to do the unexpected and above all, the highly improbable.
It was highly improbable or even unthinkable that someone should run a Boeing 747 head on into a building.
"It is highly improbable" that a worm could pose a threat the way it has in fact done. Who says it wasn't planned - and solved how to - that the worm, once inside the PC being infected (via port 135) should creep into a ZIP folder being created, hiding among or between the zipped files and let itself be transported to the recipient of the ZIP file and then begin infecting the recipient's computer. Once in......
Why not two different ways of spreading itself?:
1. Via port 135 and
2. Via ZIP files
Quite an efficient way to multiply, don't you think.
Don't ask me how its 'ignited'.
Hopefully we'll find out soon and also find a water-tight solution.
BR
Mats
[Edited at 2003-08-17 13:24] ▲ Collapse
| | | | Klaus Herrmann
Germany
Local time: 02:55
Member (2002)
English to German
+ ...
| Even criminals can't make stones fall upwards | Aug 17, 2003 |
Any virus or worm or Trojan is perfectly harmless unless started. So, even if a nasty program hides within a ZIP file (which I continue to believe that it is conceivable, but highly unlikely), it needs to be started. If the archived files are scanned after unpacking, the virus will be found before it is launched.
Mats Wiman wrote:
If you want to commit a crime, the best way to to have the victim unprepared (e.g. the US on September 11)
[Edited at 2003-08-17 13:24]
With all due respect, comparing a worm that may cause a few IT problems to the 9-11 events is highly inappropriate and disrespectful to the victims of September 11th.
| | | | | It could work in a self-extracting zip-file | Aug 17, 2003 |
but I don't think so..
| | |
|
|
|
Suzanne Blangsted (X)
Local time: 17:55
Danish to English
+ ...
I got into the habit of safeguarding my PC extensively after having had a bad experience some years ago with the use of a good firewall and virus program, but also safeguarding against hidden virus in attachments. This "attachment habit" might be useful for somebody else, so I will pass it on. When I receive an attachment to an e-mail from a client (or for that matter anyone else), I transfer the file to a floppy and scan it with McAfee's virus scan. I use the iomega 100 MB "floppy" disc set-... See more I got into the habit of safeguarding my PC extensively after having had a bad experience some years ago with the use of a good firewall and virus program, but also safeguarding against hidden virus in attachments. This "attachment habit" might be useful for somebody else, so I will pass it on. When I receive an attachment to an e-mail from a client (or for that matter anyone else), I transfer the file to a floppy and scan it with McAfee's virus scan. I use the iomega 100 MB "floppy" disc set-up, so even very large files can be transferred before opening. After a zip attachment has been transferred and opened in this "floppy", I scan it with my McAfee antivirus program. I have as yet not found any virus with this process. ▲ Collapse
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » DO NOT OPEN A SENT ZIP FILE ! | TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
| | Trados Studio 2022 Freelance | The leading translation software used by over 270,000 translators.
Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop
and cloud solution, empowering you to work in the most efficient and cost-effective way.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
