DO NOT OPEN A SENT ZIP FILE !
Thread poster: Mats Wiman

Mats Wiman  Identity Verified
Sweden
Local time: 01:10
Member (2000)
German to Swedish
+ ...

MODERATOR
Aug 17, 2003

I reiterate my question from
http://www.proz.com/topic/13330

The reason is simply that this is a very important and worrying question, that has found no final answer.

This happened to a Swedish colleague:

1. From his infected Computer 1 he sent a file he knew was infected by Blast.exe to his cleansed and reformatted computer No 2
Result: His antivirus program (AVG) struck alarm and the threat was removed.

2. He then sent the whole folder containing the infected file.
Result: His antivirus program (AVG) struck alarm and the threat was removed.

3. He then ZIPPED the folder and sent it.

Result:

His antivirus program did NOT react and did NOT strike alarm!
This is exactly what Dell and Microsoft had told him coupled with the admonition:

DO NOT OPEN ZIP FILES!!

To be added: They also said "As far as we know there is no existing antivirus program, which catches the worm in such a package, but we know they're working on it"


So please: Check with Dell, Microsoft and others who might know more than you - for the benefit of us all. (After all, if I were a virus programmer I would certainly use the option to hide the worm in the ZIP package, not in the packaged files.)

Until the antivirus programmers have found a solution
I will not open a sent ZIP file

BR

Mats J C Wiman
Übersetzer/Translator/Traducteur/Traductor > swe
http://www.MatsWiman.com
http://www.Deutsch-Schwedisch.com
http://www.proz.com/translator/1749
(ProZ.com deu>swe & forum moderator)
eMail : MatsWiman@tele2.se
Street: Träsk 201
Post : S-872 97 Skog
Tel : +46-612-54112
Fax : +46-612-54181
Mobile: +46-70-5769797

[Edited at 2003-08-17 08:55]


Direct link Reply with quote
 

Klaus Herrmann  Identity Verified
Germany
Local time: 01:10
Member (2002)
English to German
+ ...
So what is supposed to happen? Aug 17, 2003

Ok, so let's assume the worm is not detected when *in* the ZIP file. Fair enough, it wil be detected after the files have been decompressed. I don't see where the problem is:
1. Scan ZIP file for virii
2. Open ZIP file to see the contents.
3. Unpack to a temp directory
4. Scan files in temp directory
5. Copy files to target directory
6. Start programs/open files
I think this is a quite safe approach. If you're into high security stuff, you could run 1-5 on a separate computer without any connection to other computers in your network and physically reconnect the computer only after the files turn out to be safe. OTOH, I trust you're familiar with the German expression "Mit Kanonen auf Spatzen" schießen.
Gruß
Klaus


Direct link Reply with quote
 

Uldis Liepkalns  Identity Verified
Latvia
Local time: 02:10
Member (2003)
English to Latvian
+ ...
Kaspersky Antivirus Aug 17, 2003

does cath dangeros codes in packed files.
I do not know about other antiviruses, but please see http://www.kaspersky.com/buyonline.html?info=26

Uldis


Direct link Reply with quote
 

Harry Bornemann  Identity Verified
Mexico
English to German
+ ...
Uncomplete test row Aug 17, 2003

Mats Wiman wrote:
1. From his infected Computer 1 he sent a file he knew was infected by Blast.exe to his cleansed and reformatted computer No 2
Result: His antivirus program (AVG) struck alarm and the threat was removed.

2. He then sent the whole folder containing the infected file.
Result: His antivirus program (AVG) struck alarm and the threat was removed.

3. He then ZIPPED the folder and sent it.

Result:

His antivirus program did NOT react and did NOT strike alarm!

4. He should have unzipped the file to test whether his antivirus program (AVG) would have detected the virus then.

I think Norton does, but after your warning I would doublecheck and prepare my computer, if I would not use Win 98.


Direct link Reply with quote
 
xxx00000000
English to French
+ ...
How to open a zip file safely Aug 17, 2003

There are two ways to open a zip file safely:

1. If you have a full, up-to-date antivirus: Set your antivirus (in preferences) to scan compressed files. With my version of Norton Antivirus, this setting is below the general level of security setting.

2. If you don't have a worthwhile antivirus: Set up an account with Hotmail and forward your zipped files to your Hotmail account, then go to Hotmail, logon and click on the attachment to download it. It will automatically be scanned by McAfee and you will know whether the file is infected or not. It is very reliable: McAfee doesn't want to blow its showcase with lousy scanning.

All the best in your future and safer zip-opening.


Direct link Reply with quote
 

Mats Wiman  Identity Verified
Sweden
Local time: 01:10
Member (2000)
German to Swedish
+ ...

MODERATOR
TOPIC STARTER
The improbable is the criminal's best friend Aug 17, 2003

Until we get more info from Microsoft, Dell, Norton... I'd just like to remind us all of the fact that:

If you want to commit a crime, the best way to to have the victim unprepared (e.g. the US on September 11) is to do the unexpected and above all, the highly improbable.
It was highly improbable or even unthinkable that someone should run a Boeing 747 head on into a building.

"It is highly improbable" that a worm could pose a threat the way it has in fact done. Who says it wasn't planned - and solved how to - that the worm, once inside the PC being infected (via port 135) should creep into a ZIP folder being created, hiding among or between the zipped files and let itself be transported to the recipient of the ZIP file and then begin infecting the recipient's computer. Once in......

Why not two different ways of spreading itself?:

1. Via port 135 and
2. Via ZIP files

Quite an efficient way to multiply, don't you think.

Don't ask me how its 'ignited'.

Hopefully we'll find out soon and also find a water-tight solution.

BR

Mats

[Edited at 2003-08-17 13:24]


Direct link Reply with quote
 

Klaus Herrmann  Identity Verified
Germany
Local time: 01:10
Member (2002)
English to German
+ ...
Even criminals can't make stones fall upwards Aug 17, 2003

Any virus or worm or Trojan is perfectly harmless unless started. So, even if a nasty program hides within a ZIP file (which I continue to believe that it is conceivable, but highly unlikely), it needs to be started. If the archived files are scanned after unpacking, the virus will be found before it is launched.

Mats Wiman wrote:

If you want to commit a crime, the best way to to have the victim unprepared (e.g. the US on September 11)

[Edited at 2003-08-17 13:24]


With all due respect, comparing a worm that may cause a few IT problems to the 9-11 events is highly inappropriate and disrespectful to the victims of September 11th.


Direct link Reply with quote
 

Harry Bornemann  Identity Verified
Mexico
English to German
+ ...
It could work in a self-extracting zip-file Aug 17, 2003

but I don't think so..

Direct link Reply with quote
 
Suzanne Blangsted  Identity Verified
Local time: 16:10
Danish to English
+ ...
zip files Aug 18, 2003

I got into the habit of safeguarding my PC extensively after having had a bad experience some years ago with the use of a good firewall and virus program, but also safeguarding against hidden virus in attachments. This "attachment habit" might be useful for somebody else, so I will pass it on. When I receive an attachment to an e-mail from a client (or for that matter anyone else), I transfer the file to a floppy and scan it with McAfee's virus scan. I use the iomega 100 MB "floppy" disc set-up, so even very large files can be transferred before opening. After a zip attachment has been transferred and opened in this "floppy", I scan it with my McAfee antivirus program. I have as yet not found any virus with this process.

Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

DO NOT OPEN A SENT ZIP FILE !

Advanced search






WordFinder
The words you want Anywhere, Anytime

WordFinder is the market's fastest and easiest way of finding the right word, term, translation or synonym in one or more dictionaries. In our assortment you can choose among more than 120 dictionaries in 15 languages from leading publishers.

More info »
BaccS – Business Accounting Software
Modern desktop project management for freelance translators

BaccS makes it easy for translators to manage their projects, schedule tasks, create invoices, and view highly customizable reports. User-friendly, ProZ.com integration, community-driven development – a few reasons BaccS is trusted by translators!

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search