sunder <sunder@sunder.net> wrote:
It attaches a zip file with a password containing an executable. (No worries, I've not run it, and only extracted it on a SPARC machine, so it can't use buffer overflows designed for intel in unzip -- if any exist.)
I believe it's called Bagle.J. Lots of people allow .zip files through their virus scanners if they're encrypted, since until now it was thought that no virus would encrypt the .zip file. In fact, one popular way of sending viruses/trojan horses/other malware to forensic mailing lists for analysis and discussion is by putting it inside an encrypted .zip file, preventing it from opening automatically or being identified by virus scanners and bounced. Clever clever. -- Riad Wahby rsw@jfet.org MIT VI-2 M.Eng