[Esa-l] Re: Idea: Multiple extension detector

John D. Hardin jhardin at wolfenet.com
Sun Jun 11 08:20:32 PDT 2000

On Sat, 10 Jun 2000, Brett Glass wrote:

> This week, some skript kiddies attempted to spread a Trojan by
> disguising it as a movie file (.mpg.exe or .avi.exe, depending on
> who you ask). This suggests that a sanitizer should probaby detect
> such "double extensions" and treat them with extreme prejudice....

Not so new. All of the .VBS worms were written that way too.

Interesting idea. I don't think the current version could do it too
well, but there's a simple way to put that into your poisoned-files
list, assuming you don't want to poison *all* .EXE attachments:


I'll add that to the recommended list on the home page.


 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
   140 days until Daylight Savings Time ends

More information about the esd-l mailing list