[Esd-l] Warning: some .ZIP attacks not being trapped

John D. Hardin jhardin at impsec.org
Mon Jul 26 21:38:57 PDT 2004


A couple of zipped worms just dropped into my mailbox. The base64
encoding looks really odd, and may be explicitly crafted to bypass
scanners, as it appears to exploit a weakness in the CPAN MIME::Base64
module *and* the mimencode program. I am investigating.

You may want to add "*.zip" to your poison list for a while.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The [assault weapons] ban is the moral equivalent of banning red
  cars because they look too fast.
                                   -- Steve Chapman, Chicago Tribune
   49 days until the "Scary-Looking Guns" ban expires

More information about the esd-l mailing list