ZIP-files transporting Blaster.exe?
Thread poster: Mats Wiman
Mats Wiman
Mats Wiman  Identity Verified
Sweden
Local time: 16:18
Member (2000)
German to Swedish
+ ...
In memoriam
Aug 14, 2003

Dear all,

I heard this from a colleague today:
He had been told by Microsoft Sweden and the supplier of his new computer that there is only one way of staying uncontaminated by this worm is:

DO NOT ACCEPT AND OPEN ZIP FILES

Reason: Antivirus programs cannot detect the worm wrapped inside a Zip file and therefore the rascal that created this virus chose exactly to make the worm creep into Zipfiles.

Now: Is there any truth in this?... See more
Dear all,

I heard this from a colleague today:
He had been told by Microsoft Sweden and the supplier of his new computer that there is only one way of staying uncontaminated by this worm is:

DO NOT ACCEPT AND OPEN ZIP FILES

Reason: Antivirus programs cannot detect the worm wrapped inside a Zip file and therefore the rascal that created this virus chose exactly to make the worm creep into Zipfiles.

Now: Is there any truth in this?
Please ask your experts and tell us all because refusing to use Zip files would certainly change our working day.

(I am 'clean' but several programs of mine has been damaged. I hope this message does not constitute a risk for ProZ.com)

BR

Mats J C Wiman
Übersetzer/Translator/Traducteur/Traductor > swe
http://www.MatsWiman.com
http://www.Deutsch-Schwedisch.com
http://www.proz.com/translator/1749
(ProZ.com deu>swe & forum moderator)
eMail : [email protected]
Street: Träsk 201
Post : S-872 97 Skog
Tel : +46-612-54112
Fax : +46-612-54181
Mobile: +46-70-5769797
Collapse


 
gianfranco
gianfranco  Identity Verified
Brazil
Local time: 12:18
Member (2001)
English to Italian
+ ...
zip files are checked by the antivirus utilities Aug 14, 2003

Mats,

I think the rumours that you mention are inaccurate. Several types of files (executable, Word, Excel, etc...) contained in a zip file can host a virus and all decent antivirus utilities will check their content.

The check happens when the zip file is opened and the content extracted, the files are moved into a temporary folder and there the antivirus checks them.
In other words, opening a zip file is one of many normal ways of accepting files, not differen
... See more
Mats,

I think the rumours that you mention are inaccurate. Several types of files (executable, Word, Excel, etc...) contained in a zip file can host a virus and all decent antivirus utilities will check their content.

The check happens when the zip file is opened and the content extracted, the files are moved into a temporary folder and there the antivirus checks them.
In other words, opening a zip file is one of many normal ways of accepting files, not different (from the system point of view) and not more dangerous than copying from other media or downloading from the Internet.

Moreover, not accepting and not opening any zip file would amount to halt our work, as they are essential in many exchanges, so the advice to not accept zip files is not very practical.

I would rather say: buy, install and keep updated a good antivirus software

Gianfranco

PS: posting on the forum is not
dangerous for the site, that's sure...





[Edited at 2003-08-15 08:02]
Collapse


 
achisholm
achisholm
United Kingdom
Local time: 15:18
Italian to English
+ ...
good common sense.. Aug 14, 2003

.. is not to open email attachments from anyone you don't know or of a type you do not normally receive.
Good common sense is always the best security policy.


 
Mats Wiman
Mats Wiman  Identity Verified
Sweden
Local time: 16:18
Member (2000)
German to Swedish
+ ...
TOPIC STARTER
In memoriam
Thanks Gianfranco! Aug 15, 2003

Your expertise carries weight with me.
I sincerely hope you're right.
No ZIPs would border on disaster for us so what you say is very enouraging.

BR

Mats


 
Ralf Lemster
Ralf Lemster  Identity Verified
Germany
Local time: 16:18
English to German
+ ...
W32.Blaster is different Aug 15, 2003

.. is not to open email attachments from anyone you don't know or of a type you do not normally receive.
Good common sense is always the best security policy.

I agree in principle, but this policy wouldn't have helped with the latest worm, since Blaster is not transmitted via an email attachment (which is why the ZIP archive issue is irrelevant here), but attacks directly via an open Internet connection.

Good luck, Ralf


 
Mats Wiman
Mats Wiman  Identity Verified
Sweden
Local time: 16:18
Member (2000)
German to Swedish
+ ...
TOPIC STARTER
In memoriam
Conventional wisdom sometimes isn't final Aug 16, 2003

Dear all,

My colleague riposted that your answers are well known as conventional wisdom in this field.
The NEW CHARACTERISTIC of theis worm is that it does not concur.

My question was a trifle unprecise: I did not ask for what you already know, I hoped that you would ask your suppliers and/or Microsoft about the truth "Do not open ZIP files!!"

TIA

Mats


 
Suzanne Blangsted (X)
Suzanne Blangsted (X)  Identity Verified
Local time: 08:18
Danish to English
+ ...
blaster Aug 16, 2003

Blaster enters through open ports on your computer (port 135 I believe). To close ports and prevent intrusion into your system, you need a firewall. I use ZoneAlarm Pro. This fire wall does NOT allow anything to go through that I don't want. This fire wall can be personalized, and the "stuff" you want to get through the firewall is checked before entering into your computer, Zip files included. Of course, I also have a program for virus protection, especially for e-mails.

 
Mats Wiman
Mats Wiman  Identity Verified
Sweden
Local time: 16:18
Member (2000)
German to Swedish
+ ...
TOPIC STARTER
In memoriam
Warning! The novelty is the stowaway characteristic Aug 16, 2003

Sorry to disturb but my colleague made the following test:
1. From his infected Computer 1 he sent a file he new was infected to his cleansed reformatted computer No 2
Result:Caught by his antivirus program (AVG)

2. He then sent the whole folder containing the infected file.
Result:Caught by his antivirus program.

3. He the zipped the folder and sent it.
Result: His antivirus program did not say anything! This is exactly what Dell and Micros
... See more
Sorry to disturb but my colleague made the following test:
1. From his infected Computer 1 he sent a file he new was infected to his cleansed reformatted computer No 2
Result:Caught by his antivirus program (AVG)

2. He then sent the whole folder containing the infected file.
Result:Caught by his antivirus program.

3. He the zipped the folder and sent it.
Result: His antivirus program did not say anything! This is exactly what Dell and Microsoft had told him ! !

So please: Check with Dell, Microsoft and others who might know more than you - for the benefit of us all.

Mats
Collapse


 
Klaus Herrmann
Klaus Herrmann  Identity Verified
Germany
Local time: 16:18
Member (2002)
English to German
+ ...
Get a better antivirus program then. Aug 17, 2003

Mats Wiman wrote:

3. He the zipped the folder and sent it.
Result: His antivirus program did not say anything! This is exactly what Dell and Microsoft had told him ! !



I don't think anyone would claim that a ZIP file can't contain a virus. It's obvious that a ZIP file can *contain* a virus, but as with email attachments, the virus has to be activated. IOW if you scan the files after you unzipped the archives, the antivirus program ought to detect the virus. No harm done unless you'd be starting an self-executing archive. A self-executing archive is a program and it's obvious that a program needs to be scanned before launching it.

As for scanning ZIP files, all I can say is that my antivirus program is able to scan the files contained in a ZIP file as well. No need to bother Microsoft with that. Obviously the program your friend uses isn't able to scan into ZIPs or it isn't setup properly. The "Scan files in ZIP files" option can disabled in the setup of the AVG I am using.


 
Mats Wiman
Mats Wiman  Identity Verified
Sweden
Local time: 16:18
Member (2000)
German to Swedish
+ ...
TOPIC STARTER
In memoriam
Blast.exe is NEW and DIFFERENT Aug 17, 2003

Klaus Herrmann wrote:
IOW if you scan the files after you unzipped the archives, the antivirus program ought to detect the virus.


Provided the worm is in the files


As for scanning ZIP files, all I can say is that my antivirus program is able to scan the files contained in a ZIP file as well. No need to bother Microsoft with that. Obviously the program your friend uses isn\'t able to scan into ZIPs or it isn\'t setup properly. The \"Scan files in ZIP files\" option can disabled in the setup of the AVG I am using.


His is too, but does not detect this worm

Read what DELL and MICROSOFT said under the new thread:

http://www.proz.com/topic/13380

whereto the discussion has been moved.


 


To report site rules violations or get help, contact a site moderator:

Moderator(s) of this forum
Laureana Pavon[Call to this topic]

You can also contact site staff by submitting a support request »

ZIP-files transporting Blaster.exe?






TM-Town
Manage your TMs and Terms ... and boost your translation business

Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.

More info »
Trados Studio 2022 Freelance
The leading translation software used by over 270,000 translators.

Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop and cloud solution, empowering you to work in the most efficient and cost-effective way.

More info »