Larry Seltzer to someone: > >>One thought occurs to me: we - or at any rate I - see comparatively > little zip encryption with current mailborne malware. If this matches > what people like Nick who are far more hands-on than I are seeing, it > suggests that the current crop of malware authors agree with you.
The only (natural) "encrypted" .ZIP malware attachments I see these days are very occaisonal samples of some very old, once-common mass- mailers that use this technique. In fact, in the last two years I've almost certainly seen more spam with pwd'ed .ZIP attachments (trying to get "adult content" past filters) than I have naturally produced pwd'ed malware .ZIPs (and that would only be 6-10 spams!). > Plus I see a lot of e-mail gateways automatically blocking encrypted > ZIPs by default. This, I think, is a large part of why the briefly popular use of pwd'ed .ZIPs in mass-mailers stopped (GMail even recently started blocking pwd'ed .ZIPs), though the previously mentioned move of malware authors from being motivated by the potential bragging rights as writer of the latest virus to make the front page of the NYT or to headline of CNN or whatever may also be a large part of it... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
