Food for thought

[Peter Bonivart]

Marco Obaid wrote:
> Is it safe to assume that virus-writers are getting desperate, that they are
> resorting to compressing their damage AND password-protect it and send it to
> users? Have they exahusted all other means?

I have also thought about this and I wonder what their next step is
going to be.

They obviously want to send their attachments as executables for maximum
chance of successful infection but many filter those out even without
virus scanners and even the worst client of them all, Outlook, don't
execute them automatically anymore. Then they started sending their
attachments inside zips who usually goes through the filters and has to
be virus scanned with an updated signature to be detected. But Julian
now goes inside zips and allows us to block filenames in them so that
doesn't work anymore. So they have finally resorted to sending their
viruses in password protected zips but now we can block them too so how
are they going to go around this last obstacle?

I guess the real question is, how is it possible that there still is
users stupid enough to spread this? :-)

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2