[Esd-l] Warning: some .ZIP attacks not being trapped
John D. Hardin
jhardin at impsec.org
Mon Jul 26 21:38:57 PDT 2004
All:
A couple of zipped worms just dropped into my mailbox. The base64
encoding looks really odd, and may be explicitly crafted to bypass
scanners, as it appears to exploit a weakness in the CPAN MIME::Base64
module *and* the mimencode program. I am investigating.
You may want to add "*.zip" to your poison list for a while.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The [assault weapons] ban is the moral equivalent of banning red
cars because they look too fast.
-- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
49 days until the "Scary-Looking Guns" ban expires
More information about the esd-l
mailing list