From: Alex Nunes <alex@venus.co.uk>
May be it's another good times type hoax,
on the one it looks apple mac-ish:
> > x-mac-type="705A4950"; x-mac-creator="705A4950"
yet:
> >Content-Type: application/zip; name="4dtime40.zip";
is zip used in the mac world? how many mac users have zip decompression
software?
If this were a virus, wouldn't it be another mime type? Not that one
shouldn't be wary.
What you say makes sense. If I wanted to virus a DOS community I
would not send a .zip enclosure, but pretend to be a self-exploding
archive packaged up with Pkzip which would be a .exe like any
other virus carrier.
Native Mac encoded binaries mostly use the Stuffit .hqx
conversion and not .zip which is the dominant conversion in
DOSland. Of course, MacTryHarder means that there is probably
.zip conversion on Macs more than you will find .hqx unpackers
on DOS.
To embed a virus in a .zip file you either have to exploit a
weakness in Pkzip or then convince the user to run YetAnotherFile
extracted from the .zip archive. Perchance that's the way to
lull your victims into carelessness. But the usual virus
strategy is to require only _one_ misstep by the victim. I got
bit by a Microsoft Word virus, and for it to install itself you
had to punch the button on one innocuous but irregular dialog
box.
SOMEwhere there is a 'Net bomb squad with virusproof environments in
which to explode these things, no? There is at least one such group
at LLNL.
Al Gilman
References:
|
|
