Re: wont install
On Thu, 2003-10-16 at 23:08, Roberto Sanchez wrote:
> Tom wrote:
> > On Thu, Oct 16, 2003 at 11:01:51PM -0400, Roberto Sanchez wrote:
> >
> >>stuart whittaker wrote:
> >>
> >>>file will unzip with winzip.
> >>>
> >>>
> >>
> >>Since the message was HTML generated with some M$ tool I would
> >>guess that the attachment contains a virus of some sort.
> >>Maybe we are witnessing fledgling attempts at social engineering
> >>to get Linux users download and execute viruses?
> >>
> >>Maybe I am just being paranoid. Anyone want to start a pool and
> >>take bets?
> >>
> >
> >
> > I was just thinking that since most people believe "executable
> > attachments bad; MSWord attachments bad" the smartest thing for virus
> > writers to do would be look for buffer exploits in apps and send docs
> > that exploit those. What if the mere act of unzipping a zip was the
> > attack vector? Since the Windows zip is now a DLL loaded in-process
> > with explorer.exe, that would be the way to go.
> >
> >
>
> Except that the attachment to the initial message was a .tgz, which
> Windows cannot handle without a third party app. Had it been a .zip,
> I would have immediately suspected what you said.
The OP says "file will unzip with winzip", so maybe it will.
However, I took the moment to save the file and look at it. Very
innocuous:
$ tar tvfz dbg_log.tgz
drwxr-xr-x root/root 0 2003-10-16 22:25:47 dbg_log//
-rw-r--r-- root/root 10908 2003-10-16 22:25:47 dbg_log/messages
-r--r--r-- root/root 372 2003-10-16 22:25:47 dbg_log/cpuinfo
-r--r--r-- root/root 2099 2003-10-16 22:25:47 dbg_log/pci
-r--r--r-- root/root 110 2003-10-16 22:25:47 dbg_log/cmdline
-r--r--r-- root/root 188 2003-10-16 22:25:47 dbg_log/partitions
-r--r--r-- root/root 145 2003-10-16 22:25:47 dbg_log/mounts
-r--r--r-- root/root 124 2003-10-16 22:25:47 dbg_log/version
-rw-r--r-- root/root 42 2003-10-16 22:25:47 dbg_log/fstab
-rw-r--r-- root/root 378 2003-10-16 22:25:47 dbg_log/hda.fdisk-dump
--
-----------------------------------------------------------------
Ron Johnson, Jr. ron.l.johnson@cox.net
Jefferson, LA USA
"The UN couldn't break up a cookie fight in a Brownie meeting."
Larry Miller
Reply to: