bigc73542
March 11th, 2004, 11:40 PM
Link to story: http://www.publictechnology.net/modules.php?op=modload&name=News&file=article&sid=725
-{ Quote: "Security: Are decompression bombs about to hit your e-mail
Article by security specialist & PublicTechnology.net columnist mi2g:
Decompression bombs are starting to make the rounds in cyberspace and pose a rising digital risk. Decompression bombs are specially crafted files designed to be decompressed into much larger files with bogus content that consume the available space, effectively using up all the disk space on the machine running the anti-virus scans. Data compression often works by coding repeat units of data - for example a string like "aaaaaaaaaa" could be represented as "a10". The vulnerability of this process is that an attacker could send a file containing "a1000000000...", which could result in a massive denial of service if any attempt is made to put it through a decompression engine.
The rapid spread of new Bagle variants that propagate by inviting recipients of infected emails to open an encrypted Zip file and providing a password in the message body, have demonstrated quite conclusively that any attempts to educate the vast majority of computer users about the dangers of opening attachments are imperfect and mostly futile. The benefit for malware authors is that the encryption process scrambles the contents of the Zip file, making it difficult for email virus scanners to find the tell-tale viral signatures...
.
.
." }-
-{ Quote: "Security: Are decompression bombs about to hit your e-mail
Article by security specialist & PublicTechnology.net columnist mi2g:
Decompression bombs are starting to make the rounds in cyberspace and pose a rising digital risk. Decompression bombs are specially crafted files designed to be decompressed into much larger files with bogus content that consume the available space, effectively using up all the disk space on the machine running the anti-virus scans. Data compression often works by coding repeat units of data - for example a string like "aaaaaaaaaa" could be represented as "a10". The vulnerability of this process is that an attacker could send a file containing "a1000000000...", which could result in a massive denial of service if any attempt is made to put it through a decompression engine.
The rapid spread of new Bagle variants that propagate by inviting recipients of infected emails to open an encrypted Zip file and providing a password in the message body, have demonstrated quite conclusively that any attempts to educate the vast majority of computer users about the dangers of opening attachments are imperfect and mostly futile. The benefit for malware authors is that the encryption process scrambles the contents of the Zip file, making it difficult for email virus scanners to find the tell-tale viral signatures...
.
.
." }-