.zip virus

intellix · 7 Apr 2009 at 20:44

is it possible to unleash a virus upon opening a zip file or only if theres some sort of executable inside?

Just that some guy was telling me how he had made an amazing virus then tries to send me a mybike.jpg.zip thats 1kb big so im like... its a .zip and you're telling me its 1kb big when compressed?

doubt it dude

then hes like oh sorry wrong file

mybike.jpg.zip which is 125kb big, which I wanna open to see if hes put a .exe in or perhaps leave it if it can be executed just by running .zip through some sort of security hole in zip files?

yhack · 7 Apr 2009 at 21:02

I'm pretty sure there will be a exe inside, probably something like "mybike.jpg.exe".
It might only show up as "mybike.jpg" if you have the extensions hidden.
I don't think you can make a exe run as soon as you open the .zip though.

Upload it to http://scanner.novirusthanks.org/ if you have any doubt.

intellix · 7 Apr 2009 at 21:28

I've submitted to that, which says it is clean and another to jotti which also says it is clean.... but aren't these just searching for known strains rather than new ones?

He was bragging he had made one himself so if that was the case, they wouldn't find anything.

But is it possible for the .zip to be a virus rather than contain a virus? I have extensions showing... really curious I want to confront him but I daren't have a look

yhack · 7 Apr 2009 at 22:23

Well now you've uploaded it to that, it will probably be sent to the antivirus companies and soon be detected

I really don't think a .zip can be a virus itself, it probably contains one, but I might be wrong.

Pho · 7 Apr 2009 at 22:31

If you email it me (signature) I'll have a go at disassembling it and working out what it does if you like

.

intellix · 8 Apr 2009 at 02:45

put it on my PC where I didn't care and it seemed safe... although I wonder what he's up to... said he wants to unleash it into uni so he can get a forced extension through the breaking of public and student computer/laptops :/ which is immoral but I think he's full of BS anyways... doubt hes capable of doing something like that.

Mattus · 8 Apr 2009 at 02:49

Run it inside a virtual machine with no network access, or send it to me and I'll do it

Pho · 8 Apr 2009 at 13:23

intellix said:
put it on my PC where I didn't care and it seemed safe... although I wonder what he's up to... said he wants to unleash it into uni so he can get a forced extension through the breaking of public and student computer/laptops :/ which is immoral but I think he's full of BS anyways... doubt hes capable of doing something like that.

Although it seems safe it doesn't mean it hasn't done something dodgy in the background

.

I'd laugh if he did that and left his name in the copyright info of the exe data.

daz · 8 Apr 2009 at 13:27

intellix said:
He was bragging he had made one himself so if that was the case, they wouldn't find anything.

Heuristics should generally identify any program that attempts to run code that exhibits "virus-like" behaviour.