Beware -encrypted- attachments...
FYI...
- http://www.pcworld.com/printable/art...printable.html
May 03, 2007 ~ "Spammers have stepped up efforts to use -encrypted- attachments to evade filtering systems, service provider Email Systems has reported. The technique relies on the fact that many spam systems can't scan inside emails containing encrypted or password-protected attachment, and work out that they are not legitimate. Without a rule to block such attachments, most systems will pass on the email to recipients... In recent weeks, Email Systems detected a small but steady stream of such spam emanating from bot-compromised hosts, containing a zipped-up version of the pervasive 'Storm' bot-loading Trojan that plagued Internet users... The vast bulk of spam was now automated via bots, and this made finding new infection methods even more critical to the spam economy..."
- http://www.eweek.com/article2/0,1895,2125082,00.asp
May 2, 2007 ~ "...By crafting a large number of distinct variants of a virus and releasing them in short bursts, malware writers are able to release new variants before a signature or heuristics can be created to protect against the virus. At one point early this quarter, distributors of Storm/Nuwar malware released over 7,000 such variants in a single day, Commtouch officials said. The report also states that malware writers are adopting social engineering techniques common among spammers to lure victims into opening attachments..."
