[Dshield] door opener

Gary Porter gary.porter at matcomcorp.com
Fri Aug 24 21:58:52 GMT 2001


.zl9 is an extension that Zone Labs replaces .exe with so that the
executable can be safely quarantined and run (if desired) under controlled
conditions.

Gary R. Porter
Program Manager, CITS Mobile Training
MATCOM Corporation
757-838-0212 (w)
757-897-5830 (m)
gary.porter at matcomcorp.com

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On Behalf
Of David Sentelle
Sent: Friday, August 24, 2001 4:52 PM
To: dshield at dshield.org
Subject: Re: [Dshield] door opener



Speaking of ZoneAlarm and email viruses.  I recently got an email from a
spoofed email address with an attachment that had a .ZL9 attachment.  At
first I thought this was some sort of script for setting up a rule in my
ZoneAlarm which would open ports for a trojan, MS-networking, or some other
nefarious purpose.

Regardless of the fact that it's default association was with ZoneAlarm, it
was an EXE file, as I dragged it into notepad and saw the telltale 'This
program cannot be run in DOS mode' text in the first part of the file.

Anyone heard of anything like that?  If the odd .ZL9 extension peaks
anyone's interest I would be glad to forward it via means other than the
listserv.

Happy Weekend everyone!)



¯- Original message ¯-
Message: 3
From: "Samuel" <Samuel at socal.rr.com>
To: <dshield at dshield.org>
Subject: Re: [Dshield] door opener
Date: Fri, 24 Aug 2001 09:36:50 -0700
Reply-To: dshield at dshield.org

You say that you suspect that your system was intruded through email, and it
is my understanding that ZoneAlarm will protect us from that. ZoneAlarm's
purpose is as a firewall but it also has a feature that is effective on
email too. There are many other software that will shield us from intruders
attempting to get in through email.


----------------------------------------
David Sentelle
Network Operations Specialist
Commerce National Bank
614.334.6282 Voice    614.848.8830 Fax

"I.T. happens!)"

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to which they are addressed.
If you have received this e-mail in error, please notify admin at cnbcbank.com
and delete it from your system.

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list