{"id":6,"date":"2005-03-02T04:17:46","date_gmt":"2005-03-02T08:17:46","guid":{"rendered":"http:\/\/blogs.law.harvard.edu\/zeroday\/2005\/03\/02\/fbi-spam-contains-trojan-and-the-futu"},"modified":"2005-03-02T04:17:46","modified_gmt":"2005-03-02T08:17:46","slug":"fbi-spam-contains-trojan-and-the-future-of-spam-detection","status":"publish","type":"post","link":"https:\/\/archive.blogs.harvard.edu\/zeroday\/2005\/03\/02\/fbi-spam-contains-trojan-and-the-future-of-spam-detection\/","title":{"rendered":"FBI Spam contains trojan and the future of spam detection"},"content":{"rendered":"<p><a name='a7'><\/a><\/p>\n<p><P><FONT face=\"Arial\" size=\"2\">I had actually seen this email a few times in some of my spam catches.&nbsp; The &#8220;come on&#8221; is that the FBI has been monitoring the sites you visit and here is a list of the naughty ones.&nbsp; It had never occured to me that the FBI would have a statement regarding this.&nbsp; As it turns out the press room issued a statement regarding the monitoring of peoples personal surfing habits.<\/FONT><\/P><br \/>\n<P><FONT face=\"Arial\" size=\"2\"><EM>Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner.<\/EM>&nbsp; <\/FONT><\/P><br \/>\n<P><FONT face=\"Arial\" size=\"2\">That didn&#8217;t have anything to do with whether they are watching or not.&nbsp; Of course not because they can and do watch.&nbsp; The fear of this Big Brother reality likely caused many people to open up the attachement.&nbsp; It was likely a .zip overflow or a trojan hidden inside the archive file.&nbsp; The latter seems to be a very popular method of skirting through anti virus devices.&nbsp; Many companies these days install large devices on the perimeter of the network to capture the virii and trojans before they even hit the mailbox.&nbsp; This method allows them to smuggle the payload past the inspecting devices by packaging the malicious code in .zip or .rar files.&nbsp; There is a huge performance issue to consider if every single .zip file is inspected.&nbsp; Even worse, some of the virii are smart enough to password protect their .zip files and put the instructions to open them in the message itself.&nbsp; <\/FONT><\/P><br \/>\n<P><FONT face=\"Arial\" size=\"2\">This is why I believe the advocates of S\/MIME and S\/POP and other encrypted email standards will face very stiff opposition.&nbsp; If we encrypt all the email messages then we can&#8217;t search them for virii!&nbsp; This would also create a utopia for spammers since their Viagra laden messages would slip by as well.&nbsp; <\/FONT><\/P><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I had actually seen this email a few times in some of my spam catches.&nbsp; The &#8220;come on&#8221; is that the FBI has been monitoring the sites you visit and here is a list of the naughty ones.&nbsp; It had never occured to me that the FBI would have a statement regarding this.&nbsp; As it [&hellip;]<\/p>\n","protected":false},"author":214,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-6","post","type-post","status-publish","format-standard","hentry"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts\/6","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/users\/214"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/comments?post=6"}],"version-history":[{"count":0,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts\/6\/revisions"}],"wp:attachment":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/media?parent=6"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/categories?post=6"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/tags?post=6"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}