gnupg encrypted mail and malware/spam

Johan Wevers johanw@vulcan.xs4all.nl
Mon May 12 04:00:33 2003


Graham wrote:

> Encrypted code cannot be executed automatically,

Virusses that encrypt themselves with a random key and precede with
decryption code existed already in the late 1980's. If the method used isn't
known to the virus scanner you can't detect it, and it will at least fool
some heuristic scanners that scan for code that copies itself. However,
self-modifying code can be another trigger that's something is wrong. But
then, UPX and pklite packed executables might trigger an alarm too.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html