stason.org logo Articles / TULARC / Security / Computer viruses / lotus


previous page: 10) Does anyone know about The AOLgold virus?page up: Computer viruses FAQnext page: 10) Does anyone know about xyz PC virus?

10) Does anyone know about the PKZip trojan virus?

stason.org

 Articles


 Development


 Books


 Teaching


 Photography


 Bits and Pieces


 TULARC


 Contact Us


 Site Map



Search






Favorites

  Free Online Books


  Meta Religion


  Travel Blogs


  StasoSphere


  Healing Info


  Article Collection


  Practical mod_perl


  mod_perl2 Book


  MailChannels













Description

This article is from the Computer viruses FAQ, by David Harley D.Harley@icrf.icnet.uk, George Wenzel gwenzel@telusplanet.net and Bruce Burrell bpb@umich.edu with numerous contributions by others.

10) Does anyone know about the PKZip trojan virus?

Most of us prefer to distinguish between trojans and viruses (see Part
1). The threat described in recent warnings is definitely not a virus,
since it doesn't replicate by infection.

There have been at least two attempts to pass off Trojans as an upgrade
to PKZip, the widely used file compression utility. A recent example was
of the files PKZ300.EXE and PKZ300B.ZIP made available for downloading
on the Internet. An earlier Trojan passed itself off as version 2.0.
For this reason, PKWare have never released a version 2.0 of PKZip:
presumably, if they ever do release another DOS version (unlikely, at
this date, in my opinion), it will not be numbered version 3.0(0).
In fact, there are hardly any known cases of someone downloading and
being hit by this Trojan, which few people have seen (though most
reputable virus scanners will detect it). As far as I know, this Trojan
was only ever seen on warez servers (specialising in pirated software).

There are recorded instances of a fake PKZIP vs. 3 found infected with
a real live in-the-wild file virus, but this too is very rare.
To the best of my knowledge, the latest version of PKZip is 2.04g,
or 2.50 for Windows.

There was a version 2.06 put together specifically for IBM internal
use only (confirmed by PKWare). If you find it in circulation, avoid
it. It's either illicit or a potentially damaging fake.

The recent rash of resuscitated warnings about this is at least in part
a hoax. It's not a virus, it's a trojan. It doesn't (and couldn't)
damage modems, V32 or otherwise, though I suppose a virus or trojan might
alter the settings of a modem - if it happened to be on and connected....
I don't want to get into hypothetical arguments about programmable
modems right now. It appears to delete files, not destroy disks irrevocably.

It's certainly a good idea to avoid files claiming to be PKZip vs. 3,
but the real risk hardly justifies the bandwidth this alert has occupied.

 

Continue to:


Share and Enjoy

Bookmark this story so others can enjoy it:
  • digg
  • Reddit
  • del.icio.us
  • Furl
  • Wists

Tags

security, computer viruses



TOP
previous page: 10) Does anyone know about The AOLgold virus?page up: Computer viruses FAQnext page: 10) Does anyone know about xyz PC virus?

Last modified Thu May 8 22:39:13 2008

Created by Stas Bekman and his DocSet.

[ Privacy Policy ] [ Copyright ] [ About Us ] [ Advertise on This Site ] [ Search ]