Researchers Warn of Malware Hidden in .zip Files

Discussion in 'other security issues & news' started by Searching_ _ _, Apr 19, 2010.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    File Format Flaws Allow Hiding of Malware
     
  2. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Interesting, but is it really a serious threat? While of course there may be some new hi-tech procedures involving in the malware, most halfway decent a-v's (and other anti-malware) are quite capable of temporarily expanding the archive to examine its contents.
     
  3. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    It's absolutely no threat at all, given an even remotely reasonable security policy. These are "vulnerabilities" in AV scanning engines that can cause scans to miss malware inside specially crafted archives. But to actually get infected by any malware inside such an archive, you'd still have to first unpack the archive and then manually execute the now-unpacked malware. And when it's unpacked, AVs can scan it again and potentially even detect it. Basically, it's a "I can get some malware past gateway AV scanners by making special archive files they can't properly scan, but I can't get my malware executed without lots of user interaction" scenario.

    That's it. Lamest "vulnerability" ever. :D
     
  4. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I saw this @ another forum and posted there that all one needs to do is avoid dealing with all archive files unless you directly requested them and know the quality of the source. The fact there are weaknesses in the formats themselves is, for the most part, meaningless (IMHO).
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    This isn't exactly news considering it's been going on for years. I P2P and find malware in archive files all the time. There have been times my AV wouldn't raise a fit until after I opened the file, but it raised one every single time. Most of the time, I just open the archive, manually delete the malware and keep the rest of the contents. It's no big thing providing you have a semi-decent AV and don't do anything stupid like click on files that are detected.
     
  6. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    As WindChild said, if you don't execute it manually, it won't gonna infect you.

    Remember, If it can't execute, it can't infect.
     
Loading...
Thread Status:
Not open for further replies.