Researchers Warn of Malware Hidden in .zip Files

File Format Flaws Allow Hiding of Malware

 

Interesting, but is it really a serious threat? While of course there may be some new hi-tech procedures involving in the malware, most halfway decent a-v's (and other anti-malware) are quite capable of temporarily expanding the archive to examine its contents.

 

It's absolutely no threat at all, given an even remotely reasonable security policy. These are "vulnerabilities" in AV scanning engines that can cause scans to miss malware inside specially crafted archives. But to actually get infected by any malware inside such an archive, you'd still have to first unpack the archive and then manually execute the now-unpacked malware. And when it's unpacked, AVs can scan it again and potentially even detect it. Basically, it's a "I can get some malware past gateway AV scanners by making special archive files they can't properly scan, but I can't get my malware executed without lots of user interaction" scenario.

That's it. Lamest "vulnerability" ever.

 

I saw this @ another forum and posted there that all one needs to do is avoid dealing with all archive files unless you directly requested them and know the quality of the source. The fact there are weaknesses in the formats themselves is, for the most part, meaningless (IMHO).

 

This isn't exactly news considering it's been going on for years. I P2P and find malware in archive files all the time. There have been times my AV wouldn't raise a fit until after I opened the file, but it raised one every single time. Most of the time, I just open the archive, manually delete the malware and keep the rest of the contents. It's no big thing providing you have a semi-decent AV and don't do anything stupid like click on files that are detected.

 

As WindChild said, if you don't execute it manually, it won't gonna infect you.

Remember, If it can't execute, it can't infect.