Zip files and malware

Discussion in 'other security issues & news' started by EdP, Oct 24, 2010.

Thread Status:
Not open for further replies.
  1. EdP

    EdP Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    83
    I haven't been able to find information on whether a zipped file can be automatically invoked when its zip file is opened.

    I use an ancient (V2.6) copy of PKZip which displays a list of its zipped files when it's run. It requires my intervention to unzip and save the files. If there's an executable or anything else that's suspect among the files when I'm expecting, say, all JPGs or TXTs, I can simply close the zip file and delete it.

    How safe is that?
    Incidentally, I do have NOD32 and SASPro running.

    EdP
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    As long as you don't click on any files you're 99.99999% safe.

    Until a few months ago i would have said 100%, but due to the .LNK vulnerability, that's now fixed, it just goes to show nothings 100% :(

    Having said that, i would say you would be very unlucky to experience another such exploit :)

    If you have Anti Executable software it would help, as would something like SandboxIE and/or Returnil :thumb:
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Nothing can automatically execute from zipped files, so no worries there. I've dealt with malware, mixed in with legit files within archives for a long time. If I come across such a situation, I simply delete the offending file and keep the rest.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ dw426

    From that, i thought he was asking about a file/s that he Unzipped, ie Opened ?

    If he means just looking at the list, then yes i agree with you :thumb:
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    The way I read it, and the OP can correct me please, if I'm wrong, is this: Invoked to me=executed/ran. It seems he/she was asking if a file contained inside the zipped archive could be executed just by extracting the contents of the archive. It's my opinion that no, it cannot. I'm not sure the lnk vulnerability would apply here, as, unless I am mistaken, does not the program related to an infected lnk file have to be ran/installed first in order for the infection to take place?

    If that is so, I don't believe an infection could take place just by having the offending file/program sitting on the computer without touching it. I'm a fairly young person who admittedly doesn't experiment with the latest and greatest in malware, and I sure haven't seen everything. But, in the years I've been computing, never has a file magically ran just by opening an archive.
     
  6. EdP

    EdP Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    83
    Thanks for the quick replies.

    As I indicated, I spent 45 minutes searching and reading and could not find anything about a zipped file automatically being invoked. If that were a problem, I would expect to find quite a few topics on it.

    Thanks for the verification.

    EdP
     
  7. EdP

    EdP Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    83
    What I (he) meant - if a zip file is run (invoked) can that, in itself, initiate one of the contained files to automatically run?

    I don't see why a clever and malevolent programmer couldn't design a zip file to do that. And if not actually run the contained file, automatically store it in a folder where it is sure to be run.

    Is that beyond the skill and imagination of those bad guys?

    EdP
     
  8. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    -If you open normal zip, nothing can run automatically until double click.

    -If you open specially crafted zip (executable zip with command to start a program/executable on unzipping), anything can happen depending on purpose of executable. Numerous legitimate applications also zip their files to reduce size. Double clicking such files --> unzips and starts installation automatically.
     
  9. katio

    katio Guest

    A normal zip file can execute attack code if the program you open it with is vulnerable.
    An old example: http://secunia.com/advisories/7198/

    A quick check on PKZIP didn't reveal any such publicly know bugs but that doesn't mean it's 100% (or 99.9...%) not vulnerable.
     
  10. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Most anti-viruses and other anti-malware apps have the ability to check the contents of ZIPs and other archive types, typically by expanding them into temporary files which are then scanned and deleted. Depending on your particular a-v (I use avast free), you may be able to do this before or while downloading the zip; in any event, any malware contained inside should be caught by the a-v after expansion.

    (Edit) In the case of self-extracting EXEs, I typically check them twice -- the exe before installation, and the folder (typically a new one it creates) after installation.
     
Loading...
Thread Status:
Not open for further replies.