Researchers warn of malware hidden in .zip files

Researchers find a way that attackers could get malware past antivirus software by hiding it inside documents via .zip and other file formats.

Black Hat

Security researchers have discovered flaws in common file formats, including .zip, which can be used to sneak malware onto computers by evading antivirus detection.

Eight vulnerabilities were found in .zip, supported by Microsoft Office, along with seven others in the .7zip, .rar, .cab and .gzip file formats, said Mario Vuksan, president of ReversingLabs Corp.

The vulnerabilities could be used by attackers to hide malware that could then be slipped past antivirus software via an e-mail attachment and used to compromise a computer, he said.

"The file goes straight through Gmail or Hotmail because it's a trusted format," he added. "Antivirus software can't see the hidden payload. Once the file is opened the payload (or malware) is on the system."

Vuksan said he and his partners in the research, Tomislav Pericin of ReversingLabs and AccessData Chief Operating Officer Brian Karney, had notified antivirus firms and other security vendors about the holes so they could update their products so they would not be vulnerable to attacks. The three were set to present their findings at the Black Hat Europe conference in Barcelona on Thursday.

w They also planned to release a tool called NyxEngine that companies can use to scan the files in the network for suspicious attributes that might indicate hidden malware, Vuksan said.

In addition to being used to attack a computer, the vulnerabilities could be used for steganography, or hiding secret messages in otherwise innocent-looking files, according to Vuksan. Typically, steganography involves messages hidden in images and photos.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments