News Hackers bury malware in new ZIP file attack — combining multiple ZIPs into one bypasses antivirus protections

[Admin]

Security researchers discovered that concatenated ZIP files have been used to hide malicious files in ZIP archives.

Hackers bury malware in new ZIP file attack — combining multiple ZIPs into one bypasses antivirus protections : Read more

 

[COLGeek]

Another threat that downloaders of illicit software are more likely to experience than any legit users.

If this is you, be prepared to be infected. Only download from safe sites.

If you pirate software, you may get to experience this first hand. Just don't do it.

As a reminder, Tom's Hardware does NOT support any form of software piracy. None. Period.

 

[kyzarvs]

I'm sure I had this issue in the 90's. Is this really still a thing?

 

[Rob1C]

As old as Russian nesting dolls

 

[Pemalite]

In other news, water is wet.

I remember Kaspersky had an option for a "deep scan" of multi-deep RAR/ZIP files over a decade ago, but otherwise would ignore it.

 

[TJ Hooker]

In other news, water is wet.

I remember Kaspersky had an option for a "deep scan" of multi-deep RAR/ZIP files over a decade ago, but otherwise would ignore it.

If you're thinking this vulnerability involves nested/recursive archives, that is not the case.

 

[cryoburner]

Another threat that downloaders of illicit software are more likely to experience than any legit users.

If this is you, be prepared to be infected. Only download from safe sites.

If you pirate software, you may get to experience this first hand. Just don't do it.

As a reminder, Tom's Hardware does NOT support any form of software piracy. None. Period.

The article was talking about this being used in phishing emails targeting less-tech-savvy users, not mentioning piracy once. The point is that there can be a zip file that displays one set of files when opened in 7zip, while displaying another set of files when opened in Windows Explorer, or both sets of files when opened in WinRar. So a person or malware scanner opening the file using one extraction utility might only see the safe files, assuming the contents of the archive to be safe, while another person opening it with a different utility would get a different set of files that include an unsafe payload. Reading the actual article that this one was rehashing, the example found to be doing this was an email disguised as a shipping invoice with an attached archive that only appeared to contain a safe PDF document when opened in 7zip, but that instead contained an executable file when opened in Windows Explorer. It wasn't clear about how many antimalware utilities might actually miss such a file, though this is something that should be detectable if they look for it.

 

[COLGeek]

The article was talking about this being used in phishing emails targeting less-tech-savvy users, not mentioning piracy once. The point is that there can be a zip file that displays one set of files when opened in 7zip, while displaying another set of files when opened in Windows Explorer, or both sets of files when opened in WinRar. So a person or malware scanner opening the file using one extraction utility might only see the safe files, assuming the contents of the archive to be safe, while another person opening it with a different utility would get a different set of files that include an unsafe payload. Reading the actual article that this one was rehashing, the example found to be doing this was an email disguised as a shipping invoice with an attached archive that only appeared to contain a safe PDF document when opened in 7zip, but that instead contained an executable file when opened in Windows Explorer. It wasn't clear about how many antimalware utilities might actually miss such a file, though this is something that should be detectable if they look for it.

Note, the article said "usually". Those who "sail the seven seas" often use questionable sites to download all sorts of files, including some like mentioned in the article.

 

[nrdwka]

Note, the article said "usually". Those who "sail the seven seas" often use questionable sites to download all sorts of files, including some like mentioned in the article.

And they are usually more tech savvy to avoid malwares as routine of avoiding rifs Especially compared to average office worker.

 

[COLGeek]

And they are usually more tech savvy to avoid malwares as routine of avoiding rifs Especially compared to average office worker.

I highly doubt that, but okay. Aside from that, it is still very wrong to steal.