.zip Files Contain Hidden Malware, Warn Researchers

ReversingLabs Corp security researchers have identified vulnerabilities in common file formats like .zip. These flaws can be exploited to promptly pass malware onto the systems.

According to Mario Vuksan, President, ReversingLabs Corp, eight flaws were discovered in Microsoft Office-supported .zip, together with seven other bugs in the .rar, .7zip, .gzip, and .cab file formats, as per the news published by cnet news on April 14, 2010.

The spotted flaws could be exploited by attackers to conceal malware, which could later on be passed through anti-virus software via an e-mail attachment, and used to compromise a system.

It is very convenient to slip the file via Hotmail or Gmail as it's a trusted format. The hidden payload can easily trick anti-virus software. The malware or payload is on the computer the moment a user opens it, he added.

According to experts, archive formats exploitation can result in data hiding or steganographic and in delivering errors with severe forensic consequences. As these formats are commonly found on almost all PCs, Linux or Apple machine, these are very interesting, and it is generally assumed that these are trusted and well understood. Hence, the flaw can pose big risk to users' systems.

Vuksan said that he, along with his partners, Brian Karney (COO, Data Access) and Tomislav Pericin (founder of RLPack, the commercial software protection project), has reported the vulnerability to antivirus solutions provider, as per the news published by ZDNet.de on April 15, 2010.

Notably, the aforementioned three researchers gave a presentation at the Black Hat security conference on April 15, 2010. They demonstrated how it is feasible to interfere with the archive formats and infuse malicious code like the Conficker worm, which is then carried out on a person's system. They showed how it is possible to avoid the gateway products by tampering with different archival formats.

Meanwhile, in similar news, yet another flaw in Java has been discovered lately. This vulnerability could permit malware authors to infuse malware into users' PCs. This flaw in Java could allow malware writers to inject malicious code onto user's machines. The susceptibility is found in Java Web Start system made for developers, and strikes each and every edition since Java 6 Update 10.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 4/26/2010