Microsoft can peek into password-protected ZIP files


Users should be aware that data is not protected from prying eyes if it is in a password-protected ZIP file. At least Microsoft now routinely looks into such archives.

However, the Redmond-based company is not particularly interested in the data that users store here in this way and upload to the cloud. Rather, Microsoft uses the ability to search for malware in the archives. However, one must assume that other, less well-meaning forces are also able to circumvent the password protection.

Compressing malware code into ZIP files has long been a tactic used by threat actors to hide malware from virus scanners. Because of this, the analysis of archives is now part of the normal work of every virus scanner. Some malware operators adapted to this by protecting their ZIP hiding places with a password. Microsoft circumvents this step by attempting to bypass password protection in ZIP files and, if successful, scan them for malicious code.

The fact that Redmond has this ability has been noticed by various security researchers, reports the US magazine Ars Technica. This is because they usually exchange their malware samples in the form of password-protected ZIP files to ensure on the one hand that the files are not blocked on the communication path and that the code cannot become active in an uncontrolled manner.

Security researchers have a problem

However, reports are now piling up on Mastodon that security experts are increasingly marking the relevant files as “infected” on the Sharepoint portals. Security researcher Andrew Brandt explained that this also poses a real problem for his profession, as it probably eliminates the most important way to exchange samples. The scope for cooperation is thus reduced a bit again.

How exactly Microsoft gets through the password protection is still unclear. One way is to extract possible identifiers from the body of an email or the name of the file itself. Another option would be to test if the file is protected with one of a list of passwords.

Summary

  • Microsoft routinely looks into ZIP files to find malware.
  • Strangers can bypass the password protection.
  • Malware operators hide code in ZIP files with password.
  • Microsoft bypasses password protection and checks ZIP files.
  • Security researchers find it difficult to exchange samples.
  • Microsoft uses possible identifiers from text or file names.
  • Or it tests if file is protected with password from list.

Download 7-Zip – free open source compression program
Download WinRAR – Packer for RAR & ZIP files
See also:


Internet, Security, Hacker, Laptop, Security, Crime, Cybercrime, Cybersecurity, Hacker Attack, Hacking, Cybercrime, Code, Programmer, Coder, Security Expert, Security Expert, Person

Share This:

California18

Welcome to California18, your number one source for Breaking News from the World. We’re dedicated to giving you the very best of News.

Leave a Reply