Members
  • Total Members: 12818
  • Latest: martin
Stats
  • Total Posts: 28536
  • Total Topics: 8240
  • Online Today: 1005
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Researchers warn of malware hidden in .zip files  (Read 1309 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Researchers warn of malware hidden in .zip files
« on: 15. April 2010., 06:56:26 »


 Security researchers have discovered flaws in common file formats, including .zip, which can be used to sneak malware onto computers by evading antivirus detection.

Eight vulnerabilities were found in .zip, supported by Microsoft Office, along with seven others in the .7zip, .rar, .cab and .gzip file formats, said Mario Vuksan, president of ReversingLabs Corp.: http://reversinglabs.com/

The vulnerabilities could be used by attackers to hide malware that could then be slipped past antivirus software via an e-mail attachment and used to compromise a computer, he said.

"The file goes straight through Gmail or Hotmail because it's a trusted format," he added. "Antivirus software can't see the hidden payload. Once the file is opened the payload (or malware) is on the system."

Vuksan said he and his partners in the research, Tomislav Pericin of ReversingLabs and AccessData Chief Operating Officer Brian Karney, had notified antivirus firms and other security vendors about the holes so they could update their products so they would not be vulnerable to attacks: http://www.accessdata.com/
The three were set to present their findings at the Black Hat Europe conference in Barcelona on Thursday: http://www.blackhat.com/html/bh-eu-10/bh-eu-10-home.html

w They also planned to release a tool called NyxEngine that companies can use to scan the files in the network for suspicious attributes that might indicate hidden malware, Vuksan said: http://blog.reversinglabs.com/2010/04/introducing-nyxengine/

In addition to being used to attack a computer, the vulnerabilities could be used for steganography, or hiding secret messages in otherwise innocent-looking files, according to Vuksan. Typically, steganography involves messages hidden in images and photos.

(Cn)

Samker's Computer Forum - SCforum.info

Researchers warn of malware hidden in .zip files
« on: 15. April 2010., 06:56:26 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising