Microsoft is searching within your secure folders for malware, even if you have a password
Password-protected .ZIP files are often used to share malware
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas reportedly started scanning password-protected .ZIP archives formalware, and not everyone is happy about the decision.
Ars Technicareported several users on Mastodon, including cybersecurity researchers, confirmed that Microsoft’santivirusprogram had started scanning .ZIP archives for malicious content, even those protected by a password.
Password-protected .ZIP archives are one of the most popular tactics among cybercriminals looking to deploy malware viaemail, as email security services rarely flag them.
“Nosy practices”
The publication claims that the practice was “well-known to some people”, but came as a surprise to others. Cybersecurity researcher Andrew Brandt, for example, wasn’t too thrilled about the idea, as it made it difficult for him to share malware with his fellow researchers through SharePoint.
“While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples,” Brandt wrote. “The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.”
Cloud data breaches are getting bigger and nastier>Nearly all firms have suffered a cloud security issue this year>Here’s our list of the best firewalls
Another researcher, Kevin Beaumont, said the company scans files not just stored in SharePoint, but everywhere in itsMicrosoft 365cloud services, adding that there are multiple methods of peeking into password-protected archives. One way, it seems, is to scan the contents of the email itself, for potentialpasswords. Sometimes, people mailing .ZIP archives to one another will share the password in the body of the email.
“If you mail yourself something and type something like ‘ZIP password is Soph0s’, ZIP up EICAR and ZIP password it with Soph0s, it’ll find (the) password, extract and find,” he wrote.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While this might come as a surprise to some people, Ars Technica reminds that password-protected .ZIP files “provide minimal assurance” that an unauthorized third-party will read the contents. “The default means for encrypting zip files in Windows, is trivial to override. A more dependable way is to use an AES-256 encryptor built into many archive programs when creating 7z files,” the report concludes.
Via:Ars Technica
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Australian Beach Volleyball Tour live stream: How to watch bronze and gold medal matches online for free, finals, start time
