Interview

Dangers of .zip files

Shawna McAlearney, News Writer
Is stripping .zip files at the gateway the best way to mitigate these threats? Are there less severe measures?
A default-deny approach at the gateway is the best approach, permitting only file types that are needed to do business. Always block attachments that are unsafe, i.e. .exe, .scr, .pif, .vbs, .zip, etc.

Other measures enterprises can take include:

  • Rename files that contain .zip or other executable or blocked extensions.
  • Delay .zip files for a short period of time.
  • Inspect the contents of .zip files and deny, delay or rename attachments that are unsafe.
You've alluded to .zip files as being a longstanding threat; if that's the case, why don't more enterprises filter them at the gateway?
I think it hasn't been a big enough problem and is just now reaching the boiling point. I believe we'll start to see more and more corporations filtering .zip files from this point on. What other kinds of threats do .zip files pose to enterprise networks? Other users?
Most corporations block files like screen savers (.scr) and Visual Basic Scripts (.vbs) at the e-mail gateway. Antivirus scanners can scan .zip files and stop them if a virus is detected. Unfortunately, if they don't detect something known to be malicious they allow it to go through. If the .zip format wasn't used, it would have been blocked like other unsafe file attachments. It's worse if the .zip file is password protected because AV scanners can't scan inside a password-protected

    Requires Free Membership to View

file. How long will it take enterprises to learn to filter them?
It will take some time; however, the companies that can do this quickly will benefit. Companies that block zips don't have to worry about one bypassing their antivirus scanners or other filters they have in place. We've seen a number of worms lately that have entered networks through .zip files. What can you tell us about that?
In the past, .zip files were thought to be "safe," so many people think they're getting them for a legitimate reason. Virus writers will continue to use .zip and other file types perceived as safe to bypass gateway filtering because they know that most medium to large corporations are now blocking executable file attachments.

Virus writers will continue to use .zip and other file types ... because they know that most medium to large corporations are now blocking executable file attachments.


Bruce Hughes
ModeratorWild List

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: