News Stay informed about the latest enterprise technology news and product updates.

Dangers of .zip files

Reader inquiries about security issues surrounding .zip files prompted a Q&A with Wild List moderator Bruce Hughes, who cites more than 40 worms since 1999 that have taken advantage of the compressed file format to spread.

Is stripping .zip files at the gateway the best way to mitigate these threats? Are there less severe measures?...

A default-deny approach at the gateway is the best approach, permitting only file types that are needed to do business. Always block attachments that are unsafe, i.e. .exe, .scr, .pif, .vbs, .zip, etc.

Other measures enterprises can take include:

  • Rename files that contain .zip or other executable or blocked extensions.
  • Delay .zip files for a short period of time.
  • Inspect the contents of .zip files and deny, delay or rename attachments that are unsafe.

You've alluded to .zip files as being a longstanding threat; if that's the case, why don't more enterprises filter them at the gateway?
I think it hasn't been a big enough problem and is just now reaching the boiling point. I believe we'll start to see more and more corporations filtering .zip files from this point on. What other kinds of threats do .zip files pose to enterprise networks? Other users?
Most corporations block files like screen savers (.scr) and Visual Basic Scripts (.vbs) at the e-mail gateway. Antivirus scanners can scan .zip files and stop them if a virus is detected. Unfortunately, if they don't detect something known to be malicious they allow it to go through. If the .zip format wasn't used, it would have been blocked like other unsafe file attachments. It's worse if the .zip file is password protected because AV scanners can't scan inside a password-protected file. How long will it take enterprises to learn to filter them?
It will take some time; however, the companies that can do this quickly will benefit. Companies that block zips don't have to worry about one bypassing their antivirus scanners or other filters they have in place. We've seen a number of worms lately that have entered networks through .zip files. What can you tell us about that?
In the past, .zip files were thought to be "safe," so many people think they're getting them for a legitimate reason. Virus writers will continue to use .zip and other file types perceived as safe to bypass gateway filtering because they know that most medium to large corporations are now blocking executable file attachments.

Virus writers will continue to use .zip and other file types ...�because they know that most medium to large corporations are now blocking executable file attachments.
Bruce HughesModerator, Wild List

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.