Jump to content

SECURITY: ZIP, RAR Have Surpassed Office Files as Most-Used Malware Containers

msfntor

By msfntor
in Technology News

 Share

Recommended Posts

msfntor

msfntor

Posted
Posted

Security-ransomware-malware-PCMag-768x43

By Ryan Whitwam on December 2, 2022 at 9:31 am

We all, hopefully, learned long ago not to open suspicious Microsoft Office files, which have long been one of the most common vectors for malware infection. According to a new report, there’s a new public enemy number one when it comes to cybersecurity: ZIP and RAR archives. Data from HP Wolf Security shows that encrypted file archives have become the most common way of distributing malware, and your antivirus scanner may be of little help.

According to HP’s threat analysis group, ZIP and RAR archives accounted for 42 percent of malware attacks between July and September this year. This method jumped 11 percent over the course of 2022, spurred on by more advanced methods of social engineering (phishing) and HTML fakery. That makes malicious archives more common than viruses distributed via Microsoft Word and Excel files, which have been the most popular method for three years running.

Sending out malware as archives can make it harder for even savvy internet users to stay safe. HP Wolf Security, explains that these archives can obscure the dangerous payload from scanners because they cannot see inside the encrypted containers. These ZIP and RAR files are often paired with a phony HTML file that masquerades as a PDF. When run, they produce a fake web document viewer which has the user input a password. However, that password actually decrypts the archive file, exposing the system to malware. HP’s threat group says the malware authors spent a great deal of effort making the fake HTML pages look as legitimate as possible....

MORE: https://www.extremetech.com/internet/341244-zip-rar-have-surpassed-office-files-as-most-used-malware-containers

2
Link to comment
Share on other sites

legacyfan

legacyfan

Posted
Posted (edited)

any file type is unsafe if used the wrong way (like downloading from weird websites) as long as you only download from safe official websites then you should be safe

Edited by legacyfan
Fixed Typo
2
Link to comment
Share on other sites
D.Draker

D.Draker

Posted
Posted

I never used Office in my whole life to begin with. And RAR is a russian programme, so again - nothing new.

ZIP and CAB are Microsoft, that's what I use, just don't open - if you don't know where it came from.

3
Link to comment
Share on other sites
XPerceniol

XPerceniol

Posted
Posted
3 hours ago, D.Draker said:

I never used Office in my whole life to begin with. And RAR is a russian programme, so again - nothing new.

ZIP and CAB are Microsoft, that's what I use, just don't open - if you don't know where it came from.

I never use office anymore.

1
Link to comment
Share on other sites
D.Draker

D.Draker

Posted
Posted
10 hours ago, legacyfan said:

any file type is unsafe if used the wrong way (like downloading from weird websites) as long as you only download from safe official websites then you should be safe

Yes, you're right, speaking of weird websites. Don't download anything from that weird eclipse.cx.

2
Link to comment
Share on other sites
msfntor

msfntor

Posted
  • Author
Posted (edited)
4 hours ago, D.Draker said:

Yes, you're right, speaking of weird websites. Don't download anything from that weird eclipse.cx.

Why you wrote this?.. First, good address is board.eclipse.cx .... surely you are joking and this unfortunately can not be seen on this damn internet, too bad, this is not real life then

- of course if you are looking for badly written addresses, you could have bad surprises with malware. Bad addresses bad surprises

- I don't download anything except from chrome store

Edited by msfntor
2
Link to comment
Share on other sites
D.Draker

D.Draker

Posted
Posted (edited)
3 hours ago, msfntor said:

Why you wrote this?.. First, good address is board .... surely you are joking and this unfortunately can not be seen on this damn internet, too bad, this is not real life then

- of course if you are looking for badly written addresses, you could have bad surprises with malware. Bad addresses bad surprises

- I don't download anything except from chrome store

yes, hffps://board.  DON'T.visit.it / is what I meant , you're right. A very weird website, right again. 

EDIT: And you have another opinion ?

 

Edited by D.Draker
2
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

Only for the record since 2010 (or was it 2007?) or so Office formats (.docx and .xlsx) are actually zip files, and of course android .pkg are also .zip files, as such the whole preamble is pure nonsense, then the article goes on to list a case in which the archive is encrypted and prompts the  user to download a fake pdf that is a html that is a wrapper that prompts user to input a password to view the contents of the archive.

Surprisingly the password is used to decrypt the archive.

So many words to say:

NEVER trust anything that comes from someone you don't know, particularly if it has an attachment, let alone an encrypted file that prompts you for decryption

Besides the actual HP/Wolf report being largely useless for anything except some vague statistical data, I rarely happen to read poorly written articles such as this one, the Author cannot even cite the right percentage written in the report (that is 44% and not 42%) then suggests that all these archives behave like a few specific malwares (that represent only a minimal percentage of the malware delivered via an archive).

jaclaz

 

3
Link to comment
Share on other sites
msfntor

msfntor

Posted
  • Author
Posted (edited)
On 1/24/2023 at 10:02 AM, D.Draker said:

A very weird website, right again.

WHY you condemn it, please...

Have you ever had a bad encounter in there?....

"Domain whitelist" extension says: "Nothing to be allowed or denied..." - after uBlock allowed board.eclipse.cx only, nothing more.

"Domain whitelist" action is MUCH stronger than blocking scripts (in uBlock or script-blocker of your choice)... it's "smallest interactive ad blocker, only allow requests from user-defined list of domains" - Size12.3KiB so nothing. By Dusan Halicky.

Here: https://chrome.google.com/webstore/detail/domain-whitelist/pdfmaijcdceohdpbclfdidiobpfpdkda?hl=en

So you're truly secure, cause it blocks effectively bad domains.

Edited by msfntor
2
Link to comment
Share on other sites
D.Draker

D.Draker

Posted
Posted (edited)
On 1/24/2023 at 10:59 AM, msfntor said:

WHY you condemn it, please...

Have you ever had a bad encounter in there?....

For startes, first reason. Because that plonkers banned @win32. (I actually discovered it quite recently).

Tell me, what kind of creature one needs to be, to ban win32 ? I can't write insulting words here...

Second, there's no one there who could help me with anything I want.

Third, annoying spam from them. Silly language (like 12 y.o. children).

Fourth - two and a half users there.

Enough ?

Some of you write how wonderful that weird website is, however you're all still here.

EDIT: Not to mention security issues and very questionable content (RAR, 7ZIP) on their "website".

Edited by D.Draker
2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...