AfterDawn: Tech news

Security researchers hunt for bugs in archive file formats

Written by James Delahunty (Google+) @ 15 Apr 2010 21:34 User comments (2)

Security researchers hunt for bugs in archive file formats Security researchers have put attention on archive file formats such as RAR and ZIP files because of their potential security vulnerabilities. Up until recently many antivirus programs weren't capable of detecting malicious software in commonly used archival formats, but most antivirus vendors patched their products for better detection.
Tomislav Pericin, founder of RLPack, Mario Vuksan, an independent security researcher and Brian Karney, COO of Access Data, gave a presentation at the Black Hat security conference where they demonstrated how it is possible to tamper with popular archive formats to insert malicious code such as the Conficker worm.

Malware authors had been taking advantage of how packing malicious software in compressed archive files could trick security software, but antivirus companies stepped up efforts in detection of malware hidden in such files. However, the three researchers showed that it is still possible to evade gateway products that analyze file attachments.

"The problem is the AV vendors and the archive vendors have two different solutions. If they don't work in sync, the user can extract an archive on their PC, but the AV won't be able to, and that's a problem," Pericin said.

They found at least eight vulnerabilities in which security products failed to catch malicious files, and at least 30 other potential vulnerabilities.

Also demonstrated at the conference was how archive files can be used to embed secret content.

Previous Next  

2 user comments

116.4.2010 2:10

Related Articles:

Carpenters Use Wood to Build Things
Psychologists Study How Humans Think
Archeologists Find Dinosaur Hidden Beneath Layers of Rock

This message has been edited since its posting. Latest edit was made on 16 Apr 2010 @ 2:13

216.4.2010 6:24

Wait, they are attacking zip and rar? Why not just search for security holes in 3.5" floppy drives? No one would be dumb enough to use either of these formats to try to secure anything!

Comments have been disabled for this article.

News archive