{"id":492123,"date":"2023-05-17T15:01:35","date_gmt":"2023-05-17T13:01:35","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=492123"},"modified":"2023-05-17T15:03:51","modified_gmt":"2023-05-17T13:03:51","slug":"microsoft-scanning-for-malware-inside-password-protected-zip-files","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/492123-microsoft-scanning-for-malware-inside-password-protected-zip-files.html","title":{"rendered":"Microsoft scanning for malware inside password-protected zip files"},"content":{"rendered":"<p>Microsoft is scanning the contents of some password-protected zip files stored or shared through its cloud-based services, <a href=\"https:\/\/arstechnica.com\/information-technology\/2023\/05\/microsoft-is-scanning-the-inside-of-password-protected-zip-files-for-malware\/\" target=\"_blank\" rel=\"noopener\"><strong>Ars Technica reports<\/strong><\/a>.<\/p>\n<p>The publication spotted several posts on decentralized social networking platform Mastodon, where users complained about the issue.<\/p>\n<p>Among them was cybersecurity researcher Andrew Brandt, who was <a href=\"https:\/\/infosec.exchange\/@threatresearch\/110373860063222707#\" target=\"_blank\" rel=\"noopener\"><strong>surprised to discover<\/strong><\/a> that Microsoft had flagged a file he shared with other researchers through a SharePoint directory as infected.<\/p>\n<p>&#8220;While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples,&#8221; he said.<\/p>\n<p>&#8220;The available space to do this just keeps shrinking, and it will impact the ability of malware researchers to do their jobs.&#8221;<\/p>\n<p>Brandt said Microsoft OneDrive previously deleted malicious files he had stored in a Windows folder, despite him adding an exception for the files in his endpoint security tools.<\/p>\n<p>The cloud storage service wiped the local copies off his computer shortly after uploading them to OneDrive.<\/p>\n<p>Another security researcher \u2014 Kevin Beaumont \u2014 <strong><a href=\"https:\/\/cyberplace.social\/@GossiTheDog\/110374295178554674\" target=\"_blank\" rel=\"noopener\">explained<\/a><\/strong> that Microsoft used multiple ways to scan the contents of password-protected files for malware and has been doing so for years.<\/p>\n<p>These included searching for possible passwords in the bodies of emails sent with the zip files as attachments or in the names of the files themselves.<\/p>\n<p>Microsoft&#8217;s security tools also consulted a list of regularly-used passwords to see whether one of them could open the file. In this case, the password on the ZIP file was &#8220;infected&#8221;.<\/p>\n<p>Ars Technica also pointed out that the contents of many password-protected zip files could easily be read as the default encryption method used to secure them was trivial to override.<\/p>\n<p>Malicious actors sometimes use compressed zip folders to hide dangerous files from malware scanning tools.<\/p>\n<p>Microsoft is evidently trying to beat this tactic, but some users are concerned that its approach might be a bit privacy-invasive and could lead to file loss.<\/p>\n<hr \/>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/489065-best-vpns-for-home-users.html\" rel=\"bookmark\">Best VPNs for home users<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft is scanning the contents of some password-protected zip files stored or shared through its cloud-based services, Ars Technica reports.<\/p>\n","protected":false},"author":23,"featured_media":492125,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[37599,801,82515,123,86409],"class_list":["post-492123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-ars-technica","tag-malware","tag-mastodon","tag-microsoft","tag-zip-files"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/492123"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=492123"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/492123\/revisions"}],"predecessor-version":[{"id":492173,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/492123\/revisions\/492173"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/492125"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=492123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=492123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=492123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}