Microsoft searches your secure folders for malware, even if you have a password
Microsoft has reportedly started scanning password-protected .ZIP archives for malware, and not everyone is happy with the decision.
Ars Technica reported by several Mastodon users, including cybersecurity researchers, who confirmed that Microsoft’s antivirus started scanning .ZIP archives for malicious content, even password-protected ones.
Password-protected .ZIP archives are one of the most popular tactics among cybercriminals looking to deploy malware via email, as email security services rarely detect them.
The publication said the practice was “well known to some people” but was a surprise to others. For example, Andrew Brandt, a cybersecurity researcher, wasn’t too keen on the idea because it made it difficult for him to share malware with other researchers via SharePoint.
“While I totally understand doing this for anyone other than a malware analyst, this kind of nosy way of dealing with getting inside a company is going to become a big problem for people like me who have to send malware samples to their co-workers” – Brandt wrote. “The available space for this is simply shrinking, which will affect the ability of malware researchers to do their job.”
Another researcher, Kevin Beaumont, said the company scans files not only stored on SharePoint, but everywhere in its Microsoft 365 cloud services, adding that there are multiple ways to look into password-protected archives. One way seems to be to scan the body of the email itself for potential passwords. Sometimes people who send .ZIP archives to each other share the password in the body of the email.
“If you email something and enter something like ‘ZIP password is Soph0s’, you pack the EICAR code and ZIP password with Soph0s, it finds (that) password, unzips it and finds it,” he wrote.
While this may come as a surprise to some, Ars Technica reminds that password-protected .ZIP files “provide minimal assurance” that an unauthorized third party will read their contents. “The default way to encrypt ZIP files in Windows is simple to replace. A more reliable way is to use the AES-256 encryptor built into many archiving programs when creating 7z files,” the report concludes.
By: Ars Technica