Computer security researchers have discovered a way of hiding in popular formats file archives malware undetectable by most antivirus programs.
At the conference Black Hat, held in Barcelona (Spain), Tomislav Peritsin (Tomislav Pericin), founder of the project RLPack, dedicated to the protection of commercial applications, Mario Vucsan (Mario Vuksan), the independent expert and the president of ReversingLabs, as well as COO AccessData Brian Carney (Brian karney) demonstrated the possibility of undetectable for antivirus integration Conficker worm code in the archive files of the RAR and ZIP.
Total found eight vulnerabilities in ZIP and seven "holes" in 7ZIP, RAR, GZIP, and CAB. Point of "gaps" can help attackers to bypass corporate security system scan email attachments for the presence of hacking code. As a result, end users are again under serious threat.
Specialists also showed a way to integration into archive files of sensitive data. This technique is called steganography; in contrast to cryptography, hiding contents of secrecy, it enables to conceal its existence, for example, within a conventional (seemingly) a digital photograph. They say vengeance steganography is used in intelligence and terrorist circles.
As a result, it was announced the launch of an open utility
NyxEngineDesigned to detect malicious code and hidden content in the archive files. The program acts as a preprocessor formats ZIP, RAR, GZIP, and CAB.