Recently it was found out that one serious vulnerability can risk thousands of projects scattered on the Internet. The bug is named Zip Slip which reveals much about it! It affects the archived files by sneaking malware to them. The researchers claim that since they have found this vulnerability, they are working with several open-source libraries that might be at risk because of this bug. This is the reason why spammers love ZIP files now!
What Is Zip Slip?
Zip Slip is basically a combination of “arbitrary file overwrite” and “directory traversal” issues. This has become a risk to compressed files. This points out that it can easily lead to a circumstance where attacker can unzip files apart from normal path and eventually overwrite files. One needs two parts to take advantage of this, malicious archive and extraction code (one that doesn’t perform validation checking). Simply put, attackers are now able to create Zip archives and carry out path traversal to overwrite genuine files with fake ones.
The worst part is that this vulnerability has potential to affect several ecosystems, namely JavaScript, Ruby, .NET and others. The experts have conveyed that Java will be affected adversely as there is no central library in JAVA for high-level processing.
You might be wondering how do these work? Well, it’s a directory traversal attack which attempts to hide code into a secret location while the files are getting decompressed. These rely on the usage of “..” instead of directory names in code for moving files. If the decompression software is efficient enough, then it performs validation testing and doesn’t allow traversal attacks. Subsequently, Zip Slip stop right there. But problem arises because libraries rarely validate directories while decompressing. This allows Zip Slip to take place!
Also Read : Everything You Need To Know About VPNFilter Malware
What Is This Capable of Doing?
This basically tweaks your files and enter malicious data in them. Now, these can be something garbage that unnecessarily consume space on your disk or they can be malware. If not considered, they can multiply themselves exponentially and ultimately you can lose control of your system. Simply put, you can get malware in Zip files if adequate actions are not taken. Attackers can use this on a mass scale for security breach. We need to take action before our systems are consumed by the infected files. So, the answer to “can you get virus by clicking .zip file?” is yes!
How to Know if you are Vulnerable or not?
If you are using library that has already been infected with Zip Slip, then you are certainly at risk! Also, if you are working on a project that does not perform validation testing before decompressing, then better get equipped. There are fair chances that you are either infected or soon will be! To know if you have been infected or not, you can check the Github repository maintained by Snyk.
How can I Protect Myself from Viruses Distributed in Zip Files?
Well, Snyk has a few suggestions for you if you wish to defend yourself from this. First things first, you are firmly advised to check your respective projects for vulnerabilities. In case you need any help in doing the same, Snyk has provided some modules in Java, Groovy, JavaScript, .NET, Go, Ruby, and Python. With these identifying the possibility of future attacks will get easier to detect and zip files security issues won’t go unnoticed.
Secondly, deploy an efficient testing mechanism. As discussed earlier, most of the software do not perform validation that can further lead to these attacks. Therefore, you can prevent it before even it has initiated. Researchers have also published proof-of-concept Zip Slip archives, so that developers can identify and take further steps. You can find the video here.
Must Read : Malware That Threatens To Leak Your Photos To Friends – LeakerLocker
Moreover, taking basic security precautions will also help you. For example, if you scan zip file for virus, it can let you know if zip file viruses exist or not! However, having an efficient antivirus program in your system will ensure that if you have not had the chance of preventing the infection, you’ll get to know if your system infected.
We hope that security professionals find effective ways of dealing with the same soon!
Leave a Reply