Microsoft also scans password-protected Zip files, one security researcher learned the hard way.
Security researcher Andrew Brandt laments his fate in Microsoft’s cloud services. It has many files containing malware, password protected and zipped to a small size. When it tried to share the file using SharePoint, Microsoft aborted the attempt. Even some of his zip files were found to be malicious.
– While I completely understand doing this for anyone except malware researchers, this kind of intrusive and intrusive practice becomes a problem for people like me who need to be able to send malware samples to their colleagues. are needed, Brandt writes in the Mastodon thread.
Read more: Microsoft fixes dangerous image error in Windows – the damage was already done
Compressing files into a password protected file is an effective way to keep most prying eyes away from the original files. Even if the encryption is crackable, it at least sends a strong message that outsiders shouldn’t be peeping into the files.
It’s not really a secret or a scam, but it’s good for people to be aware of it. It may still come as a surprise to many that cloud service administrators check the contents of files in the service—in this case, even protected files.
Indirectly, this could undermine information security, if the means for researchers to share malware with each other to collect information is weakened. This is what Brandt is worried about.
It is known that Microsoft does not forcibly open encrypted zip files, but tries known passwords for them. Brandt protected his files with the infected password, which is apparently on Microsoft’s list. According to another researcher, Kevin Beaumont, Microsoft can also extract passwords from the attachment text of zip files sent by email.
It’s difficult to conclude from the findings whether Microsoft will have any information from the scans other than the existence of potential malware. However, there is no evidence that Microsoft is interested in knowing the contents of zip packages beyond malware.
Read more: Microsoft stops development of Windows 10
Brandt asked Microsoft for more information on the matter. The company acknowledged that the investigation has come, but has not yet returned on the matter.
According to Microsoft, not all file types are automatically scanned. This is decided by heuristics, and if a virus is found in the file, the file is marked as infected.
Ars Technica believes this practice has saved many people from criminal zip files. A Google representative told Ars that it doesn’t scan password-protected ZIP files, although the Gmail email service warns of such when they arrive.
