How to Open Compressed, Zip or Archive Files Safely
File compression has been around for a while, enabling users to reduce the overall number of bits and bytes in files so they can transfer them faster over the Internet. Few know, however, that compressed files are now massively used to transmit infections such as ransomware.
What Are Compressed, Zip and Archive Files?
As much as these terms seem like they have the same meaning, they are a bit different.
A compressed file
is any file or collection of files that are stored in a way that uses less disk space than all the individual files combined. This is often done to speed up distribution over the Internet and to save storage space.
An archive file
is also a collection of files stored in one file for easier portability and storage. However, the archive file is not necessarily compressed as it can use the same amount of disk space as all the individual files combined. Such file is .TAR, for example. An archive file can be, however, additionally compressed to reduce its size.
Archive files are mainly used to store file system data within the contents of a particular file, and thus can be stored or sent over channels that do not support the file system in question, only file contents – examples include sending a directory structure over email.
A Zip file
is the most popular compressed file containing the .zip extension. Just like any other compressed file format, Zip is a collection of one or more files and folders compressed into a single file for easy transportation and compression. Zip files are mostly used for software downloads as they decrease the time for download, and keep the hundreds of files well organized in a single Zip file.
Compressed-only files include:
.bz2; .F; .gz; .lz; .lzma; .lzo; .rz; .sfark; .sz; .?Q?; .?Z?; .xz; .z; .Z; .??_
Archive-only files include:
.a, .ar, .cpio, .shar, .LBR, .iso, .lbr, .mar, .tar
Archive and compressed files:
.7z, .s7z, .ace, .afa, .alz, .apk, .arc, .arj, .b1, .ba, .bh, .cab, .car, .cfs, .cpt, .dar, .dd, .dgc, .dmg, .ear, .gca, .ha, .hki, .ice, .jar, .kgb, .lzh, .lha, .lzx, .pak, .partimg, .paq6, .paq7, .paq8 and variants, .pea, .pim, .pit, .qda, .rar, .rk, .sda, .sea, .sen, .sfx, .shk, .sit, .sitx,.sqx, .tar.gz, .tgz, .tar.Z, .tar.bz2,.tbz2, .tar.lzma, .tlz, .uc,.uc0, .uc2,.ucn, .ur2, .ue2, .uca, .uha, .war, .wim, .xar, .xp3, .yz1, .zip, .zipx, .zoo, .zpaq, .zz
As you can see, the .zip
file is both archive and compressed.
Why Are Archive and Compressed Files Used to Spread Ransomware Infections?
Most ransomware today enters the victim’s computer as a payload. And that payload dropper is usually contained in spam emails as attachments. The most common attachments have the following extensions: .doc, .docx, .docm, .ppt, .pptx, .pptm, .pdf,.xls, .xlsx, .xlsm,.js, and .lnk
, and are most often compressed and archived as .zip, .rar, or .7z
Cyber criminals choose to use such archive and compressed files to distribute infections because this way the malicious component is well disguised and neither humans nor anti-virus programs can detect it unless the file in question is opened. Only then the payload dropper is revealed, but also activated at the same time. Once activated, however, the infection process begins and it’s impossible to cancel it.
If cyber criminals attempt to send an infected file as a simple email attachment without archiving and compressing it first, the email provider will likely block that email from sending it over to users. And since .zip and .rar are the most used archive compressed files, they are the most preferred ones among the cyber criminals.
How to Recognize a Spam Email with a Malicious Attachment
Cyber Criminals dedicate an extensive amount of time to craft the perfect email that will trick you into opening it and downloading its malicious attachments. Such emails are sometimes very hard to recognize as they mock legitimate senders. Cyber criminals use geotargeting to find details about the targeted users and will then mock local brands, banks, organisations, institutions that the users are likely to be in contact with. They will also use your local language and currency.
In addition, disposable or temporary email domains are often used to spread ransomware. Once you open such email, it will self-delete. The website gist.github.com
contains a list of temporary email address domains. Check it out to get an idea how they look like so next time you receive an email from a similar domain, you will know to delete it immediately.
Cyber crooks often spoof the display name of the spam email. Return Path, an email data solutions provider, analyzed more than 760,000 email threats targeting 40 of the world’s largest brands, and reported that almost half of them spoofed the brand in the display name.
As you can see, the spoofing techniques cyber criminals apply to deceive their victims vary. The spam emails are sometimes so perfect and spotless that even experienced users would fail to recognize them. What’s more, archive and compressed malicious components are spread often via social media and compromised file sharing services. Even people you know may reshare and forward malicious files unintentionally.
The need to find out whether the contents of an archive and compressed file are safe to download has become essential. Here’s how you can now open .zip, .rar and other archive files without the risk of infecting your system:
How to Open Archive and Compressed Files Safely
Whether you are using Microsoft Windows, Apple’s OSX, your phone or Linux-based distributions or even Google Chrome OS, you can now check an archive file for malware before actually opening it. See how:
Download and save the archive file onto your computer somewhere easy to find, without opening it.
Open ZipeZip’s main web page (www.zipezip.com)
Click on the “Select File” button of ZipeZip and choose the downloaded archive file.
After the file has been selected, click on the “Upload” button to scan it for malware. The process may take some time if the file is very large. The file capacity is 100 MB.
You will see the results for each file from the archive. If a file is malicious, you should delete it immediately from your computer. If you have already been infected, or want to check your system for malware, you can click on the “Protect Your System Now” button for further instructions.