Recently it was found out that one serious vulnerability can risk thousands of projects scattered on the Internet. The bug is named Zip Slip which reveals much about it! It affects the archived files by sneaking malware to them. The researchers claim that since they have found this vulnerability, they are working with several open-source libraries that might be at risk because of this bug. This is the reason why spammers love ZIP files now!
What Is Zip Slip?
Zip Slip is basically a combination of “arbitrary file overwrite” and “directory traversal” issues. This has become a risk to compressed files. This points out that it can easily lead to a circumstance where attacker can unzip files apart from normal path and eventually overwrite files. One needs two parts to take advantage of this, malicious archive and extraction code (one that doesn’t perform validation checking). Simply put, attackers are now able to create Zip archives and carry out path traversal to overwrite genuine files with fake ones.
You might be wondering how do these work? Well, it’s a directory traversal attack which attempts to hide code into a secret location while the files are getting decompressed. These rely on the usage of “..” instead of directory names in code for moving files. If the decompression software is efficient enough, then it performs validation testing and doesn’t allow traversal attacks. Subsequently, Zip Slip stop right there. But problem arises because libraries rarely validate directories while decompressing. This allows Zip Slip to take place!
What Is This Capable of Doing?
This basically tweaks your files and enter malicious data in them. Now, these can be something garbage that unnecessarily consume space on your disk or they can be malware. If not considered, they can multiply themselves exponentially and ultimately you can lose control of your system. Simply put, you can get malware in Zip files if adequate actions are not taken. Attackers can use this on a mass scale for security breach. We need to take action before our systems are consumed by the infected files. So, the answer to “can you get virus by clicking .zip file?” is yes!
How to Know if you are Vulnerable or not?
If you are using library that has already been infected with Zip Slip, then you are certainly at risk! Also, if you are working on a project that does not perform validation testing before decompressing, then better get equipped. There are fair chances that you are either infected or soon will be! To know if you have been infected or not, you can check the Github repository maintained by Snyk.
How can I Protect Myself from Viruses Distributed in Zip Files?
Secondly, deploy an efficient testing mechanism. As discussed earlier, most of the software do not perform validation that can further lead to these attacks. Therefore, you can prevent it before even it has initiated. Researchers have also published proof-of-concept Zip Slip archives, so that developers can identify and take further steps. You can find the video here.
Moreover, taking basic security precautions will also help you. For example, if you scan zip file for virus, it can let you know if zip file viruses exist or not! However, having an efficient antivirus program in your system will ensure that if you have not had the chance of preventing the infection, you’ll get to know if your system infected.
We hope that security professionals find effective ways of dealing with the same soon!