While browsing and downloading files from the web, users often worried about falling victim to deceitful schemes designed by hackers to gain access to their personal data and credentials. And while there are several elaborate measures that you could put in place to avoid these instances, attackers are constantly coming up with new and more sophisticated ways to dupe unsuspecting users.
One of the oldest tricks in the book that hackers often leverage to gain access to your data is by tucking in malware into zip files and further layering them with pass codes, However, Microsoft seems to be on to this gambit and has now quietly debuted a new policy designed to shield users from such attacks.
Several users on Mastodon have made reports indicating that Microsoft SharePoint cloud services now has the capability to scan through zip files for malware, even if they are password protected as first spotted by Andrew Brandt, the Principal Researcher at cybersecurity firm Sophos. Previously, this capability was not available.
According to Microsoft’s support page, the company’s Safe Attachment feature has the capability to scan through files in SharePoint, OneDrive, and Teams. Once the feature detects malware in any of the files scanned they are automatically locked preventing users from opening, sharing, copying, oor even moving the file. However, you’ll be able to view and delete it.
As such, the new policy crippled Brandt’s productivity since he made the discovery after it affected theirt SharePoint directory, which featured an archive of malware strains stored in password-protected zip files. The researcher took to Mastodon to express his frustrations highlighting that the new policy flagged a password-protected file and marked it as “infected.”
Brandt further indicated that:
While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples. The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.
The major concern per the reports made is that people feared that Microsoft was opening the files and reading through them while this isn’t actually the case as highlighted by Twitter user @VessOnSecurity in the thread below who’s an anti-virus, malware and infosec expert.
So, Microsoft's scanner started detecting malware in password-protected ZIP archvies and people are losing their shit because they have no goddamn clue how anti-virus programs work.https://t.co/P0a5QFPrRX
Strap in, kids, because I'm in a lecturing mood. Thread:
— Vess (@VessOnSecurity) May 16, 2023
And while the new policy might have served as a dterrent to Brandt’s performance index at work, it will prove to be benefitial for the unsuspecting users that often end up with files rife with malware. Let us know what you think in the comments.
via Ars Technica