Security researchers have discovered flaws in common file formats, including
.zip, which can be used to sneak malware onto computers by evading antivirus
detection.
Eight vulnerabilities were found in .zip, supported by Microsoft Office,
along with seven others in the .7zip, .rar, .cab and .gzip file formats, said
Mario Vuksan, president of ReversingLabs Corp.
The vulnerabilities could be used by attackers to hide malware that could
then be slipped past antivirus software via an e-mail attachment and used to
compromise a computer, he said.
"The file goes straight through Gmail or Hotmail because it's a trusted
format," he added. "Antivirus software can't see the hidden payload. Once the
file is opened the payload (or malware) is on the system."
