|How do you perform on a test that probes your vulnerability to a virus hidden in a zipped file? |
How are we testing?:
This test downloads a benign file containing an EICAR virus test file that is zipped multiple times. The test file is zipped using standard archivers and contains multiple benign files combined with the EICAR virus. The download is terminated if the inline network security allows most of the file.
Why is this test important?:
Criminals have gotten more creative in devising methods to deliver their virus payloads such as using compressed files. Unzipping takes computational power and that can slow traffic down so many network-based security systems are set to ignore multi-level archives and will only check one level of zipped files or even to skip zipped files altogether.
Are you protected against simple evasion techniques?
Security threats can compromise even Internet giants. In one example, Facebook discovered the 'Lecpetex' botnet on 250,000 PCs and 50,000 Facebook accounts; it was created from viruses contained in zipped files spread across Europe and US.Source
|In the News:|
22 Jun 2017
The WannaCry worm is still alive. Honda said this week that it was forced to halt production for one day at its Sayama plant near Tokyo after finding the WannaCry ransomware in its computer network. This virus is the same one that infected over one ...
20 Jun 2017
The virus is called Industroyer, also known as “Crash Override,” and targets computers that control electrical substations and circuit breakers. ... While the executive order is a good start, more action to protect the grid from cyber threats needs to ...
14 Jun 2017
The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which ...