Microsoft's cloud services are scanning password protected ZIP archives
Microsoft cloud services, including OneDrive and SharePoint, have started to scan password protected ZIP archives that users upload or share using these services.
Internet users have a number of options when it comes to hosting files online or sharing them. Archive formats, such as ZIP or RAR, are popular options when it comes to the hosting or sharing of multiple files that belong together.
Cyber criminals have long used archive formats to distribute malware. Since most antivirus solutions scan unprotected archives for malware, they have started to password protect the archives instead. While that means getting potential victims to type the password to unlock the archive, it blocks many antivirus engines from checking the archive's contents.
Security researcher Andrew Brandt revealed on Monday that Microsoft started to scan password protected zip archives on SharePoint. He noticed that Microsoft started to flag some of his uploaded malware samples, contained in password protected zip archives, as malware.
Brandt used Sharepoint for the sharing of malware samples with colleagues. Fellow security researcher Kevin Beaumont replied, stating that Microsoft was using a list of known passwords to try and access password protected archives for scanning. The company also scans bodies of emails or the names of files to detect passwords, which its scanners may use to unlock the archives.
Microsoft scans password protected zip archives in all of its cloud services. In other words: users who share password protected ZIP archives with others will have these scanned if they a) use a common password or b) share the password in the filename or attached message.
Protecting files against scanning
Microsoft customers who do not want some of their files scanned by Microsoft may switch to different formats or better encryption. The open source program 7-Zip, for example, supports AES-256 encryption. Selecting an uncommon password for the archive and not sharing it in the filename protects its contents from being scanned by Microsoft.
Another option may be to use a different host for important files, but some may flag password protected files or block users from sending them in the first place.
Some, or even most, Microsoft customers may not object to the scanning of password protected archives that are shared with them for malware checking purposes. Most might not want their own files to be scanned, though.
The good old saying that files stored in the cloud should be considered accessible by others still holds, even though strong password protection may help protect files from being accessed for now.
Cyber criminals will likely adjust their strategies going forward as well.
Now You: do you use cloud services to store files?