Cloud Services by Microsoft now scan the contents of password-protected zip archives for malicious software.
Archiving files in zip format has long been used by malicious actors to conceal viruses distributed over the Internet. However, Microsoft seems to have found a way to bypass this protection and scan files for malware.
While some users had suspected this, it came as a surprise to security researcher Andrew Brandt. He had been archiving malware in password-protected zip files for a long time, exchanging them with colleagues via SharePoint.
Recently, he noticed that Microsoft’s tool flagged one of his zip files as potentially malicious, even though the archive was password-protected.
Brandt expressed concerns that such a practice could hinder the work of security professionals. After all, it is important for them to be able to share samples of malware with each other.
Moreover, despite the potential benefits of this approach in fighting viruses, Microsoft’s method may be perceived as an invasion of users’ privacy. Active decryption of password-protected archives can be seen as a violation of privacy.