Is it safe to click on zip or rar file?

A well known trick will be to disguise a PE or Executable program into an another file, a PDF or an archive for example.

Since most of people rely on the file's icon or extention, it works pretty well on common users.

For instance we (the sec folks) disguised a PE file as a pdf (which was actually a vbs file) named im_now_a_daddy_guyz!.pdf.vbs and send it via email to all the company employees, explaining in the mail body how our complice is happy and wanted to share the news.

87% of the company's employees opened it, the following popup showed up on their screen What if i told you, i could be a real Malware. It was in the scope of a security awareness program.

So yes be careful when running files.

If you want to learn how to prevent this, and by the same, how to trust a file before running it, please read this page, start at the Is it fake or real? part.

Feel free to read the whole article (the 5 parts) It's well written and accessible to anyone who knows how to type things with a keyboard. This article should teach some basic knowledge about the Malware reverse engineering field.

Have fun.


Yes, there's risk associated with that. If the tool you use to open the archive has vulnerabilities in it, it's possible that parsing a malicious zip or rar file could allow an attacker to exploit the vulnerability.

WinZip has had a few bugs over the years, for example: https://www.cvedetails.com/vulnerability-list/vendor_id-787/Winzip.html

All that being said, the risks are probably pretty small. Nothing is without risk.

Tags:

Zip

Malware