Zip files behaving badly

Published on Friday 27th June, 2008 (AEST)

With malware becoming so prevalent, we can be quick to blame it for any abnormal behaviour.

I looked at a system today that had all the telltale signs of a malware infection. The user said she had downloaded an app from a dodgy downloads site and when she tried to install it, the screen would start flashing and the system would hang. Naturally, I scanned the system for viruses and malware, and suggested she didn’t try installing it again. Later, she downloaded a hotfix for a legitimate application and when she tried to install it, it did the same thing. Flashing screen, reboot required.

So, I took another look at it, and found this would happen whenever she tried to open a zip file. Furthermore, iexplore.exe would start thrashing the CPU when it happened. I checked the file association settings for zip files, and sure enough .zip files were set to be opened by Internet Explorer rather than XP's inbuilt "Compressed (Zipped) Folder" function. After a quick change, the system was back to normal.

It was a good reminder not to be too quick to point the finger at malware if a system begins acting strangely.

Save to del.icio.us Digg this Submit to StumbleUpon