In the old days (and hopefully still today), malware researchers used to securely encrypt their virus collections using a tool like PGP to make sure that it didn’t fall into the wrong hands en route, and could only be decrypted by the person to whom they intended to send it.
Today, however, it’s not uncommon for an anti-virus company to ask a customer who thinks they have a malware-infected file or a false alarm to send it into their labs or support team, zipping it up with a password of ‘infected’.
The reason why a security firm’s team might ask you to submit a sample in a password-encrypted ZIP file is so that no anti-virus protection between your computer and theirs intercepts the file transfer, determines it is malicious and blocks its delivery.
More often than not the same password is used: “infected”. It doesn’t really matter that the password is a dictionary word, or easily guessed. The point is to prevent any automated systems from looking at it.
However, that choice of password may have to be reconsider if security researcher Brian Baskin is correct.
Baskin has blogged that he recently discovered his attempts to share password-protected ZIP files containing malware samples have failed.
The common factor? Baskin uses the password “infected” and the Gmail webmail service.
It doesn’t appear that Google is cracking every password-protected ZIP file (which would send shivers down the spines of those of us who are privacy conscious), but instead that it has hardcoded the ability to try the password “infected” on ZIP files.
Quite what the reason is for that is anyone’s guess.
But maybe it’s time to use a different password when submitting your samples to security companies.