Author: Jonathan Language: text
Description: Kaspersky's 7zip file Timestamp: 2017-11-07 12:39:57 +0000
View raw paste Reply
  1. Message: I certainly have no idea whether Kaspersky's story as to why they have NSA documents is valid or not, and I agree that a 7zip file by itself isn't going to be particularly malicious. However, a 7zip file could hold a payload for malicious software, or it could contain a malicious exe file - or even be an exe file that was renamed in an attempt to disguise it. You could even have a 7zip file containing only documents but where the documents are written to be read by a malicious program as instructions.
  3. In none of those scenarios is the 7zip file directly runnable as a malicious program, but it could be used in conjunction with something else to then be malicious. So, I don't think that it's out of the question that anti-virus software would consider a 7zip file to be potentially malicious and worth examination - especially when malware authors are doing whatever they can to hide their malware from software that detects malware.
View raw paste Reply