About 99% of my email is spam, and of the hundreds I get, these days many have an attached ZIP file. The file names are typically ls.zip and vs.zip, and contain HTML code for a Web site in China. (ZIP files contain one or more other files, and are compressed to save file space.)
I wondered why Chinese spammers are sending ZIP files. Spammers target the typical low-level computer user, who wouldn't know what to do with a ZIP file. Then today it struck me: Vista users.
Vista opens ZIP files as if they were folders. One click, and the content is revealed. Another click, and the malware is active. It is the mistake that Microsoft makes over and over again: by adding a convenience feature, the convicted monopolist makes vulnerable the data on its customers' computers. (Microsoft even screwed up a simple task as extracting ZIP files: Vista does so painfully slowly that one thinks one's computer is a single-floppy 8088 model from 1983.)
Why hasn't Microsoft been sued out of existence for its security foul ups? The nightmare list includes embedded VBA macros in documents, automatic ActiveX downloads, hidden file extensions, automatic software updates, and the blurring of the difference between computer and Internet. These convenience features have created much grief, lost time, and damaged files over the last decade. This new vulnerability -- treating ZIP files as folders -- is another.
How to examine the ZIP files safely:
1. Open the .zip file with WinZip.
2. Drag the contents into Notepad for viewing.
In the case of this Chinese spam attack, the contents are HTML files. Use an HTML editor to safely view the content. Don't click on any links.
Comments