Blog / ZIP It!

Except sharing in her classroom turned out to be a bad idea.  She taught Social Studies and we were starting to learn about English history as it pertained to the early development of Canada –  Upper Canada, Sir John A. Macdonald, and the like. I had some views about the English meddling in the affairs of a young Canada.  You guessed it – Big Mouth meets Sewer Mouth. I was told –  among other phrases – to ZIP It David!

Of course ZIP in computer-speak means a file format that is a compressed Archive of one or more files. ZIP files are a convenient way of making multiple files smaller (through compression) to transport or send as Email attachments.  The format has been around for years. Windows 7 and 10 have the ability to create ZIP Archives built into the operating system.

But ZIP files are also a way to hide viruses and malware.  The act of opening a ZIP Archive can release a virus into the computer and network. Thus, we block the ZIP file format in our Managed Email Gateway service and remove ZIP attachments from Emails before sending them to the client’s Email server. Our techs often get asked why we block ZIP files, so our IT ManagerBindu Kumar – wrote an explanation about the Email attachments, malware, and good Email protection practices that I want to share with you.  Bindu writes:

A lot of email attachments are sent as a .zip file, either to save space via compression or to bundle more than one document in a single attachment. Unfortunately, zip files are also used a lot by hackers, to deliver malware via embedded macros in documents or executable (exe) files. If you are using Trinus as an email gateway, our email filter will block files with the .zip extension. You may ask us to exempt certain email addresses from this filter. Blocked files may also be released from quarantine provided they are requested no more than 24 hours after they were sent. The release of the files is a manual process and may not be very timely for you.
 
Malware attack via an email attachment:
 
End-user opens an attachment. The contents of the attachment are mostly, but not limited to, Microsoft Office files and in some cases, PDF documents. Most of these documents contain embedded macros that will execute a code in the background to install the malware on your computer. By default, your computer will disable macros on any documents received from the Internet and via email, and will warn the user about this. However, most users ignore this warning and enable the macros by clicking on “Enable Editing”. If you do that, you will have opened the doors for the malware to infect not just your files but on the network as well. Some attachments are disguised as documents but are executable or exe files which will install the malware as soon as the file is opened.
 
The more prevalent form of malware right now is ransomware. So called as it encrypts the user’s files and any other files it has access to on the network, then demands a payment in the form of Bitcoins (Digital currency) in return for a decryption key. If the “ransom” is not paid in time, the files cannot be decrypted and therefore lost forever unless they can be recovered from a backup. We have seen several instances of ransomware infections in the last 12-18 months and it is getting more aggressive.
 
Good antivirus software and secure firewalls do offer considerable protection against malware but following some good common sense practices when dealing with email can save you a whole lot of trouble:
  • Look at the sender’s email address very carefully. Hackers and spammers will disguise the email address to make it look as if it’s coming from your own domain – jsmith@domain.com can look quite similar to jsmith@donain.com
  • Attachments – If you are not sure about the contents or the origin of the email, email the sender to verify what was sent. Even emails form known sources can be compromised if the sender’s computer has been infected or the email account hacked.
  • Do not click on any hyperlinks or respond to any requests for personal information. Hyperlinks can be used to direct you to a compromised or infected website which in turn can infect your computer and other devices on the network.
  • Beware of ‘phishing’ emails. These often look like they’ve come from a bank or similar institution and usually ask you to click a link to verify your identity. These emails are never genuine and should always be deleted.
  • Do not use your corporate email addresses for subscriptions etc., if you can avoid it.
  • Make sure that you have antivirus software installed and keep it up to date.
  • Do not reply to spam or forward chain emails.
Of course, old habits die hard, and so changing your day-to-day work habits might take some effort. But your efforts will be rewarded by insuring you do the utmost to protect yourself from viruses attached to Emails.

If you need more information about Email attachments or how to protect business Email with a Managed Email Gateway service, please contact your Primary Tech or me.

And if you tell me to ZIP It, I’ll assume you want to send you some files in a compressed format – right?

Thanks
Dave White