New attack method uses .ISO and .TAR files to evade security warnings


Originally published at:

Cybercriminals distribute emails with files attached in a specific Linux/Unix compressed file format. By using that format they are able to bypass Windows security warnings and infect systems with malware. The attack was discovered by Belgian security researcher Didier Stevens.


It sounds to me like ISOs, tarballs, and other file archives (or things that could theoretically function as file archives) are a way to get around the NTFS alternate streams associated with downloaded files. I personally never would have thought to do that, and instead I would have told users to ignore the warnings (since many malware-based scams are targeted toward dumb users anyway).