5

I tried to uncompress a zip file but I get error

“The compressed (zip) folder is invalid or corrupted”.

Is it possible to get virus just by trying to uncompress the zip? Can zip extension be manipulated so it is not actually a zip file but a virus?

newbie_user
  • 71

3 Answers3

8

As Hack-R said in his answer, Zip files can contain viruses.

You cannot get a virus just by single clicking on a Zip file. Edit: It is technically possible, if you have single clicking to run a shortcut enabled. See the paragraph below.

Double clicking is a different story. If it was a real Zip file and it does contain infected files, you would not be subject to getting a virus unless you tried to execute the infected file. For example lets say you have a Zip file containing a virus, called virus.exe. Double clicking the Zip file would not infect you, but double clicking the virus.exe (and therefore, executing virus.exe) could cause you to get the virus.

There is one other scenario that could be a factor. It is not uncommon for unscrupulous people to fake a Zip file. Lets take virus.exe again for the example. Rename the virus.exe file to virus.zip.exe and you have the default setting in Windows Explorer of hide extensions of known file types, it would appear the file is called virus.zip. An unsuspecting user would think the file is a Zip file, even if it had the wrong icon. Double clicking it would execute the virus infected file.

Keltari
  • 73,243
  • Explorer can be configured under Options to open using a single click rather than a double. – Robin Hood Oct 16 '14 at 06:28
  • 1
    @RobinHood That is true. However, I believe in all my years of IT, I have seen only 1 person use that option. – Keltari Oct 17 '14 at 17:14
  • 1
    Even the icon on the virus.zip.exe can be a correct Zip icon if the exe has its own icon that looks exactly as a Zip icon. That is, what you see in Windows is "virus.zip" (because Windows helpfully -- for the hackers of course -- hid the extension .exe) with a correct Zip icon (because Windows took it from the exe file itself and thus is lying to you as to the file's type). – Alexander Gelbukh May 06 '15 at 02:44
2

You can get 0wned by watching an image:

"Microsoft Windows GDI+ is vulnerable to a buffer overflow, caused by improper bounds checking. By persuading a victim open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with privileges of the victim."

reference: http://www.iss.net/security_center/reference/2114192.html

Code, executed with the same credentials that you as the users have. For example by using a browser or other builtin means to fetch data from the internets.

The same is true for other files-types. When you start a program (even that innocent looking unzip-program) and if that program is vulnerable for certain input .. then you might get whatever the attacker wants you to have.

That said: the chance is pretty low, allthough there is one.

akira
  • 62,099
1

.Zip and other compressed files can contain virii, trojans, and other malware -- in fact, it's rather common because putting the malware into a compressed archive is an easy way of bypassing your anti-virus/anti-malware software until the archive is decompressed.

Having said that, the error message you're showing si not a symptom of a virus or other malware. That's the standard error message you receive when a compressed archive is either corrupted (i.e. the file got damaged, such as if it's on a flash drive that was not ejected properly) or if it's incomplete (such as if an Internet download didn't fully complete).

Hack-R
  • 379
  • So I can get virus just by clicking filename.zip? I am not talking about uncompressing the zip and then clicking the file inside but just about clicking filename.zip.

    Can be error message also manipulated if somebody wanted to look like corrupted file while it is actually a virus?

     – newbie_user Oct 15 '14 at 16:26
  • You can't get a virus by (single) clicking the filename without uncompressing it because a single click only selects a file rather than running it. If you received that error message then you must have either double clicked or otherwise run an action on the compressed archive which is how you potentially could get a virus. The error message could be manipulated by the maker of the virus, however that is neither necessary nor common. Usually the virus-maker would store legitimate files in the archive along with the virus. – Hack-R Oct 15 '14 at 18:35