Dangerous Files in Archives (Zip/Rar)

TL;DR

Yes, dangerous files (viruses, trojans, malware) can cause harm even when hidden inside a zip or rar archive. Simply having the file isn’t enough to do damage – it needs to be extracted and executed. However, archives can trick you into doing just that. Always scan archives before opening them, and be cautious about where you download them from.

How Archives Can Be Dangerous

Zip and rar files are essentially containers. They don’t automatically run anything. The danger comes from what’s inside the container and how your system handles it when you open it.

Steps to Stay Safe

1. Understand the Risk: Archives can contain executable files (.exe, .bat, .scr), scripts (like JavaScript or VBScript), and documents with malicious macros. These are the usual culprits.
   • Executable Files: If you run one of these, it’s like running a program directly from the internet – very risky!
   • Scripts: These can also execute commands on your computer.
   • Macros: Found in Office documents (Word, Excel), macros are small programs that can automate tasks… or install malware.
2. Scan Before Opening: This is the most important step.
   • Use an Antivirus Program: A good antivirus will scan archives for known threats before you even open them. Make sure your antivirus definitions are up-to-date!
   • Online Scanners: If you don’t have antivirus, or want a second opinion, use online scanners like VirusTotal (https://www.virustotal.com/gui/home/upload). Upload the archive file to get it scanned by multiple engines.
3. Be Careful Where You Download From:
   • Trusted Sources Only: Only download archives from websites you trust completely. Avoid suspicious links in emails or on unfamiliar sites.
   • Check File Extensions: Be wary of files with double extensions (e.g., document.txt.exe). This is a common trick to disguise executables.
4. Extract Carefully:
   • Use Built-in Tools: Windows and macOS have built-in archive tools that are generally safer than third-party programs.
   • Avoid Double-Clicking: Don’t double-click on archives to open them if you’re unsure of their contents. Right-click, choose ‘Extract All…’, and then scan the extracted files.
5. Disable Macros (Office Documents):
   • Microsoft Office Settings: In Word, Excel, etc., go to File > Options > Trust Center > Trust Center Settings > Macro Settings. Set it to ‘Disable all macros with notification’ or ‘Disable all macros without notification’.

What if I accidentally opened a suspicious file?

If you think you’ve run a dangerous file:

• Disconnect from the Internet: This prevents the malware from communicating with its creators.
• Run a Full System Scan: Use your antivirus program to scan your entire computer.
• Consider Reinstalling Your Operating System: In severe cases, this might be the safest option to ensure complete removal of the malware.

Command Line Scanning (Advanced)

If you’re comfortable with the command line, you can use tools like clamscan (ClamAV antivirus) to scan archives.

clamscan -r archive.zip

This will recursively scan all files within archive.zip.