First Security Product To Block Encrypted Zip File Viruses at The Gateway
Network Box, an Internet security vendor, today announced an industry first: gateway-level anti-virus protection to scan inside password-protected Zip files. This blocks a technique used by the Bagle virus to infect the computers of unsuspecting users.
By blocking the infected Zip files at the gateway to the network, viruses are stopped before they enter a company’s IT systems, rather than having to trust that desktop anti-virus protection can catch them once they’re inside.
While it has become common to place anti-virus protection at the Internet gateway or the ISP (Internet Service Provider), these systems have not previously been able to scan inside encrypted content.
Recently, the I-Worm.Bagle.h and I-Worm.Bagle.i viruses cleverly exploited this vulnerability by distributing copies of themselves in password-protected Zip archive files. As the viral content is encrypted, the anti-virus software running at the gateway cannot scan inside and see it. The password is provided in the email, allowing a user to decrypt the Zip file.
“This is like having the world’s best airport X-ray scanner but letting passengers use lead-lined luggage,” said Simon Heron, managing director of Network Box (UK). “The success of Bagle has shown that users are still not heeding advice to avoid opening executable attachments without being sure of their source. Our Zip file protection adds a much-needed defence against this latest ploy from virus writers.”
As the Network Box appliance is remotely-managed by the company, all of its UK customers will be automatically updated with this new level of protection by Friday (5th).
Network Box can already configure its appliances to quarantine any encrypted Zip files where the password is not present in the same email. This will provide an extra level of protection, in case virus writers try sending the passwords on separate emails in the future. Further developments are pending and will be implemented as they become available.
About Network Box:
Network Box (www.network-box.co.uk) provides small and medium sized businesses with affordable, simple and effective protection against Internet threats. It integrates a full range of protection technologies into a single package; including virus and Spam protection, a firewall, content filtering, VPN support for remote access, and intrusion detection and prevention. The device is continuously maintained and updated to provide high levels of protection, without requiring user intervention or configuration.