It seems as if email spammers have found a workaround to trick both the virus scanner and spam filters of Gmail.
I have got at least three different mails in my Gmail account today that carry virus attachments but they still managed to reach the inbox just like other regular mails.
Looking at the file name (mywifepics.zip), it was fairly obvious that the attachment is a virus and Windows Defender too helped confirm the same as some Win32/Wmfap exploit.
Why you get Virus Infected mails in Gmail
Now the reason why these infected zip attachments could trick Gmail so easily is because they were password protected and Gmail scanners cannot read contents of such files. What’s surprising though is that even the spam filters of Gmail failed to catch these messages.
If you get an email with a suspicious attachment, forward that to scan@virustotal.com to confirm if the file is a virus or not.
Related: How Spammers Bypass Gmail Spam Filters
Find this article at: http://www.labnol.org/internet/email/virus-in-gmail-due-to-password-protected-files/5696/
web: http://www.labnol.org/ email: amit@labnol.org
Reader Comments
Is this just with Gmail or is it a problem with every email service provider? I mean how can yahoo open password-protected documents.
Though one can understand if Hotmail opens that. They made that at Microsoft after all.
Written by Affan Laghari on 11.27.08
can virustotal scan the password protected files?
Written by Nagaraj Hubli on 11.27.08
nonsense
although it is possible for email providers to try every word in the email body as a password for the archive
Written by Cris on 11.28.08
@cris
if then it would take one year to deliver a loong mail (1 m when printed)
Written by somebody on 11.28.08
I add and send .EXE files (not viruses) in password protected archives to friends just because .EXE’s as a type of file are not allowed on a lot of email clients. If they cut that option too, what do I do next?!!!
Tip: work on your intelligence, don’t expect GMail to do everything for you :-)
Written by why? on 11.28.08
Amit,
Just wanted to tell you how a virus scanner works (I have a experience working in a email company). It works based on heuristics. It basically checks if a mail has this subject, this file-name as attachment. The content of the mail etc. No virus scanner need not unzip a file to actually scan.
I guess in this case it just happened that this virus is somehow missed the anti-virus solution used by gmail.
Written by Ravi on 11.28.08
To add to my previous comment, for example to detect the virus you have mentioned one heuristic is the body of the mail is “Hi !!! Zip PASS lsvlMklrs” and has an attachment mywifepics.zip.
Since viruses are sent automatically by a program (not by human) it uses some predefined patterns to construct the mail. You can even read about such patterns for different virus in norton/mcafee/trend micro webpage.
Written by Ravi on 11.28.08
not only gmail, there is not a single antivirus online/desktop which can able to scan thru password protected compressed files
Written by Rajesh Rana on 11.29.08
Security hole in Gmail. Last time I have blogged about a major security hole in Google Chrome. It seems like to every weapon of Google there are equivalent anti-weapon. But if google can’t read password protected attachment then allother mail will also have to face the same problem.
Written by Royal Blogger on 11.29.08
this case is with all the anti-virus system software, they cant get in encrupted or password protected files.
even if you wanna transfer file via new msn u must password protect when u wanna transfer torrent files.
Written by TechBot.net on 11.29.08
how can virus in password protected zip file affect your computer?
If it still affects, the antivirus system should be able to detect it.
Written by Suraj Shrestha on 12.02.08
WoW!!!!
So Windows Defender can hack your zip password!!!!!
Finally !!!
Thanks Microsoft!!!!!
…
Written by Riki on 12.05.08
Password-protected zip files can’t directly hurt your computer, but a lot of people are naive enough to unzip them and run what is inside.
Written by Aliza on 02.03.09