I recently advised someone to share (publish) a bunch of files by just posting a .zip somewhere, but realized this may look malicious to a recipient. This suspicion might be driven from Windows 95 or 98 era, where zip files were frequently associated with viruses (and even using Gmail in 2005 or so I remember naming a file from .zip to .piz so I could use email to store it...)
How have zip files been used as an attack vector?
- The simplest attack would be just compressing a malicious executable file (Windows, Mac, Linux, whatever) and hoping the user is unlucky enough to execute it, e.g. by double-clicking on it.
- Some media files can execute code upon reading it in certain OSes (I learned on Superuser just now).
- But it's also likely enough that a decompressor would have a memory bug in it that can lead to malicious content being executed.
Which of these have historically (in the last 20 years or so) been the reason .zip is seen as dangerous? Even sending a compressed malicious executable is a more difficult attack vector than it used to be, since OSes like Mac OS make it "annoying" for the user to execute an arbitrary downloaded file.