Insecure Communication from WinZip 24 Lets Hackers Drop Malware

Posted by Geraldine Hunt on Tue, Dec 22nd, 2020

This year has been challenging in the world of cybersecurity. However, you can't blame all exploitable vulnerabilities this year on COVID. Every day, new security exposures are discovered that hackers and cybercriminals can take advantage of. An example of this was the recent discovery that WinZip 24 creates its own attack avenue that hackers can use to do a number of sinister things to your desktop. 

The WinZip application has been around for nearly 30 years, so one would presume the developers would have perfected the minimalization of its attack surface. We traditionally associate the process of running updates to an application as a way to shore up vulnerabilities.  In this case, it was the update process that created an opportunity for attackers.   This is but one more example concerning the futility that IT professionals can feel when it comes to protecting their enterprises.

An Insecure Connection Gives Hackers Open Reign

The issue with the long time popular file compression and archiver program has to do with the WinZip version 24.  For those who have the trial version, a popup appears from time to time to query the user to upgrade to the registered version.  The popup however is filled by HTTP that uses JavaScript, allowing an attacker on the local network to potentially modify the content that would appear to come from the WinZip servers as part of the download process.  This gives hackers the ability to implant rogue updates and drop malware onto unsuspecting users. 

Of course, the presence of a non-encrypted connection is the crux of the problem.  The HTTP connection means that plain text is sent, giving anyone on the local network the ability to see and capture the traffic.  Hackers can use attack methods such as DNS poisoning to manipulate the program to download malware-infected files during the update process.  In addition, a hacker can hijack the session and capture sensitive information such as username and registration code for registered editions.  In addition, clear text communication is conducted on a periodic basis that initiates additional popups in order to alert users as to how much time is left for their free trial versions.

The Recommended Fix

The current security alert exists only for WinZip version 24.  Unfortunately, the discovered vulnerabilities might reside on older versions as well.  The most secure way to eliminate this attack avenue is to upgrade to version 25 which no longer allows unencrypted connections.  For those who don’t want to allocate the required funds to do so, users are advised to interrupt any update scans and disable update checks altogether which will prevent the application from querying the WinZip servers.

Securing Your Enterprise

The WinZip vulnerability is but one of many security flaws that are discovered each and every day.  The scary thought is that there are thousands of undiscovered vulnerabilities and zero-day attacks out there, some of which undoubtedly reside within your enterprise.  While you may have no control concerning the programming code that resides in your applications, you can prevent hackers from accessing your network and taking advantage of these security holes.  The two primary methods that hackers use to gain a foothold within your network is through phishing attacks and the Internet.  They then use these beachheads to take advantage of known vulnerabilities.  This is why a robust email security filtering along with web content filtering is so important today.  TitanHQ offers cloud based solutions for both of these needs that are ideally suited for today’s hybrid and remote work architectures.  SpamTitan not only provides intelligence based spam filtering, but also eradicates viruses, malware, ransomware and zero-day attacks using a variety of next generation tools such as double antivirus protection, real time blacklists and sandboxing.  WebTitan is designed to combat even zero-minute attacks through the implementation of malicious detection services.  Both solutions are highly scalable and redundant, ensuring that your enterprise users are protected 24x7. 

Unfortunately, there is no universal vaccine for security flaws, which is why you need a well designed multi-level security strategies comprised of the best tools out there.  Contact TitanHQ today to find out how we can help.

You might be interested in reading our  IT Pros Guide to Layered Security – Protecting Your Company’s Data.