Uncategorized

Block TAR Files

A recent vulnerability was reported involving TAR files. TAR is short for tape archive. It’s used, similar to .zip files (similar but not the same) to store multiple files as a single file and is used mostly in Unix or Linux environments.

On a Windows machine, TAR files can be opened using a common piece of software, WinZip. Normally, when a file is downloaded from the Internet, metadata is attached to that file indicating it was downloaded from the Internet. As such, if the file is an executable, Windows will display a warning when the file is clicked and run.

The problem is that when a TAR file is downloaded, the metadata is attached to the TAR file instead of the individual files within it. And since the TAR file isn’t executing anything, a warning is not shown when opening the TAR file; likewise, since the individual files within the TAR file do not have the downloaded from the Internet metadata, Windows does not show a warning when these files are executed thus giving hackers an opening to execute code without prompting the user with a warning message.

If you are a bank or company in a Windows environment, we recommend blocking all TAR files to eliminate this vulnerability.

Author

This article was written by Kaushal Kothari, President of Secure Guard Consulting, LLC, a cybersecurity / IT audit and consulting company. Kaushal is a former FDIC IT examination analyst and certified ethical hacker with 15+ years of experience in the technology field.