Google tweaking Gmail malware scanner to unblock research routes

News
By published

But the search giant says it's not malicious

Security
STOP! In the name of research

Google is apparently changing its practice of how it scans Gmail attachments following a security researcher's failed attempt at sharing information with another researcher.

Detail the issue in his blog, digital forensics expert Brian Baskin attempted to email malware binary samples to a colleague, apparently a common practice used to gauge opinion.

The standard practice for doing this type of exchange is to compress the malware sample within a ZIP file and give it a password of 'infected'. This stops an ordinary person from obtaining the file and accidentally running it, as automated antivirus systems cannot detect the malware and prevent it from being sent.

However, it seems that Google's scan has become more rigid and Baskin said that GMail registered a Virus Alert on the attachment.

Guesswork

Theoretically, only way Google's scan could realise that there was a virus contained in the zip file was by password cracking each ZIP file it received.

Baskin reckons that Google is now attempting to guess the password to ZIP files, using the password of 'infected'. If it succeeds, it extracts the contents and scans them for malware. Baskin tested his theory with the list of the 25 most common passwords, created a new email, and attached all of the files.

Only the ZIP file with a password of 'infected' was scanned, suggesting that Google likely is not using a sizable word list, but it is targeting the password of 'infected'. This was confirmed by the company in a reply to the blog post.

'Not malicious'

In his response, Alex Petit-Biano, a software engineer at Google wrote that the scanning was not intentional, and that issue was caused by a third-party AV engine used by GMail designed to automatically open ZIP files with a password of 'infected'.

He wrote: "To protect our users from downloading malicious files, we use a combination of third party antivirus software and internal virus scanning solutions to detect whether or not attachments or other downloadable files may be harmful.

"Your post alerted us to the fact that one of our third party software components was checking for encryption using 'infected.' as a password. As a result, it decrypted a limited set of zipped payloads in attempts to search for malware. We're currently working on disabling that feature and appreciate you bringing it to our attention."

TOPICS
Nick Farrell
Latest in Security
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
A digital representation of blockchain.
Malicious npm packages use devious backdoors to target users
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Latest in News
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Nintendo Switch 2
The Nintendo Switch 2 pre-order date has seemingly been confirmed by Best Buy Canada – here's when you'll be able to order yours
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
More about security
A digital representation of blockchain.

Malicious npm packages use devious backdoors to target users
China

Notorious Chinese hackers FamousSparrow allegedly target US financial firms
1More Sonoflow Pro HQ51 on block against pink background

I tested these 1More headphones and I’m convinced they’re some of the best cheap cans money can buy
See more latest
Most Popular
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
A digital representation of blockchain.
Malicious npm packages use devious backdoors to target users
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 28 (game #1159)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 28 (game #390)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 28 (game #656)
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Kelsey Asbille as Monica Long and Luke Grimes as Kacey Dutton embrace in Yellowstone season 5, part 2
Taylor Sheridan’s Yellowstone universe is expanding outside of Paramount+ again with another spin-off reportedly in the works
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
The Backbone One Xbox Edition.
I'm not waiting for a dedicated Xbox handheld any longer thanks to the new Backbone One: Xbox Edition