It is important to stress that the problem with infected password protected zip files is only manifest with gateway scanners. On client computers with up-to-date AV protection, the worm is detected once the user provides the password and decompresses/decrypts the zip file. This fact provides a graphic example why it is important to implement defense in-depth on all layers of your IT infrastructure.
In addition, a gateway antivirus solution should have the possibility of handling scanning exceptions, such as is the case when a password protected file is unable to be scanned.
Lastly, this incident has once again demonstrated at what lengths users will go to open an infected e-mail attachment. If anyone thought a password protected zip would thwart the distribution potential of malware, the latest Bagle variant has proven the contrary.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.