Trend Micro has detected a worm, WORM_PIZZER.A that creates copies of itself even on password-protected archived files using a WINRAR command line.
The worm claimed to spread using a particular WINRAR command line, which when executed allows it to create copy of itself in archived files in including .ZIP, .RAR and .RAR FX files.
Trend Micro revealed that the worm uses similar technique as of WORM_PROLACO variants that were discovered in 2010 and had the ability to archive some .EXE files along with a copy of itself.
Once the archived files are extracted, the users are likely to execute the malware stored along with the other files making the system vulnerable.
Trend Micro however said that the worm does not harvest passwords from the archive files.
The company said that the first half of the year 2013 witnessed dated threats like ZBOT, CARBERP, and GAMARUE that are using new techniques to skip detection or stealthily enter into user’s system without being noticed.
The report also revealed that the protective measures offered by the archived files provide good cover for these worms to enter the systems as the users are complacent in extracting and executing the files.