Researchers found ways to hide nasty software in generally utilized archival types that went undetected by antivirus. Many antivirus vendors have patched their applications to detect tampered archive file formats, like ".rar," and ".zip," said Tomislav Pericin, founder of commercial software safety project RLPack. Many business use "gateway" safety products that examine file attachments to see if they are nasty. Hackers found that compressing nasty files called "packing" can occasionally trip up safety products, though those products are much better now at that kind of detection.

But researchers displayed that by tampering with various archival formats, it is possible to evade those gateway products. That's unsafe, as end user may open attachment that permit a hacker to have remote access to PC. Many end users do run antivirus software, means that executable such as Conficker detected when it runs. But researchers found at least eight vulnerabilities in which safety products didn't catch bad files. Many affected vendors have deployed patches, Pericin said.

They have found at least 30 other possible vulnerabilities in safety products, but waiting for all sellers to compress patches to see if those problems persist, Pericin said. There are no inherent problems in archival file formats, and it possible to change those files, Pericin said.

Researchers displayed how it is probable to embed secret content in archive file. The method is called stenography, or way to write hidden messages known only to sender and recipient. There are two software tools that can put hidden messages into ".zip" files. Though, researchers out on Thursday a free, open-source tool that can spot both nasty software and hidden content in archival formats.