Marc Maiffret, CTO, BeyondTrust
May 01, 2013
Threat of the month

Threat of the month: pdf.exe.zip files

Threat of the month: pdf.exe.zip files
Threat of the month: pdf.exe.zip files

What is it?

This old-style email executable attachment attack is still popular – even as part of some supposed APT attacks, as recently described by Mandiant in its report on the Chinese military unit APT1.

How does it work?

An attacker packages up standard executable malware, but embeds the them within a compressed .zip file so as to bypass default filters in applications like Microsoft Outlook. 

Should I be worried?

You should not be worried – if your company has implemented security best practices around email content filtering. However, many companies are not implementing these filtering best practices.

How can I prevent it?

You should be blocking incoming attachments that are related to executable content. Also, make sure that whichever email filtering system used can not only block certain extensions, but also has the ability to inspect “container files,” such as .zip compressed files and email message attachments with secondary embedded attachments.

From the May 2013 Issue of SCMagazine »
Related Articles
Related Topics

More in Threat of the Month

Threat of the month: Universal Plug and Play vulnerabilities

Threat of the month: Universal Plug and Play ...

April's "threat of the month" are Universal Plug and Play (UPnP) vulnerabilities, which allow attackers to execute arbitrary code.

Threat of the month: IE exploits

Threat of the month: IE exploits

IE exploits, a zero-day vulnerability that affects various Internet Explorer versions, are February's "Threat of the month."

Threat of the month: Virtualized application vulnerabilities

Threat of the month: Virtualized application vulnerabilities

The first "Threat of the Month" for 2013 are virtualized application vulnerabilities.