Incident Response, Malware, TDR

Threat of the month: files


What is it?

This old-style email executable attachment attack is still popular – even as part of some supposed APT attacks, as recently described by Mandiant in its report on the Chinese military unit APT1.

How does it work?

An attacker packages up standard executable malware, but embeds the them within a compressed .zip file so as to bypass default filters in applications like Microsoft Outlook. 

Should I be worried?

You should not be worried – if your company has implemented security best practices around email content filtering. However, many companies are not implementing these filtering best practices.

How can I prevent it?

You should be blocking incoming attachments that are related to executable content. Also, make sure that whichever email filtering system used can not only block certain extensions, but also has the ability to inspect “container files,” such as .zip compressed files and email message attachments with secondary embedded attachments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.