Specially Crafted ZIP Files Used to Bypass Secure Email Gateways

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT.

Every ZIP archive contains a special structure that contains the compressed data and information about the compressed files. Each ZIP archive also contains a single "End of Central Directory” (EOCD) record, which is used to indicate the end of the archive structure.

In a new spam campaign discovered by TrustWave, researchers encountered a spam email pretending to be shipping information from an Export Operation Specialist of USCO Logistics.

Continued: https://www.bleepingcomputer.com/news/security/specially-crafted-zip-files-used-to-bypass-secure-email-gateways/