KnowBe4 Security Awareness Training Blog

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways

Written by Stu Sjouwerman | Nov 8, 2019 12:00:00 PM

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT.

Every ZIP archive contains a special structure that contains the compressed data and information about the compressed files. Each ZIP archive also contains a single "End of Central Directoryā€¯ (EOCD) record, which is used to indicate the end of the archive structure.

In a new spam campaign discovered by TrustWave, researchers encountered a spam email pretending to be shipping information from an Export Operation Specialist of USCO Logistics.

Continued: https://www.bleepingcomputer.com/news/security/specially-crafted-zip-files-used-to-bypass-secure-email-gateways/