Don’t Click on That: Infected Zip Files are Invading Email Again

What's Hot

23 Upgrades Under $50 to Make Your House Look AwesomeAround The House

Trump Worth $10 Billion Less Than If He’d Simply Invested in Index FundsBusiness

Do This or Your iPhone Bill May SkyrocketSave

11 Places in the World Where You Can Afford to Retire in StyleMore

19 Moves That Will Help You Retire Early and in StyleFamily

What You Need to Know for 2017 Obamacare EnrollmentFamily

8 Things Rich People Buy That Make Them Look DumbAround The House

50 Ways to Make a Fast $50 (or Lots More)Grow

32 of the Highest-Paid American SpeakersMake

The 35 Two-Year Colleges That Produce the Highest EarnersCollege

5 DIY Ways to Make Your Car Smell GreatCars

Amazon Prime No Longer Pledges Free 2-Day Shipping on All ItemsMore

More Caffeine Means Less Dementia for WomenFamily

7 Household Hacks That Save You CashAround The House

5 Reasons a Roth IRA Should Be Part of Your Retirement PlanGrow

30 Awesome Things to Do in RetirementCollege

Beware These 10 Retail Sales Tricks That Get You to Spend MoreMore

Just when you've turned your attention to a new cyberthreat, an old one has resurfaced. Don't be caught by surprise.

You’re busy, so I’ll say this fast and loud: DON’T OPEN UNEXPECTED ZIP FILES THAT ARRIVE AS EMAIL ATTACHMENTS. Suddenly, there are a lot of them around.

That advice is nearly as old as email, but as they say, everything old is new again. And the internet is newly awash in spam sending out booby-trapped zip file attachments. My inbox has seen a steady trickle of the stuff for the past couple of months, but I didn’t think much of it until I chatted with Sophos Chief Technology Officer Joe Levy this week. Zip archives that contain malicious JavaScript files are on the rise, he said.

Users who fall for the trick and decompress a zip attachment by clicking on it don’t see an executable file — but rather a .js file or similar — and run the code. The two-step technique is obviously working for criminals.

Sophos data show a dramatic rise in zip-javascript spam. In fact, it shows zip files with poisonous javascript have pretty much completely replaced Office attachments (infected Word documents or spreadsheets) as the attack technique preferred by spammers. So if you’ve received spam recently, you’ve probably received an infected zip attachment.

The emails arrive in typical fashion. One promised me a “confirmation letter.” A more clever version offered a travel expense sheet. The most believable says “voice message from outside caller.”

Why is it back?

Well-configured spam and security software should protect organizations from this attack. So why are spammers suddenly adopting the technique again?

“As long as your organization’s network is administered correctly, there’s no real chance of infection.  Which begs a question.  Why do we still see this malspam [malicious spam] every day?” writes SANS on an analysis of the attack. “The answer? We assume enough people get infected, so sending .js malspam is profitable for the criminals behind this operation. Why else would we still see it?”

Akin to the IRS scam, which just keeps working and working, infected zip attachments are popping up all over because they work.

You can see a lot more examples of the spam at that SANS link, but here’s the other essentials from their analysis:

  • This malspam appears to target Windows computers.
  • The extracted file is Javascript-based, and the infection requires user action.
  • The user must open the zip attachment, extract the .js file, and manually run the .js file.
  • A properly administered Windows host using software restriction policies should prevent an infection.

Again, zip attachments are hardly new. And even this particular version of attack isn’t that new — the SANS analysis was from last year.

But here’s an important lesson about digital security I learned from Bruce Schneier many years ago. Attacks move in awareness cycles. There’s a new attack (Click on this attachment!) that works. Bad guys copycat it. It works on a large scale. Then consumers become painfully aware of it, learn their lesson, and stop clicking. The technique becomes exhausted, and bad guys move on. People forget about it and let their guard down. Then, a bad guy rediscovers the attack, tries it, and it works. And the cycle begins again.

That’s where we are with zip files, it would seem.

So if you would never fall for the zip file attack, good for you. I promise you know someone who will. So now is the time to offer a gentle reminder: Nothing good ever comes from unexpected zip files.

More from Bob Sullivan:

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: 9 Ways to Prepare Yourself for the Next Recession

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,728 more deals!