Don’t Click on That: Infected Zip Files are Invading Email Again

Photo by enzezo / Shutterstock.com

You’re busy, so I’ll say this fast and loud: DON’T OPEN UNEXPECTED ZIP FILES THAT ARRIVE AS EMAIL ATTACHMENTS. Suddenly, there are a lot of them around.

That advice is nearly as old as email, but as they say, everything old is new again. And the internet is newly awash in spam sending out booby-trapped zip file attachments. My inbox has seen a steady trickle of the stuff for the past couple of months, but I didn’t think much of it until I chatted with Sophos Chief Technology Officer Joe Levy this week. Zip archives that contain malicious JavaScript files are on the rise, he said.

Users who fall for the trick and decompress a zip attachment by clicking on it don’t see an executable file — but rather a .js file or similar — and run the code. The two-step technique is obviously working for criminals.

Sophos data show a dramatic rise in zip-javascript spam. In fact, it shows zip files with poisonous javascript have pretty much completely replaced Office attachments (infected Word documents or spreadsheets) as the attack technique preferred by spammers. So if you’ve received spam recently, you’ve probably received an infected zip attachment.

The emails arrive in typical fashion. One promised me a “confirmation letter.” A more clever version offered a travel expense sheet. The most believable says “voice message from outside caller.”

Why is it back?

Well-configured spam and security software should protect organizations from this attack. So why are spammers suddenly adopting the technique again?

“As long as your organization’s network is administered correctly, there’s no real chance of infection. Which begs a question. Why do we still see this malspam [malicious spam] every day?” writes SANS on an analysis of the attack. “The answer? We assume enough people get infected, so sending .js malspam is profitable for the criminals behind this operation. Why else would we still see it?”

Akin to the IRS scam, which just keeps working and working, infected zip attachments are popping up all over because they work.

You can see a lot more examples of the spam at that SANS link, but here’s the other essentials from their analysis:

  • This malspam appears to target Windows computers.
  • The extracted file is Javascript-based, and the infection requires user action.
  • The user must open the zip attachment, extract the .js file, and manually run the .js file.
  • A properly administered Windows host using software restriction policies should prevent an infection.

Again, zip attachments are hardly new. And even this particular version of attack isn’t that new — the SANS analysis was from last year.

But here’s an important lesson about digital security I learned from Bruce Schneier many years ago. Attacks move in awareness cycles. There’s a new attack (Click on this attachment!) that works. Bad guys copycat it. It works on a large scale. Then consumers become painfully aware of it, learn their lesson, and stop clicking. The technique becomes exhausted, and bad guys move on. People forget about it and let their guard down. Then, a bad guy rediscovers the attack, tries it, and it works. And the cycle begins again.

That’s where we are with zip files, it would seem.

So if you would never fall for the zip file attack, good for you. I promise you know someone who will. So now is the time to offer a gentle reminder: Nothing good ever comes from unexpected zip files.

More from Bob Sullivan:

Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.

Read Next
9 Products That Will Organize Your Home for Under $45
9 Products That Will Organize Your Home for Under $45

These clever Amazon finds can help transform a messy nest into the pristine home of your dreams.

Here’s the Average Retirement Age in Your State
Here’s the Average Retirement Age in Your State

Are you on track to retire at the same age as most residents of your state?

10 U.S. Jobs That Are Disappearing Fastest
10 U.S. Jobs That Are Disappearing Fastest

Think twice before pursuing these shrinking occupations.

The 2 Biggest Retirement Fears of Baby Boomers
The 2 Biggest Retirement Fears of Baby Boomers

Boomers have a lot of worries as they age, but two stand out.

How to Buy a Refrigerator, Step by Step
How to Buy a Refrigerator, Step by Step

Here’s how I got the perfect appliance at the perfect price.

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Most Popular
7 Kirkland Signature Items to Avoid at Costco
7 Kirkland Signature Items to Avoid at Costco

Even if it seems you save a bundle buying Costco’s Kirkland Signature brand products, they may not be the bargain they appear to be.

How to Buy Gas At Costco Without a Membership
How to Buy Gas At Costco Without a Membership

The warehouse club often has some of the cheapest gas in town. Here’s how you can get it as a nonmember.

10 Things to Stop Buying If You Want a Clutter-Free Home
10 Things to Stop Buying If You Want a Clutter-Free Home

If you like to keep things simple, avoid these purchases.

If You Find This Thrift Shopping, Buy It
If You Find This Thrift Shopping, Buy It

Vacuums from this brand can last a half-century, if not longer — and they’re hot on the resale market.

A Simple Way to Silence Robocalls Today
A Simple Way to Silence Robocalls Today

A few steps can keep your phone from ringing when a spammer calls.

This Company Makes the Best Tires in America
This Company Makes the Best Tires in America

Driver satisfaction with tires is at an all-time high, but one brand stands out.

This Health Issue Can Hint at Dementia Years in Advance
This Health Issue Can Hint at Dementia Years in Advance

One type of pain is especially associated with cognitive decline.

Can I Switch to Spousal Social Security Benefits When My Ex Dies?
Can I Switch to Spousal Social Security Benefits When My Ex Dies?

Knowing when to claim can help you maximize benefits.

36 Things That Will Be Obsolete Soon
36 Things That Will Be Obsolete Soon

The writing is on the wall for dozens of things we have grown up with.

Medicare Will Not Cover These 6 Medical Costs
Medicare Will Not Cover These 6 Medical Costs

Don’t let these health care expenses catch you off guard in retirement.

8 Things You Should Always Buy on Amazon
8 Things You Should Always Buy on Amazon

The giant retailer shines when it comes to these things, from basics to hard-to-find specialty goods.

5 Ways to Get Amazon Prime for Free
5 Ways to Get Amazon Prime for Free

Hesitant to drop $119 a year on an Amazon Prime membership? Here’s how to get it for free.

8 Federal Income Tax Breaks for Homeowners
8 Federal Income Tax Breaks for Homeowners

Some of these deductions and credits are available to a wide swath of homeowners.

5 Ways to Fill Your Pantry With Free Food
5 Ways to Fill Your Pantry With Free Food

Anyone can take advantage of these resources.

3 Ways to Get Microsoft Office for Free
3 Ways to Get Microsoft Office for Free

With a little ingenuity, you can cut Office costs to zero.

6 Reasons You Should Stop Hiding Cash at Home
6 Reasons You Should Stop Hiding Cash at Home

Stashing money around the house is anything but harmless.

12 Deep Discounts Available on Amazon This Friday
12 Deep Discounts Available on Amazon This Friday

These items are steeply discounted — but the deals won’t last long.

5 States With the Worst Health Care for Retirees
5 States With the Worst Health Care for Retirees

All of these states are located in the same region of the nation.

5 Products You Should Never Buy Generic
5 Products You Should Never Buy Generic

Sometimes the brand-name version is clearly superior.

View More Articles

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Add a Comment

Our Policy: We welcome relevant and respectful comments in order to foster healthy and informative discussions. All other comments may be removed. Comments with links are automatically held for moderation.