Don’t Click on That: Infected Zip Files are Invading Email Again

Photo by enzezo / Shutterstock.com

You’re busy, so I’ll say this fast and loud: DON’T OPEN UNEXPECTED ZIP FILES THAT ARRIVE AS EMAIL ATTACHMENTS. Suddenly, there are a lot of them around.

That advice is nearly as old as email, but as they say, everything old is new again. And the internet is newly awash in spam sending out booby-trapped zip file attachments. My inbox has seen a steady trickle of the stuff for the past couple of months, but I didn’t think much of it until I chatted with Sophos Chief Technology Officer Joe Levy this week. Zip archives that contain malicious JavaScript files are on the rise, he said.

Users who fall for the trick and decompress a zip attachment by clicking on it don’t see an executable file — but rather a .js file or similar — and run the code. The two-step technique is obviously working for criminals.

Sophos data show a dramatic rise in zip-javascript spam. In fact, it shows zip files with poisonous javascript have pretty much completely replaced Office attachments (infected Word documents or spreadsheets) as the attack technique preferred by spammers. So if you’ve received spam recently, you’ve probably received an infected zip attachment.

The emails arrive in typical fashion. One promised me a “confirmation letter.” A more clever version offered a travel expense sheet. The most believable says “voice message from outside caller.”

Why is it back?

Well-configured spam and security software should protect organizations from this attack. So why are spammers suddenly adopting the technique again?

“As long as your organization’s network is administered correctly, there’s no real chance of infection. Which begs a question. Why do we still see this malspam [malicious spam] every day?” writes SANS on an analysis of the attack. “The answer? We assume enough people get infected, so sending .js malspam is profitable for the criminals behind this operation. Why else would we still see it?”

Akin to the IRS scam, which just keeps working and working, infected zip attachments are popping up all over because they work.

You can see a lot more examples of the spam at that SANS link, but here’s the other essentials from their analysis:

  • This malspam appears to target Windows computers.
  • The extracted file is Javascript-based, and the infection requires user action.
  • The user must open the zip attachment, extract the .js file, and manually run the .js file.
  • A properly administered Windows host using software restriction policies should prevent an infection.

Again, zip attachments are hardly new. And even this particular version of attack isn’t that new — the SANS analysis was from last year.

But here’s an important lesson about digital security I learned from Bruce Schneier many years ago. Attacks move in awareness cycles. There’s a new attack (Click on this attachment!) that works. Bad guys copycat it. It works on a large scale. Then consumers become painfully aware of it, learn their lesson, and stop clicking. The technique becomes exhausted, and bad guys move on. People forget about it and let their guard down. Then, a bad guy rediscovers the attack, tries it, and it works. And the cycle begins again.

That’s where we are with zip files, it would seem.

So if you would never fall for the zip file attack, good for you. I promise you know someone who will. So now is the time to offer a gentle reminder: Nothing good ever comes from unexpected zip files.

More from Bob Sullivan:

How to find cheaper car insurance in minutes

Getting a better deal on car insurance doesn't have to be hard. You can have The Zebra, an insurance comparison site compare quotes in just a few minutes and find you the best rates. Consumers save an average of $368 per year, according to the site, so if you're ready to secure your new rate, get started now.

Read Next
12 Expenses You May Be Tempted to Claim as Tax Deductions — but Shouldn’t
12 Expenses You May Be Tempted to Claim as Tax Deductions — but Shouldn’t

Thinking of trying to deduct a few of these things on your federal tax return? That could be a costly mistake.

7 Secret Departments of Amazon You Should Know About
7 Secret Departments of Amazon You Should Know About

These little-known sections of Amazon are hidden gems for deal-seekers and impulse shoppers alike.

7 Common Online Shopping Mistakes That Cost You Money
7 Common Online Shopping Mistakes That Cost You Money

How many of these costly online shopping missteps are you making without realizing it?

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Comments

Our Policy: We welcome relevant and respectful comments in order to foster healthy and informative discussions. All other comments may be removed. Comments with links are automatically held for moderation.

Trending Stories