“Zombie ZIP”: Neue Angriffstechnik täuscht Virenscanner
Summary
A new attack technique called "Zombie ZIP" can hide malicious payloads within compressed files, evading detection by antivirus and EDR solutions. This is achieved by manipulating ZIP headers to trick extraction software and security tools into treating compressed data as uncompressed, leading to false negatives.
IFF Assessment
FOE
This technique allows attackers to bypass common security measures, making it harder for defenders to detect and prevent malware.
Defender Context
Defenders need to be aware of techniques like Zombie ZIP that exploit how security tools interpret file headers. This highlights the ongoing arms race between attackers and defenders, emphasizing the need for more robust detection mechanisms that go beyond signature-based scanning of compressed archives.