Malware - Evading Detection Through Zip Folders

Malware – Evading Detection Through Zip Folders

As you might already know, malware is a constantly growing threat to computer security, and attackers are always looking for new ways to evade detection.

One popular method that we’ve been seeing recently on how attackers hide their malware is by packing it into an encrypted zip folder. When the zip folder is scanned by an antivirus software, the software only looks at the zip folder itself and not what’s inside. This means that the malware can go undetected and cause damage to the system. The threat actor will usually provide a password to the user allowing them to unzip the folder.

So how can you tell if a file inside a zip folder is safe or not?

How to Avoid Malware Infections

Check the source

Before you download a file, make sure it’s from a trusted source. Don’t download files from unknown or suspicious websites, and refrain from using pirated software, as they may contain information stealers running in the background.

Scan the file

Use a reliable antivirus software to scan the zip folder and the files inside. This will help you detect any potential threats before you execute the file.

This can usually be done by right-clicking on the .exe or folder and clicking “scan” (ensure you have an antivirus software installed beforehand).

Check the file extension

Look at the file extension of the file inside the zip folder. If it’s an executable file, such as .exe or .bat, be cautious as these types of files are commonly used for malware. Threat actors may sometimes hide the fact that a file is an executable.

If you want to check that a PDF is actually a PDF for example, you can right-click the file and then select properties to see its file type.

Check the file size

If the file size is significantly larger or smaller than what you would expect, be cautious. Attackers sometimes use file compression techniques to hide malware in smaller file sizes, or they may use a large file size so that it can avoid being scanned in some cases.

Use sandboxing technology

Sandboxing technology allows you to execute the file in a virtual environment, which isolates the file from your system. This can help you detect any potential threats without putting your system at risk. There are many free online sandbox environments available.

By following these tips, you can reduce the risk of downloading and executing malware from zip folders. It’s important to stay vigilant and always be cautious when downloading files from the internet.

In addition to these tips, keeping your antivirus software up to date with the latest threat intelligence and malware signatures is crucial to ensure that your system is protected against the latest threats. With the right tools and practices, you can stay one step ahead of attackers and keep your system safe from malware infections.

What to Do if Your Systems Become Infected With Malware

If you think you may have malware on your systems, you’ll need to act quickly.

1. Disconnect the infected system from the network immediately to help prevent the malware from spreading to other systems.

2. Determine the extent of the infection and the type of malware involved.

3. Create a plan to remove the malware and restore any damage it may have caused.

4. Use anti-virus software to scan and remove the malware.

5. Restore any damaged files or systems.

6. Implement security measures to prevent further incidents.

It can often be difficult to detect the malware used, make sure it’s completely removed from your systems. If not removed properly, it can spread to other systems, causing even more damage.

Removing malware is not a simple process, and requires specialised expertise and training. If you don’t have the skills and experience to handle the incident in-house, get in touch with us today.

At 3B Data Security, our specialist team have years of experience identifying and neutralizing malware, as well as implementing measures to prevent future attacks.

Our consultants are on hand 24x7x365 to help your organisation identify, respond to, and recover from a cyber incident quickly and effectively.

Find out more about our Incident Response Services.

Find Out More