icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

HTTP Based ZIP File Download Detection

Info

Synopsis

An HTTP transfer of a file compressed with the ZIP algorithm was just observed.

Description

An HTTP transfer of a file compressed with the ZIP algorithm was just observed. This file may contain malicious code, or content that may not be subjected to any content filtering in place. However, if the host attempting the download is a web server, email server or other server, this behavior may be indicative of a system compromise.

Solution

Block all HTTP requests with content type: application/zip, and ensure a content filtering system is in place that handles ZIP compressed files.