HTTP Based ZIP File Download Detection
Info Nessus Network Monitor Plugin ID 1171
SynopsisAn HTTP transfer of a file compressed with the ZIP algorithm was just observed.
DescriptionAn HTTP transfer of a file compressed with the ZIP algorithm was just observed. This file may contain malicious code, or content that may not be subjected to any content filtering in place. However, if the host attempting the download is a web server, email server or other server, this behavior may be indicative of a system compromise.
SolutionBlock all HTTP requests with content type: application/zip, and ensure a content filtering system is in place that handles ZIP compressed files.