FTP Based ZIP File Download Detection
Info Nessus Network Monitor Plugin ID 1195
SynopsisPVS has detected a FTP transfer of a file compressed with the ZIP algorithm.
DescriptionPVS has detected a FTP transfer of a file compressed with the ZIP algorithm. This file may contain malicious code, but probably not a direct threat. However, if the host attempting the download is a web server, email server, or other server, this behavior may be indicative of a system compromise.
SolutionDeploy a FTP proxy and block all the downloads of files ending in .zip. In addition, ensure desktop computers have antivirus software.