Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

HTTP Based ZIP File Download Detection

Info

Synopsis

An HTTP transfer of a file compressed with the ZIP algorithm was just observed.

Description

An HTTP transfer of a file compressed with the ZIP algorithm was just observed. This file may contain malicious code, or content that may not be subjected to any content filtering in place. However, if the host attempting the download is a web server, email server or other server, this behavior may be indicative of a system compromise.

Solution

Block all HTTP requests with content type: application/zip, and ensure a content filtering system is in place that handles ZIP compressed files.