Signature Detail

POP3:.ZIP

This signature detects e-mail attachments with the extension .zip received using POP3. This can indicate an incoming e-mail virus. Zip files are compressed files that can contain one or more executables. Attackers can compress malicious executables within a .zip file, tricking unsuspecting users into executing the file and infecting the system. Because Zip files are frequently used for non-malicious purposes, this signature can generate false positives. As a general network security precaution, ensure that all users are aware of the dangers of sending and receiving binary files in e-mail attachments.

Extended Description

A remote attacker could send a victim malicious code hidden in an e-mail with a ZIP attachment. The impact of such an attachment depends on use behavior and the behavior of the malicious code.

References

• URL: http://www.jimloy.com/computer/attach.htm
• URL: http://www.cknow.com/vtutor/FileExtensions.html