A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products.

bleepingcomputer@infosec.exchange

A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products.

https://www.bleepingcomputer.com/news/security/new-zombie-zip-technique-lets-malware-slip-past-security-tools/

thief_of_fire@infosec.exchange

@BleepingComputer uh why the fuck does the link to the researcher statement lead to a google ai chat?

bontchev@infosec.exchange

@BleepingComputer I am sorry but this is a bunch of bullshit.

If standard archives can't extract the data and a special extractor is needed, then the EDR tools can detect the extractor.

CERT/CC's recommendation is also idiotic. How exactly are the vendors of EDR tools supposed to validate the compression method?! What if the archive actually contains stored random noise (or encrypted file)?

number6@fosstodon.org

@BleepingComputer

Ok, it got past your AV detectors and now sits on your computer -- unable to be decompressed. How is this an exploit?

marshray@infosec.exchange

@bontchev @BleepingComputer Good for Bombadil Systems for their apparent rediscovery of the ‘packer’, but yeah seems kinda embarrassing for CERT.

tila@infosec.exchange

@thief_of_fire Sorry about that. We fixed the link.