Researchers with SpiderLabs at Trustwave reveal a new image file exploit – a fake icon delivering the NanoCore trojan. Researchers said: “The recent malspams… (work to) effectively hide the malicious executable from anti-malware and email scanners by abusing the file format of the “.zipx” attachment, which in this case is an Icon file with added surprises. In a slight twist, enclosing the executable into a RAR archive instead of a ZIP file, the content of the .zipx attachment can be extracted by another popular archiving tool, 7Zip. If the end-user uses 7Zip or WinRAR, the NanoCore malware could be installed onto the system, if the user decides to run and extract it. It all works because various archive utilities try their darndest to find something to unzip within files.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
