ZIP files are being used to bypass security gateways

Security researchers at Trustwave have discovered a new phishing campaign that utilized a specially crafted ZIP file, designed to bypass secure email gateways, to distribute the NanoCore RAT.

Users are targeted through a spam email pretending to be shipping information from an Export Operation Specialist of USCO Logistics. Attached to the email is a ZIP archive that has a file size which is greater than its uncompressed content.