Synopsis
An HTTP transfer of a file compressed with the ZIP algorithm was just observed.
Description
An HTTP transfer of a file compressed with the ZIP algorithm was just observed. This file may contain malicious code, or content that may not be subjected to any content filtering in place. However, if the host attempting the download is a web server, email server or other server, this behavior may be indicative of a system compromise.
Solution
Block all HTTP requests with content type: application/zip, and ensure a content filtering system is in place that handles ZIP compressed files.
