Blocking Additional Attachments to Mitigate ZIPped Malware
December 2013 — In light of the threat posed by CryptoLocker, and the recent high volume of other email-borne malware, Cadzow is configuring its managed clients' systems to block an additional list of attachment types (beyond the default list already blocked), including .ZIP, which is being used to distributed this and other malware. Traditional antivirus systems are having difficulty blocking this malware at the time it arrives in mailboxes because it changes so frequently.
We regret the potentional inconvenience caused by blocking ZIP files, but the threat posed by CryptoLocker and other so-called “ransomware” malware is now so great that allowing these files through the email vector can no longer be allowed.
If you were notified of this change by email, the change is effective as of the sending of that notification. Anybody who needs to send you ZIP/RAR files will need to find another method.
Refer back to this article at a later date as we may add further information.
How this is achieved varies according to the services available on your network:
Clients Using NetRegistry POP3 Services
If you use a NetRegistry POP3 email service, we have configured the spam system to reject messages containing ZIP and RAR attachments. Senders will receive a failure notification:
The following message to <Email> was undeliverable.
If you have senders who need to send ZIP files, these addresses can be whitelisted — please let us know if you require this.
Additionally, messages blocked for containing ZIP files are quarantined by NetRegistry and so can be released to you where necessary.
Clients Using Server-Hosted Email
If your email is delivered directly to your server via Microsoft Exchange, we have rolled out a login script update which causes ZIP and RAR files to be blocked by Outlook. The attachments will still be delivered and stored in the mailbox but are much more difficult to extract and open.