Back to Blog

The most commonly used file types for malware

Bodyguard Team

RAR and ZIP most commonly used files

The past year has seen a turnaround with regard to the dangerous files associated with malware. Archive files such as RAR and ZIP are now more commonly used for malware distribution than Office documents such as Word and PDF. For years, attackers have been exploiting scripting functionality in Office documents to download and execute malicious content. Because this scripting functionality is increasingly being disabled in Office, cybercriminals have found another method, which is via archive files. Research from HP Wolf Security shows that archive files now make up 44% of files used to install malware. Office documents also make up 32%. This means that archival documents come first. Security solutions struggle to properly check archive files for various reasons.


Reason for increased use of RAR and ZIP files

Archive files are often password protected. This prevents security solutions from opening the file and scanning it for dangerous content. Cybercriminals know this and try to build trust through clever use of social engineering and legitimate-looking websites. Once a user trusts a cybercriminal's website or email, they are more likely to open the archive file. Cyber criminals often use websites or HTML files to redirect users to fake online document viewers. In the original HTML file, the malware is coded and encrypted, making it impossible for detection by email gateways or other security programs. From that document viewer, users are then prompted to open an archive file with a specific password, so that the document (searched for by the user) can be opened. Upon opening the archive file, the malware is placed.

Talk with our experts

Find out how CDR for desktops can improve your security
Book demo
Plan demo

More from the Blog

Gartner Analysts identify CDR as particularly useful

In the latest edition of Gartner's HypeCycle report on network security content cleaning technology ranks high on the priority matrix for network security.

Read More

Sandbox vs CDR

Sandboxing prevents data breaches and network attacks caused by malicious URLs and files. It's a virtual environment which acts as a safe zone, where artificial intelligence runs and tests files and URLs before delivering them to end users. CDR or Content Disarm & Reconstruction also targets malicious files...

Read More

SLR Group and Bodyguard enter into collaboration

SLR Group has identified CDR technology as necessary and has therefore entered into a partnership with Bodyguard to help distribute Bodyguard's CDR technology.

Read More