Dirty zipping

'Dirty zipping' is the method of using SFX archives (A self-extracting archive type) to 'disguise' a file such as a malicious payload within a medium such as an image through a roundabout form of steganography which results in a 'Dirty zip'.

When the victim of a dirty zip attack opens a seemingly harmless file (the image in this example) they'll be shown the image but in the background a payload will execute.

This method can be achieved through software's such as WinRar and 7Zip.

Person 1: I launched the reverse shell payload on the victim.

Person 2: How did you go about that?

Person 1: Just did some Dirty zipping and put it on a USB which I dropped near their front door, curiosity took hold and the payload self-extracted in the background when the victim wanted to view the picture on the USB.

Person 2: Sneaky!