Since August 11, 2010 emails with archive file attachments infected with spam and Zbot.Trojan have been bypassing anti-spam filters. Applications performing the filtering do not generate any visible errors.
While Symantec has updated its filter set to capture the attack, there may be cases where the attack slipped through between the time that the updated rules were being pushed out to customers and the time it took to apply those filters.
Symantec has created updated rulesets for all Brightmail AntiSpam technologies. Please make sure that your environment has the latest ruleset available.
More in depth analysis of this this threat is discussed at the following URL: