How do attackers use compressed files to evade filters?

Compression obscures content from simple scanners. Nested archives (ZIP within ZIP), split archives, unusual formats (7z, RAR5), and password protection prevent automated analysis of contents.

Evasion techniques: delivering payloads in password-protected archives with password in message body, using obscure compression formats, and nesting malware deeply within multiple archive layers.

Defense requires: advanced scanning that handles complex archives, policies blocking password-protected attachments from external senders, and user awareness that archive delivery is suspicious for legitimate business documents.