Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Virus Attacks Via RAR Files

Posted by timothy on from the not-in-debian-yet dept.

sscottsci writes "A new article at eWeek indicates that Virus writers are using .RAR files to bypass Filters and Anti-Virus systems to infect computers. Most anti-virus software cannot scan a .RAR file, and most firewalls do not block the extension yet."

22 of 585 comments (clear)

  1. Oh, the horrid memories by Tablizer · · Score: 5, Funny

    Goatse once came to me in a .REAR file. Close enough to avoid.

    --
    Table-ized A.I.
    1. Re:Oh, the horrid memories by tehshen · · Score: 5, Funny

      I hope you didn't have any wide open ports for a virus to exploit.

      --
      Guy asked me for a quarter for a cup of coffee. So I bit him.
    2. Re:Oh, the horrid memories by Doctor+O · · Score: 2, Funny

      Ah yes. Reminds me of the great goatse.exe I found on some troll resource server years ago that set the desktop and window background to Mr Goatse and changed the mouse pointer and screensaver accordingly, all in a way that required registry fiddling to EVER get rid of all that. Send that as "niceass.exe" to the jerk who won't stop sending you all his funny, funny PowerPoint "jokes". Hilarity ensues.

      Of course, remotely putting that into the autostart folders of pesky coworkers is nice too. Praise Billy Boy for \\[IP address]\C$\ and null sessions. Heh.

      --
      Who is General Failure and why is he reading my hard disk?
  2. uh... by koreaman · · Score: 5, Funny

    don't accept rar files from people you don't know. And, if you do, don't run random executables inside them?

    --
    Le français vous intéresse?
    1. Re:uh... by jacksonj04 · · Score: 2, Funny

      You're giving end users too much credit here. If it exists, they will click.

      --
      How many people can read hex if only you and dead people can read hex?
  3. For those that don't know by Anonymous Coward · · Score: 5, Funny

    Rar files are most commonly used in the legal archiving of binary files and DVDs.

    1. Re:For those that don't know by greenegg77 · · Score: 5, Funny

      So, thats like 50% legal then?
      Nah, it's 100% legal - you're simply a small part of someone's distributed offsite backup and archive model. :D

      --
      --- This .sig for sale - $500 OBO.
  4. Slashdot Headline! by im_thatoneguy · · Score: 5, Funny

    "Warez is becoming infected with viruses!"

  5. eWeek ... by jest3r · · Score: 4, Funny

    ... in related news eWeek is able to sell more impressions and generate more revenue by getting coverage on Slashdot for pointless non-news articles such as new Virus hides in compressed files ...

  6. In other news by JamesP · · Score: 2, Funny

    A new virus is spreading through password-protected .arj files.

    Fortunatelly, no one got it, as no one remembers anymore what the heck an .ARJ file is, let alone find a password cracker for it.

    Rumors said the password is "G04TSE.CXR0X".. go now then, have some fun...

    --
    how long until /. fixes commenting on Chrome?
  7. How about a .virus file type? by jptechnical · · Score: 5, Funny

    It seems to me this would be the simplest. Just require the virus makers to use the .virus extension and that will give the AV makers more time to perfect RAR scanning.

    Is anyone with me?

    --

    Boredom's not a burden anyone should bear.
  8. Re:first post by Anonymous Coward · · Score: 2, Funny

    someone shouted HQX at me once and I didn't sleep for a week.

  9. Re:No problem! by B3ryllium · · Score: 2, Funny

    If anything, we should congratulate them. They've found a way to cut down on a few bytes of junk data flying around the net.

    Cumulatively, it could be a big waste reduction. :)

  10. Another strike against Linux by WhiteWolf666 · · Score: 2, Funny

    Gosh.
    All my household systems come with software to decrypt rars, bzip2s, gzips, tars, etc. . .

    All this extra functionality results in vulnerabilities, eh?

    Oh. Wait. Even when I get the file open, the trojan won't excute. Guess I better fire up Wine, see if I can get it to work.

    If only Win32 was better supported in Linux, then I wouldn't have these cross-platform issues.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  11. Re:RAR is very popular in China by JustNiz · · Score: 1, Funny

    aaahhh sooo... rinzip... doh... rin... doh.. fuckit RAR.

  12. Re:Is this really a big deal? by Rei · · Score: 4, Funny

    ... because you can detect the part that does the self-extracting, of course. :)

    A more clever approach is to have another program do the extracting for you - for example, to distribute it as a password-protected zip file and make the password known to the user. That way, you don't need the identifiable extractor.

    --
    "Lock and load, Brides of Christ!"
  13. Re:Is this really a big deal? by bobbagum · · Score: 2, Funny

    still any BOFH worth his salt wouldn't let any lusers runs executables anyway

  14. Ohh, it's just about user stupidity as usual by Jugalator · · Score: 2, Funny

    It's about people clicking on RAR archives said to contain Anna Kournikova pictures, and other women with hot grits? Well what's new there?

    It's not a problem with RAR in specific... If they block RAR files, I'm sure they could instead just be guided to a web page and told to install an ActiveX control instead. :-P (of course a digitally signed one so they get a false sense of security)

    If you could only patch the real serious security holes here -- the ones in the users' brains...

    --
    Beware: In C++, your friends can see your privates!
  15. Whelp by Drako2 · · Score: 1, Funny

    Time to go back to using ARJ

  16. Re:Big deal by fudgefactor7 · · Score: 2, Funny

    Yo, man, she's a nurse, cut her some slack.

  17. Re:Is this really a big deal? by Nebu · · Score: 3, Funny

    You would be surprised how few email filters detect an attachment which is simply sent as Base64 or UUEncoded text, in the body. As it's not an attachment, it frequently gets ignored.

    Why would we be surprised? People who write e-mail filters have to balance between security and convenience of the user.

    I mean, imagine a super complex e-mail filter program that blocked every conceivable way of sending an attachment. If I sent a letter to my mom asking her how her stay was in the hospital, and got something back like:

    "Your email was blocked because if you take the lower 4th bits of every word whose position is a prime number and reverse the endianess, you get a executable that runs on the 8-bit Gameboy platform, which could then be run by the recipient using an emulator. This executable has been blocked for your protection. Have a nice day."

    I'd be pretty annoyed.

  18. Re:Is this really a big deal? Use WordPad by bob+beta · · Score: 4, Funny

    While that might seem an attractive option to some, helpdesk employees worldwide are screaming at the thought of the association for .doc and .rtf files suddenly switching to Wordpad.

    "Why won't my Office work, and what is this silly 'wordpad' that started up?"

    --
    "What's the frequency Kenneth?"