Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Virus Attacks Via RAR Files

Posted by timothy on from the not-in-debian-yet dept.

sscottsci writes "A new article at eWeek indicates that Virus writers are using .RAR files to bypass Filters and Anti-Virus systems to infect computers. Most anti-virus software cannot scan a .RAR file, and most firewalls do not block the extension yet."

11 of 585 comments (clear)

  1. Oh, the horrid memories by Tablizer · · Score: 5, Funny

    Goatse once came to me in a .REAR file. Close enough to avoid.

    --
    Table-ized A.I.
    1. Re:Oh, the horrid memories by tehshen · · Score: 5, Funny

      I hope you didn't have any wide open ports for a virus to exploit.

      --
      Guy asked me for a quarter for a cup of coffee. So I bit him.
  2. uh... by koreaman · · Score: 5, Funny

    don't accept rar files from people you don't know. And, if you do, don't run random executables inside them?

    --
    Le français vous intéresse?
  3. For those that don't know by Anonymous Coward · · Score: 5, Funny

    Rar files are most commonly used in the legal archiving of binary files and DVDs.

    1. Re:For those that don't know by greenegg77 · · Score: 5, Funny

      So, thats like 50% legal then?
      Nah, it's 100% legal - you're simply a small part of someone's distributed offsite backup and archive model. :D

      --
      --- This .sig for sale - $500 OBO.
  4. Slashdot Headline! by im_thatoneguy · · Score: 5, Funny

    "Warez is becoming infected with viruses!"

  5. eWeek ... by jest3r · · Score: 4, Funny

    ... in related news eWeek is able to sell more impressions and generate more revenue by getting coverage on Slashdot for pointless non-news articles such as new Virus hides in compressed files ...

  6. How about a .virus file type? by jptechnical · · Score: 5, Funny

    It seems to me this would be the simplest. Just require the virus makers to use the .virus extension and that will give the AV makers more time to perfect RAR scanning.

    Is anyone with me?

    --

    Boredom's not a burden anyone should bear.
  7. Re:Is this really a big deal? by Rei · · Score: 4, Funny

    ... because you can detect the part that does the self-extracting, of course. :)

    A more clever approach is to have another program do the extracting for you - for example, to distribute it as a password-protected zip file and make the password known to the user. That way, you don't need the identifiable extractor.

    --
    "Lock and load, Brides of Christ!"
  8. Re:Is this really a big deal? by Nebu · · Score: 3, Funny

    You would be surprised how few email filters detect an attachment which is simply sent as Base64 or UUEncoded text, in the body. As it's not an attachment, it frequently gets ignored.

    Why would we be surprised? People who write e-mail filters have to balance between security and convenience of the user.

    I mean, imagine a super complex e-mail filter program that blocked every conceivable way of sending an attachment. If I sent a letter to my mom asking her how her stay was in the hospital, and got something back like:

    "Your email was blocked because if you take the lower 4th bits of every word whose position is a prime number and reverse the endianess, you get a executable that runs on the 8-bit Gameboy platform, which could then be run by the recipient using an emulator. This executable has been blocked for your protection. Have a nice day."

    I'd be pretty annoyed.

  9. Re:Is this really a big deal? Use WordPad by bob+beta · · Score: 4, Funny

    While that might seem an attractive option to some, helpdesk employees worldwide are screaming at the thought of the association for .doc and .rtf files suddenly switching to Wordpad.

    "Why won't my Office work, and what is this silly 'wordpad' that started up?"

    --
    "What's the frequency Kenneth?"