Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Virus Attacks Via RAR Files

Posted by timothy on from the not-in-debian-yet dept.

sscottsci writes "A new article at eWeek indicates that Virus writers are using .RAR files to bypass Filters and Anti-Virus systems to infect computers. Most anti-virus software cannot scan a .RAR file, and most firewalls do not block the extension yet."

5 of 585 comments (clear)

  1. Re:Is this really a big deal? by LoRdTAW · · Score: 5, Informative

    Well it could definatly cause a problem with warez. Most warez is usually packed using RAR.

  2. Re:Good news! by wtrmute · · Score: 5, Informative

    Which is a pity, since .rar files are so much more compressible than .zip files. The difference is roughly the same between .gz and .bz2... What would be really easy is for anti-virus writers to include a RAR decompression library and look inside the damned files, rather than reject useful technology for no good reason

  3. ClamAV wins again... by Vellmont · · Score: 5, Informative

    The OSS program ClamAV supports scanning of RAR files. If most anti-virus programs truly don't support RAR format, this is another big win for ClamAV. (I run it on my own server, and as part of an anti spam/virus email service and it runs flawlessly).

    --
    AccountKiller
  4. Re:Is this really a big deal? by stupidfoo · · Score: 5, Informative

    Unfortunately, a malicious person can still e-mail a macro virus by merely changing a .DOC file's extension to .RTF. (Microsoft should prevent Word from running macros in files with .RTF extensions, but it doesn't.)

    http://www.infoworld.com/articles/op/xml/00/10/30/ 001030oplivingston.html

  5. Re:Is this really a big deal? by HD+Webdev · · Score: 5, Informative

    Well, I know of a few that do now... Seriously, is this that much of a threat? Winzip (AFAIK) doesn't handle Rar archives, and most users wouldn't know how to open one if they did find one in their inbox...

    .rar archives being infected is very old news as well as every other archive format.

    .rar files have been infected since they have existed and posted to USENET. Rar files are much better than zip files in that people can download (let's say) a .rar that's been split into 15 parts. By using smartpar, even if a part of that .rar is corrupted, Smartpar does parity and other checks to reconstruct the missing part(s)

    As you note, most people don't know about rar files. And even if they do, the anti-virus program will block the virus as soon as the rar set is put back together.

    This is a complete non-issue. Not to mention, Winrar, which creates and reassembles .rar files prompts users to scan files for infections before extracting them.

    --
    This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.