Slashdot Mirror
19-Year-Old WinRAR Vulnerability Leads To Over 100 Malware Exploits (slashgear.com)
"Last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that's easily exploited by hackers and malware distributors," writes SlashGear. Slashdot reader Iwastheone quotes their report:
Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension, so that when opened they can automatically extract malware programs. These programs are installed in a PC's startup folder, allowing them to start running anytime the computer is turned on, all without the user's knowledge.
Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the U.S.
WinRar 5.70, released in late January, patches the behavior, but "it must be manually downloaded and installed from the website, leaving most users unaware of the critical update," the article warns.
It also estimates that during the last 19 years WinRar has been downloaded over 500 million times.
Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the U.S.
WinRar 5.70, released in late January, patches the behavior, but "it must be manually downloaded and installed from the website, leaving most users unaware of the critical update," the article warns.
It also estimates that during the last 19 years WinRar has been downloaded over 500 million times.
WinRAR was shipping a proprietary free-as-in-beer DLL to uncompress ACE archive format files.
WinRAR uses 'magic' to detect file types so malware authors are naming archives '.rar' to get it to WinRAR which then passes it into the vulnerable DLL where it uses a path traversal exploit to install malware.
Since nobody uses ACE format files anyway the WinRAR authors dropped support and removed the DLL.
Users need to update and Windows doesn't make that easy like linux distros do.
Maybe it's just me but I find the vague and nebulous "popular" articles to be confusing and hard to read.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
They are very common indeed in the world of piracy. There was a time when RAR was the world leader in typical compression ratio, and pirates desperately needed the best compression around. Even though 7z is now superior in just about every way, RAR has become entrenched, and very hard to displace.