Slashdot Mirror
19-Year-Old WinRAR Vulnerability Leads To Over 100 Malware Exploits (slashgear.com)
"Last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that's easily exploited by hackers and malware distributors," writes SlashGear. Slashdot reader Iwastheone quotes their report:
Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension, so that when opened they can automatically extract malware programs. These programs are installed in a PC's startup folder, allowing them to start running anytime the computer is turned on, all without the user's knowledge.
Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the U.S.
WinRar 5.70, released in late January, patches the behavior, but "it must be manually downloaded and installed from the website, leaving most users unaware of the critical update," the article warns.
It also estimates that during the last 19 years WinRar has been downloaded over 500 million times.
Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the U.S.
WinRar 5.70, released in late January, patches the behavior, but "it must be manually downloaded and installed from the website, leaving most users unaware of the critical update," the article warns.
It also estimates that during the last 19 years WinRar has been downloaded over 500 million times.
I use 7-zip. Haven't installed WinRAR in like a decade.
WinRAR was shipping a proprietary free-as-in-beer DLL to uncompress ACE archive format files.
WinRAR uses 'magic' to detect file types so malware authors are naming archives '.rar' to get it to WinRAR which then passes it into the vulnerable DLL where it uses a path traversal exploit to install malware.
Since nobody uses ACE format files anyway the WinRAR authors dropped support and removed the DLL.
Users need to update and Windows doesn't make that easy like linux distros do.
Maybe it's just me but I find the vague and nebulous "popular" articles to be confusing and hard to read.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Had multiple archives which were reporting as corrupt / damaged in 7zip and opened fine in WinRAR, near a decade ago.
Had I followed the advice of 7zip I could have discarded perfectly good data.
I reported the bug YEARS ago, supplied files too, nope no interest from the developers.
I spoke with someone yesterday with someone who said the same thing is STILL going on.
Nope, I don't have faith in 7zip, working with the data reliably is the #1 thing for me. I'll stick with a patched WinRAR thanks.
Who uses .RAR archives these days?
Sadly many more than you would think, I encounter them more often than zipped archives in several different fields I deal with. And my efforts to get the authors.developers to change to an application that uses a more open standard have not been very successful. The frequent response I get is "I don't want to learn a new program" or "it works so why should I change?".
They are very common indeed in the world of piracy. There was a time when RAR was the world leader in typical compression ratio, and pirates desperately needed the best compression around. Even though 7z is now superior in just about every way, RAR has become entrenched, and very hard to displace.