Article 4B3QS Nasty WinRAR bug is being actively exploited to install hard-to-detect malware

Nasty WinRAR bug is being actively exploited to install hard-to-detect malware

by
Dan Goodin
from Ars Technica - All content on (#4B3QS)
caution-800x534.jpg

Enlarge (credit: Michael Theis / Flickr)

Malicious hackers wasted no time exploiting a nasty code-execution vulnerability recently disclosed in WinRAR, a Windows file-compression program with 500 million users worldwide. The in-the-wild attacks install malware that, at the time this post was going live, was undetected by the vast majority of antivirus product.

The flaw, disclosed last month by Check Point Research, garnered instant mass attention because it made it possible for attackers to surreptitiously install persistent malicious applications when a target opened a compressed ZIP file using any version of WinRAR released over the past 19 years. The absolute path traversal made it possible for archive files to extract to the Windows startup folder (or any other folder of the archive creator's choosing) without generating a warning. From there, malicious payloads would automatically be run the next time the computer rebooted.

On Thursday, a researcher at McAfee reported that the security firm identified "100 unique exploits and counting" in the first week since the vulnerability was disclosed. So far, most of the initial targets were located in the US.

Read 3 remaining paragraphs | Comments

index?i=lcYs8guW22s:51Q-qSd88h0:V_sGLiPB index?i=lcYs8guW22s:51Q-qSd88h0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments