Nasty WinRAR bug is being actively exploited to install hard-to-detect malware

Nasty WinRAR bug is being actively exploited to install hard-to-detect malware

Enlarge (credit: Michael
Theis
)

Malicious hackers wasted no time exploiting a
nasty code-execution vulnerability recently disclosed in
WinRAR
, a Windows file-compression program with 500 million
users worldwide. The in-the-wild attacks install malware that, at
the time this post was going live, was undetected by the vast
majority of antivirus product.

The flaw, disclosed last month by Check Point Research, garnered
instant mass attention because it made it possible for attackers to
surreptitiously install persistent malicious applications when a
target opened a compressed ZIP file using any version of WinRAR
released over the past 19 years. The absolute path traversal made
it possible for archive files to extract to the Windows startup
folder (or any other folder of the archive creator’s choosing)
without generating a warning. From there, malicious payloads would
automatically be run the next time the computer rebooted.

On Thursday, a researcher at McAfee
reported
that the security firm identified “100 unique
exploits and counting” in the first week since the vulnerability
was disclosed. So far, most of the initial targets were located in
the US.

Read 3 remaining
paragraphs

Source: FS – Industry
Nasty WinRAR bug is being actively exploited to install hard-to-detect malware



Leave a Reply