Archive for the ‘WinRar’ Category
A critical vulnerability in the WinRAR file-compression utility is under active attack by a wide range of bad actors who are exploiting the code-execution flaw to install password stealers and other types of malicious software.
In one campaign, according to a report published by researchers from security firm FireEye, attackers are spreading files that purport to contain stolen data. One file, titled
leaks copy.rar, contains email addresses and passwords that were supposedly compromised in a breach. Attackers claim another file,
cc.rar, contains stolen credit card data. Other files have names including
zabugor.rar, ZabugorV.rar, Combolist.rar, Nulled2019.rar, and
Hidden inside the files are payloads from a variety of different malware families. They include a keylogger known as QuasarRat and malware containing Chinese language text known as Buzy.
Malicious hackers wasted no time exploiting a nasty code-execution vulnerability recently disclosed in WinRAR, a Windows file-compression program with 500 million users worldwide. The in-the-wild attacks install malware that, at the time this post was going live, was undetected by the vast majority of antivirus product.
The flaw, disclosed last month by Check Point Research, garnered instant mass attention because it made it possible for attackers to surreptitiously install persistent malicious applications when a target opened a compressed ZIP file using any version of WinRAR released over the past 19 years. The absolute path traversal made it possible for archive files to extract to the Windows startup folder (or any other folder of the archive creator’s choosing) without generating a warning. From there, malicious payloads would automatically be run the next time the computer rebooted.
On Thursday, a researcher at McAfee reported that the security firm identified “100 unique exploits and counting” in the first week since the vulnerability was disclosed. So far, most of the initial targets were located in the US.
WinRAR, a Windows file compression program with 500 million users worldwide, recently fixed a 14-year-old vulnerability that made it possible for attackers to execute malicious code when targets opened a booby-trapped file.
The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing, rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.
Researchers from Check Point Software, the security firm that discovered the vulnerability, initially had trouble figuring out how to exploit the vulnerability in a way that executed code of their choosing. The most obvious path—to have an executable file extracted to the Windows startup folder where it would run on the next reboot—required WinRAR to run with higher privileges or integrity levels than it gets by default.
We are back with our last week’s top cyber security threats and challenges, just in case you missed any of them (ICYMI).
THN Weekly Round Up is The Hacker News efforts to help you provide all important stories of last week in one shot.
We recommend you read the full story (just click ‘Read More’ because there’s some valuable advice in there as well).
Here’s the list:
Posted in AdBlock Extension, encryption software, Gottfrid Svartholm Warg, Hacker News, hacking news, Open Source, Quantum Teleportation, Stagefright, TrueCrypt, weekly roundup, windows 10 privacy, WinRar | Comments (0)
Beware Windows Users!
A new dangerous unpatched Zero-day Vulnerability has been detected in the latest version of WinRAR affects over millions of users worldwide.
According to Mohammad Reza Espargham, a security researcher at Vulnerability-Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw.
<!– adsense –>
WinRAR is one of