Nasty code-execution bug in WinRAR threatened millions of users for 14 years

ronjor · Feb 20, 2019

Dan Goodin - 2/20/2019, 8:00 AM

If you're one of the 500 million utility users, now would be a good time to patch.
Click to expand...

guest · Mar 15, 2019

Nasty WinRAR bug is being actively exploited to install hard-to-detect malware
March 15, 2019
https://arstechnica.com/information...-exploited-to-install-hard-to-detect-malware/

On Thursday, a researcher at McAfee reported that the security firm identified “100 unique exploits and counting” in the first week since the vulnerability was disclosed. So far, most of the initial targets were located in the US.

“When a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder behind the scenes. User Access Control (UAC) is bypassed, so no alert is displayed to the user. The next time the system restarts, the malware is run.”

“One recent example piggybacks on a bootlegged copy of Ariana Grande’s hit album Thank U, Nextwith a file name of ‘Ariana_Grande-thank_u,_next(2019)_[320].rar,’” McAfee Research Architect Craig Schmugar wrote in the post. “
Under the hood, however, the RAR file also extracted a file titled “hi.exe” to the startup folder. Once the computer was rebooted, it installed a generic trojan that, according to the Google-owned VirusTotal service, was detected by just nine AV providers.
Click to expand...

ronjor · Mar 27, 2019

Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns

Author: Tara Seals March 27, 2019
With new attacks on the Israeli military and social-work educators, exploitation of the 19-year-old flaw shows no signs of slowing down.
Click to expand...

xxJackxx · Mar 28, 2019

If you open an unsolicited email attachment in ace or rar format, you are pretty much asking for trouble. If you thought it was a good idea, someone is probably going to get you anyway though so have fun. We'll probably see you here, asking for help.

itman · Mar 28, 2019

Also, the mitigation for this if you can't upgrade to the latest ver. of WinRAR or don't want to apply the third party patch is to remove he unacev2.dll from the WinRAR directory. Or, alternatively disassociate the .ace extension.

EASTER · Mar 28, 2019

I though WinRAR had a feature where a user can tie-in so to speak an AV to scan the unpacked archives. It did when I used it.
In fact an older version still in one of my folders offers that option. That is if users actually set that feature or not is another matter.

ronjor · Apr 11, 2019

Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability

Office 365 Threat Research April 10, 2019
In early March, we discovered a cyberattack that used an exploit for CVE-2018-20250, an old WinRar vulnerability disclosed just several weeks prior, and targeted organizations in the satellite and communications industry. A complex attack chain incorporating multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines.
Click to expand...

noway · Apr 11, 2019

Thanks OP for letting us know.

Log in or Sign up

Nasty code-execution bug in WinRAR threatened millions of users for 14 years

ronjor Global Moderator

guest Guest

ronjor Global Moderator

xxJackxx Registered Member

itman Registered Member

EASTER Registered Member

ronjor Global Moderator

noway Registered Member

Log in or Sign up

Nasty code-execution bug in WinRAR threatened millions of users for 14 years

ronjor Global Moderator

guest Guest

ronjor Global Moderator

xxJackxx Registered Member

itman Registered Member

EASTER Registered Member

ronjor Global Moderator

noway Registered Member

Useful Searches