Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Bug Security

19-Year-Old WinRAR Vulnerability Leads To Over 100 Malware Exploits (slashgear.com) 144

"Last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that's easily exploited by hackers and malware distributors," writes SlashGear. A Slashdot reader quotes their report: Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension, so that when opened they can automatically extract malware programs. These programs are installed in a PC's startup folder, allowing them to start running anytime the computer is turned on, all without the user's knowledge.

Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the U.S.

WinRar 5.70, released in late January, patches the behavior, but "it must be manually downloaded and installed from the website, leaving most users unaware of the critical update," the article warns.

It also estimates that during the last 19 years WinRar has been downloaded over 500 million times.
This discussion has been archived. No new comments can be posted.

19-Year-Old WinRAR Vulnerability Leads To Over 100 Malware Exploits

Comments Filter:
  • Meh (Score:4, Insightful)

    by cheesybagel ( 670288 ) on Saturday March 16, 2019 @06:41PM (#58285684)

    I use 7-zip. Haven't installed WinRAR in like a decade.

    • Tried to install it on my system: got an "invalid or corrupted package" error.
    • by antdude ( 79039 )

      I wished 7-zip would let me extract multiple highlighted files into their own (directorie/folder)s like WinRAR which is why I still use it. :(

      • by Anonymous Coward

        You can do it by selecting the option "Extract to /*", works like WinRAR

  • This isn't hard... (Score:5, Informative)

    by bill_mcgonigle ( 4333 ) * on Saturday March 16, 2019 @06:44PM (#58285698) Homepage Journal

    WinRAR was shipping a proprietary free-as-in-beer DLL to uncompress ACE archive format files.

    WinRAR uses 'magic' to detect file types so malware authors are naming archives '.rar' to get it to WinRAR which then passes it into the vulnerable DLL where it uses a path traversal exploit to install malware.

    Since nobody uses ACE format files anyway the WinRAR authors dropped support and removed the DLL.

    Users need to update and Windows doesn't make that easy like linux distros do.

    Maybe it's just me but I find the vague and nebulous "popular" articles to be confusing and hard to read.

    • Maybe it's just me but I find the vague and nebulous "popular" articles to be confusing and hard to read.

      Maybe because the reporters don't understand what they are writing about.

    • Comment removed based on user account deletion
      • He means the package mangers of any Linux distro updates everything for him. Any program on Windows except the OS doesn't update unless the program does it by itself.

    • Users need to update and Windows doesn't make that easy like linux distros do.

      This isn't actually true with Windows 10. It does have a built-in package manager that is capable of installing & updating packages from Chocolatey, GitLab repositories, etc..... and it has the Microsoft Store, which has an auto-update mechanism and is perfectly capable of supporting classic Win32 programs like WinRAR, including the command-line version. (Yes, console apps in the MS Store is a thing nowadays.)

      Problem is.... nobody really seems to know any of this. This is mostly Microsoft's fault sin

    • Comment removed based on user account deletion
    • by LesFerg ( 452838 )
      How popular is Chocolatey? Are there other similar tools for Windows? It would be cool to have a well supported package manager similar to the popular Linux ones. And no, not the Windows App store. Please.
  • by AbRASiON ( 589899 ) * on Saturday March 16, 2019 @07:21PM (#58285922) Journal

    Had multiple archives which were reporting as corrupt / damaged in 7zip and opened fine in WinRAR, near a decade ago.

    Had I followed the advice of 7zip I could have discarded perfectly good data.

    I reported the bug YEARS ago, supplied files too, nope no interest from the developers.
    I spoke with someone yesterday with someone who said the same thing is STILL going on.

    Nope, I don't have faith in 7zip, working with the data reliably is the #1 thing for me. I'll stick with a patched WinRAR thanks.

    • by Anonymous Coward

      I too have had files that did not open in 7zip.

      Every last one was a corrupt zip file. 7zip does not react well to corrupt files. I usually unzip the thing and then rezip it with something else and continue to use 7zip.

    • by Jahta ( 1141213 )

      Had multiple archives which were reporting as corrupt / damaged in 7zip and opened fine in WinRAR, near a decade ago.

      I've used 7-Zip for years. Never had a problem, with RAR files (single or multi-part) or any other archive type. YMMV

      • by tlhIngan ( 30335 )

        I've used 7-Zip for years. Never had a problem, with RAR files (single or multi-part) or any other archive type. YMMV

        The big reason is RAR introduced a new revision just a few years ago, called RAR5. It changed a lot of things and if your RAR decompressor didn't know how to handle RAR5, it would report the file as corrupt.

        The solution as always is to update - 7zip doesn't have native RAR support, so you needed to update the unrar DLL or exe and all would be fine.

        Even RAR users were caught - update WinRAR an

  • ...that there were some bugs in WinRAR when all of a sudden everybody starts getting .RAR file attachments from random people?

    Why use an obscure compression program otherwise?

  • by rossdee ( 243626 )

    Who uses .RAR archives these days?

    • Who uses .RAR archives these days?

      Sadly many more than you would think, I encounter them more often than zipped archives in several different fields I deal with. And my efforts to get the authors.developers to change to an application that uses a more open standard have not been very successful. The frequent response I get is "I don't want to learn a new program" or "it works so why should I change?".

    • Re: (Score:3, Informative)

      They are very common indeed in the world of piracy. There was a time when RAR was the world leader in typical compression ratio, and pirates desperately needed the best compression around. Even though 7z is now superior in just about every way, RAR has become entrenched, and very hard to displace.

      • by Anonymous Coward

        In the emulation/ROM scene, RAR is heavily used because of the frequent changes to ROM archives due to all the constant redumps, fixes and other improvements that keep being contributed by the community.

        7-Zip is great if you're making an archive of content that will never change, but the 7-Zip format is a "solid" compression format, meaning that adding, changing and removing files requires you to decompress and recompress the *entire archive*.

        RAR doesn't compress as heavily as 7-Zip, but it's a hell of a lo

    • It seems like the preferred format for warez and porn distribution through file hosts.
    • Everyone. Is that the answer you were looking for? No seriously with multi-part compressed files RAR or self extracting RARs are still incredibly popular. The real question is who uses .ACE archives these days since that is what the article is actually about.

  • Maybe just me, but all the contexts I ever saw WinRAR in convinced me that it was always sketchy AF. In any case I don't think I've seen it in 10 years.

  • "It's ok. Just download it and unzip it and don't run it if it's .exe!"

    His friend moused to the DL button. The other guy made a face like Richie's little brother waiting to see if Kirk would drink the tranya.

  • Why doesn't the security side of the house just blacklist the file and the world is saved? It's as simple as deleting the file. I know WinRar would love people to upgrade their software for a FEE, but the easiest solution for all is for the powers that be (Microsoft, Symantec, McAfee, etc), to quarantine the file, "UNACEV2.DLL".
    MD5 Checksum: 7FE66F3BD9CBB998D56EF60D511FF06F
    SHA-1 Checksum: DFD7AF26DD22DFDE03B78E835AAAA1569737A6C3
    SHA-256 Checksum: 219FF84A756E7912C84EC7BE3BEE5E29FB91909AAEF8856C3DDA2C4F
    • by AC-x ( 735297 )

      Next week on /.: "M$ Spyware Windows 10 has the ability to delete .dll files from your PC without your consent!" ;)

  • I catually thought that this was something that had been discovered earlier. I clearly remember that even in unrar.exe in Dos. Back around 1992/93'ish, I had infections as well... So getting a virus from opening a zip/rar/arj/zoo on MS-Dos-6.22 or earlier, was something we were used to.

Ignorance is bliss. -- Thomas Gray Fortune updates the great quotes, #42: BLISS is ignorance.

Working...