Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

19-years-old WinRAR vulnerability leads to over 100 malware exploits (Update Now!)
SlashGear ^ | Mar 16, 2019 | Adam Westlake

Posted on 03/18/2019 6:04:06 AM PDT by dayglored

After being a staple on PCs for so many years, last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that’s easily exploited by hackers and malware distributors. Fortunately, the software has been patched with the recent release of version 5.70, but after being unchecked for so long and installed by so many people, a new wave of malware is taking advantage.

Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension, so that when opened they can automatically extract malware programs. These programs are installed in a PC’s startup folder, allowing them to start running anytime the computer is turned on, all without the user’s knowledge.

Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the US.

Malware distributors are well aware of WinRAR’s prevalence among those who prefer to illegally download their media, as McAfee notes that one of the more popular exploits targets victims with a bootleg copy of Ariana Grande’s latest album, Thank U, Next.

The WinRAR software isn’t nearly as popular as it was years ago, but since it’s racked up over 500 million users in almost 20 years, there’s no way to know how many have been affected by the bug. The other big problem is that while version 5.70 was released in late January, it must be manually downloaded and installed from the website, leaving most users unaware of the critical update.


TOPICS: Business/Economy; Computers/Internet; Hobbies
KEYWORDS: exploit; malware; windowspinglist; winrar
Navigation: use the links below to view more comments.
first 1-2021-26 next last
I've used WinRAR for decades, and my copy is ancient. Time to update!!
1 posted on 03/18/2019 6:04:06 AM PDT by dayglored
[ Post Reply | Private Reply | View Replies]

To: Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; AppyPappy; arnoldc1; ATOMIC_PUNK; bajabaja; ...
WinRAR Vulnerability Being Exploited ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

2 posted on 03/18/2019 6:04:37 AM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; Ernest_at_the_Beach; martin_fierro; ...

3 posted on 03/18/2019 6:04:46 AM PDT by ShadowAce (Linux - The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored
The WinRAR software isn’t nearly as popular as it was years ago, but since it’s racked up over 500 million users in almost 20 years, there’s no way to know how many have been affected by the bug.

The other big problem is that while version 5.70 was released in late January, it must be manually downloaded and installed from the website, leaving most users unaware of the critical update.

4 posted on 03/18/2019 6:05:39 AM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

These malwares make a computer run very slowly over time.

Wouldn’t we have noticed that after 2 decades?

Still better safe than sorry.


5 posted on 03/18/2019 6:06:15 AM PDT by dp0622 (The Left should know if.. Trump is kicked out of office, it is WAR!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

19 years????


6 posted on 03/18/2019 6:06:23 AM PDT by rdl6989
[ Post Reply | Private Reply | To 4 | View Replies]

To: dayglored

Updated. Thanks for the hint!


7 posted on 03/18/2019 6:18:53 AM PDT by cartan
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce; dayglored; Swordmaker

FWIW, the RUSSIANS seem to use WinRAR a lot, for some odd reason..........................


8 posted on 03/18/2019 6:28:56 AM PDT by Red Badger (We are headed for a Civil War. It won't be nice like the last one....................)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

Compressed folders have been built in to Windiws for over 10 years. I haven’t used 3PAs for zipping in a long time.


9 posted on 03/18/2019 6:41:13 AM PDT by freedumb2003 (As always IMHO)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Red Badger

Free


10 posted on 03/18/2019 6:41:34 AM PDT by freedumb2003 (As always IMHO)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ShadowAce

If you just need to unpack WinRar files, you can use 7-zip. It is free and open source, so you can inspect the code for vulnerabilities if you like.


11 posted on 03/18/2019 6:48:32 AM PDT by proxy_user
[ Post Reply | Private Reply | To 3 | View Replies]

To: dayglored

Bookmark


12 posted on 03/18/2019 7:07:09 AM PDT by Desron13 (You may choose to ignore reality but you can't force reality to ignore you.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

MalwareBytes is a pretty good product, and the ‘basic version’ is free.


13 posted on 03/18/2019 7:21:28 AM PDT by Jack Hammer
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Wow...


14 posted on 03/18/2019 8:12:58 AM PDT by Openurmind
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user

It wouldn’t hurt to update 7-zip as well. My copy was years out of date.


15 posted on 03/18/2019 8:26:10 AM PDT by Fresh Wind (Trump: "America will never be a socialist country!")
[ Post Reply | Private Reply | To 11 | View Replies]

To: dayglored
targets victims with a bootleg copy of Ariana Grande’s latest album, Thank U, Next.

Anyone who would listen to Ariana Grande deserves everything they get.

16 posted on 03/18/2019 8:29:23 AM PDT by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Well, guess I better uninstall it from my old XP machine. Don’t think I can get the latest updated for that anyway.


17 posted on 03/18/2019 8:39:10 AM PDT by Boogieman
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Same here...thanks for the heads-up!


18 posted on 03/18/2019 9:27:06 AM PDT by Moltke (Reasoning with a liberal is like watering a rock in the hope to grow a building.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dp0622

[[These malwares make a computer run very slowly over time.]]

awesome- i can’t stand fast computers- everyone’s in such a hurry these days- i say take your time- don’t rush so much- slow things down lol


19 posted on 03/18/2019 9:31:56 AM PDT by Bob434
[ Post Reply | Private Reply | To 5 | View Replies]

To: proxy_user

that’s what I’ve always used-


20 posted on 03/18/2019 9:32:37 AM PDT by Bob434
[ Post Reply | Private Reply | To 11 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-26 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson