Posted on 03/18/2019 6:04:06 AM PDT by dayglored
After being a staple on PCs for so many years, last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that’s easily exploited by hackers and malware distributors. Fortunately, the software has been patched with the recent release of version 5.70, but after being unchecked for so long and installed by so many people, a new wave of malware is taking advantage.
Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension, so that when opened they can automatically extract malware programs. These programs are installed in a PC’s startup folder, allowing them to start running anytime the computer is turned on, all without the user’s knowledge.
Once the bug was disclosed, however, hacker groups really began using it to their advantage, with various nations becoming the target of state-backed cyber-espionage campaigns attempting to collect intelligence. The latest comes from McAfee, the software security firm, which notes that it has identified over 100 unique exploits that use the WinRAR bug, most of them targeting the US.
Malware distributors are well aware of WinRAR’s prevalence among those who prefer to illegally download their media, as McAfee notes that one of the more popular exploits targets victims with a bootleg copy of Ariana Grande’s latest album, Thank U, Next.
The WinRAR software isn’t nearly as popular as it was years ago, but since it’s racked up over 500 million users in almost 20 years, there’s no way to know how many have been affected by the bug. The other big problem is that while version 5.70 was released in late January, it must be manually downloaded and installed from the website, leaving most users unaware of the critical update.
The other big problem is that while version 5.70 was released in late January, it must be manually downloaded and installed from the website, leaving most users unaware of the critical update.
These malwares make a computer run very slowly over time.
Wouldn’t we have noticed that after 2 decades?
Still better safe than sorry.
19 years????
Updated. Thanks for the hint!
FWIW, the RUSSIANS seem to use WinRAR a lot, for some odd reason..........................
Compressed folders have been built in to Windiws for over 10 years. I haven’t used 3PAs for zipping in a long time.
Free
If you just need to unpack WinRar files, you can use 7-zip. It is free and open source, so you can inspect the code for vulnerabilities if you like.
Bookmark
MalwareBytes is a pretty good product, and the ‘basic version’ is free.
Wow...
It wouldn’t hurt to update 7-zip as well. My copy was years out of date.
Anyone who would listen to Ariana Grande deserves everything they get.
Well, guess I better uninstall it from my old XP machine. Don’t think I can get the latest updated for that anyway.
Same here...thanks for the heads-up!
[[These malwares make a computer run very slowly over time.]]
awesome- i can’t stand fast computers- everyone’s in such a hurry these days- i say take your time- don’t rush so much- slow things down lol
that’s what I’ve always used-
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.