Home |
Search |
Today's Posts |
|
Woodworking (rec.woodworking) Discussion forum covering all aspects of working with wood. All levels of expertise are encouraged to particiapte. |
|
LinkBack | Thread Tools | Display Modes |
#1
|
|||
|
|||
Warning About .rar Files
Since we now have a poster telling us how to decompress the "book" files =
it is time for all to be aware that some snakes have been hiding vile = things inside these compressed files. I do not advocate "never" looking into .zip and .rar files. I do think = they should be expanded into a quarantined folder and checked by our AV = software before letting them loose. Be careful. --=20 PDQ -- -------------------------------------------------------------------------= ---- http://www.eweek.com/article2/0,1759,1756636,00.asp Virus writers have once again gotten the drop on anti-virus vendors and = IT administrators with a new technique that's finding early and = considerable success. ADVERTISEMENT Late last month, administrators and service providers = began seeing virus-infected messages with a new type of attachment = hitting their mail servers: an .rar archive. .Rar files are similar to = ..zip files in that they are containers used to hold one or more = compressed files. The .rar format is not as widely known as .zip, but it = is used for a number of tasks, including compressing very large files, = such as music and video. The emergence of .rar-packed viruses highlights the lengths to which = virus writers are willing to go to evade anti-virus systems, as well as = the limitations of those traditional signature-based defenses. Experts say .rar files carrying viruses have been sailing past = commercial anti-virus products and finding their way into the mailboxes = of users, who are often unfamiliar with the file format. Administrators = who have seen .rar-packed malware say that none of the messages have = been stopped by their anti-virus defenses. Many of the messages in .rar virus e-mail are slick invitations to view = pornographic content, which is part of the reason for the viruses' = success, experts say. .Rar's compression algorithm is 30 percent more = efficient than .zip technology, so it is often used to compress such = content. E-mail purporting to deliver images and video in an .rar = archive may well be taken as legitimate, experts say. Once opened, the archive typically contains an executable file with a = double extension, such as "foto.jpg.exe." The viruses themselves are new = and are usually droppers that install a Trojan or back door on the = user's PC. "Most of these are appealing to lustful young men," said Bill Franklin, = president of Zero Spam Network Corp., in Coral Gables, Fla., a managed = services provider. "It's a game of percentages. This is just another way = to get control of machines. It may hit fewer machines, but they're = probably more technical users, so their machines would be of higher = value. It's a good example of the fact that virus writers are probing = every nook and cranny." One recent .rar virus that appeared at the end of last week is disguised = as a patch from Microsoft Corp. Although the text of the e-mail is = poorly written, users have often proved willing to fall for such = pitches. Franklin said that he has seen about six or seven new .rar = viruses each week this month and that all of them are getting past the = anti-virus products installed on his network. Anti-virus vendors have acknowledged the presence of viruses delivered = as .rar files in the past few weeks and are scrambling to develop tools = to identify and eradicate the malware. Officials at McAfee Inc., which by the end of last week had developed = signatures for a few of the new viruses, said virus writers probably = have turned to using .rar archives to get past gateway filtering rules. = "Some large corporations have blocked [.zip files], so this is a way = around that," said Jimmy Kuo, a McAfee Fellow at the Santa Clara, = Calif., company. Kuo said some early NetSky variants used .rar archives as well. One administrator who has seen a number of these viruses recently on his = network said that while the social engineering in the messages is = nothing special, the novelty of the .rar format is enough to fool some = users. "Most users have finally gotten trained not to open .zips and = executables, and now we have to worry about this," said the = administrator, who asked not to be identified. "Our [anti-virus system] = doesn't catch these yet, so we have to block it at the gateway in order = to stop them." |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Hard drive repair (longish) | Electronics Repair | |||
Files/Rasps for Woodworking | Woodworking | |||
source for parallel machine files - progress | Metalworking | |||
another source for parallel machine files (die filer) | Metalworking | |||
A warning to all OR... How I nearly burned down my studio without really trying | Metalworking |