Details have been released on new software vulnerability, discovered in a hugely popular compression program – WinRAR, that’s used typically used to reduce file sizes or bundle up a collection of files for faster and easier data transfers.
Gavin Millard, Technical Director of Tenable Network Security explains, “The fact that there is a vulnerability in a hugely popular compression program is cause for concern as they are used by many to reduce file sizes or bundle up a collection of files for faster and easier transfers.
“This particular bug, discovered in WinRAR which reportedly runs on 500 million systems, is relatively easy to exploit and could lead to malicious file execution by anyone clicking on an archive containing the code – from a key logger trying to steal credentials, to ransomware that encrypt the files you care about.
“Compressed files sent as email attachments is one way malware authors could be considering as a potential use of this flaw. However, even movies and TV shows offered out on Bittorrent – the popular file sharing protocol, could just as easily have malicious code bundled in with the download.
“Our advice is that unexpected self extracting archive (SFX) files sent via email should always be opened with caution, no matter how enticing the alleged contents, and this diligence should extend when downloading music, videos and apps online.”
(317)
