Hi malware fighters,

Security researchers have noticed an increase in the number of malicious rar files that have been used in targeted attacks. A real problem, because WinRAR is a popular application to unpack archived files, but few users ever upgrade it. “Normally you do upgrade when a new functionality is needed, or whenever software prompt you to do so”, according to researcher Maarten Van Horenbeeck. Because WinRAR does not do nothing outside unpacking archive files, and does not prompt you for newer versions, there is no need for users to do so.

And we have to do just that very thing, because last year a number of serious security holes were found that enable an attacker to remotely hack a system, whenever a malicious manipulated RAR-file is opened by the victim. Yesterday a new malicious RAR-file, named pictures.rar was found. Only three av-scanners alerted for this exploit, F-Secure, Kaspersky & Ikarus, http://www.seriousblogging.com/daemon/5822/

The most recent WinRAR version could not open mentioned file, but an older version could, causing a buffer overflow to install a backdoor with keylogging functionality. Some exploits for WinRAR stand 300 days on end.

See the Daemon.BE survey re: exploits forr popular software.
Are we protected by avast?

polonus