WinRAR File Extension Spoofing vulnerability

in winrar •  8 years ago 

WinRAR is a widely used file archiver and data compression utility helps hackers to distribute malicious code

Israeli security researcher Danor Cohen (An7i) discovered the WinRAR file extension spoofing vulnerability.

WinRAR file extension spoofing vulnerability allows hackers to modify the filename and extension inside the traditional file archive, that helps them to hide binary malicious code inside an archive, pretending itself as '.jpg' , '.txt' or any other format.

Using a Hex editor tool, he analysed a ZIP file and noticed that winrar tool also adds some custom properties to an archive, including two names - First name is the original filename (FAX.png) and second name is the filename (FAX.png) that will appear at the WINRAR GUI window.

Danor manipulated the second filename and extension to prepare a special ZIP archive, that actually include a malware file "FAX.exe", but displaying itself as "FAX.png" to the user.

Cyber intelligence company, IntelCrawler also published a report, which revealed that cybercriminals specialized in cyber espionage attacks are using this zero-day vulnerability in the wild to target several aerospace corporations, military subcontractors, embassies, as well as Fortune Global 500 companies.

Using this technique, an attacker can drop any malware in very convincing manner to the victim's system. "Using this method the bad actors bypass some specific security measures including e-mail server’s antivirus systems" IntelCrawler said.

Danor successfully exploited winrar version 4.20, and IntelCrawler confirmed that the vulnerability also works on all WinRar versions including v.5.1.

winrar hacker vulnerability
8 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    3 votes
    2
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!
    Sort Order:  
  • Trending
    • [-]
      ·  8 years ago 

    Source: http://thehackernews.com/2014/04/winrar-file-extension-spoofing.html

    Not citing sources is plagiarism, and copying pasting articles without permission is copyright infringement. If you want to share a news story, simply link to the source, and include your original commentary, and possibly small quotes from the source.
    Copy paste is discouraged by the community, and may result in action from the cheetah bot.

    Creative Commons: If you are reposting under a Creative Commons license, please attribute and link according to the specific license. If you are reposting under CC0 please consider noting that at the end of your post.

    If you are actually the original author, please do reply to let us know!

    Thank You! ☙

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00
      [-]
        ·  7 years ago 

      Congratulations @hardmanj! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

      Happy Birthday - 1 Year on Steemit
      Click on any badge to view your own Board of Honor on SteemitBoard.
      For more information about SteemitBoard, click here

      If you no longer want to receive notifications, reply to this comment with the word STOP

      By upvoting this notification, you can help all Steemit users. Learn how here!

      Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

      • Disagreement on rewards
      • Fraud or plagiarism
      • Hate speech or trolling
      • Miscategorized content or spam

      Submit
      $0.00