Replies: 41 (Who?), Viewed: 1906 times.
Page 1 of 2
Forum Resident
Original Poster
#1 Old 15th Mar 2019 at 5:06 PM
Default WINRAR Actively exploited to Install Hard-to-detect malware
Because a lot of us use programs to zip our files, I thought I would share this. According to a lot of technical information websites, a bug in older versions of WinRAR is allowing hackers to install malware.

Be careful when downloading TORRENT files especially (anyway?) because this platform is also targeted.

the gist of the article is update your version of WinRAR to the latest version 5.7 winrar latest version

alternately, you can also use 7Z
Advertisement
Mad Poster
#2 Old 15th Mar 2019 at 5:10 PM Last edited by simmer22 : 16th Mar 2019 at 2:14 AM.
Do you have a link to the article?

Personally, I never auto-extract files - I open the archive and mark the files, moving them over to a folder manually. That way I don't accidentally extract hidden files. Not sure if it helps, but so far I haven't had issues with malware from archive folders.

I've also fixed settings so most programs, downloads and installs don't start without a warning (basically the Windows settings on one of the highest settings, which makes the "do you want to run this program?" window pop up). I know some people find this annoying, but I don't mind too much. If it can help hinder malware, I don't mind at all. I'm also very careful of what I download and where I downlaod from, and I'm always skeptical when visiting new sites. I've also turned browser settings on high, so they don't download stuff I don't know about.
Scholar
#3 Old 15th Mar 2019 at 5:54 PM
Alchemist
#4 Old 15th Mar 2019 at 6:10 PM
People still use Winrar? Shit, I haven't used it since I found IZarc.

I don't wanna come between
I don't wanna ruin your love
But Derrick is a strange machine
Former Hamster
retired moderator
#5 Old 15th Mar 2019 at 6:23 PM
WinRAR automatically updated on me sometime last week. This is probably why so mystery solved.
Mad Poster
#6 Old 15th Mar 2019 at 11:48 PM
I've learned over the years that you never, ever download a torrent file. They're notorious for having malware in them, and because it's torrent, you gets what you pays for.

Receptacle Refugee & Resident Polar Bear
"Get out of my way, young'un, I'm a ninja!"
My downloads of various stuff: https://www.mediafire.com/#myfiles (including funerals!)
Scholar
#7 Old 16th Mar 2019 at 12:01 AM
Quote:
Originally Posted by FranH
I've learned over the years that you never, ever download a torrent file. They're notorious for having malware in them, and because it's torrent, you gets what you pays for.



To be fair, torrents can be (and are) used for legitimate and perfectly legal distribution of stuff. look at many Linux distributions and open source programs. They use torrents / give the option to use one since it would mean less strain on their servers and you'd potentially get it quicker
Mad Poster
#8 Old 16th Mar 2019 at 12:23 AM
Quote:
Originally Posted by HarVee
People still use Winrar? Shit, I haven't used it since I found IZarc.

I had IZarc for the longest time, until I started modding for Minecraft, and was told WinRAR was the only program able to open files associated with it, so i downloaded it.
Now though, it's WinRAR that deals with every zip I have, create etc...and I HATE this.

Je mange des girafes et je parle aussi français !...surtout :0)

Find all my old MTS Uploads, on my SFS, And all new uploads Here . :)
Mad Poster
#9 Old 16th Mar 2019 at 1:16 AM
Quote:
Originally Posted by Rosebine
I had IZarc for the longest time, until I started modding for Minecraft, and was told WinRAR was the only program able to open files associated with it, so i downloaded it.
Now though, it's WinRAR that deals with every zip I have, create etc...and I HATE this.


If it's RAR5 7-Zip and Bandizip can both open it

I'm secretly a Bulbasaur. | Formerly known as ihatemandatoryregister

If you have any questions about YOPD, feel free to PM me. | Looking for SimWardrobe's mods? | Or Dizzy's? | Faiuwle/rufio's too! | smorbie1's Chris Hatch archives | Welcome to Oakbrook.
Forum Resident
#10 Old 16th Mar 2019 at 8:14 AM Last edited by Sims2Christain : 16th Mar 2019 at 12:35 PM.
Default So many grammatical errors
I've not had issues with WinRAR but this is good to know. I always extract files manually but by then its already been downloaded so its too late to do anything about if theres any malware. Not that I've come across any recently and when I finish my computer goes straight into airline mode.
Not that it will will help against already installed malware. If it exists on my pc then the antivirus programs should pick up on it soon enough after new updates.
Mad Poster
#11 Old 16th Mar 2019 at 11:20 AM
The article mentioned bootlegged stuff. If you pirate it you deserve the malware.
Instructor
#12 Old 16th Mar 2019 at 5:08 PM
Quote:
Originally Posted by chicvibe
Because a lot of us use programs to zip our files, I thought I would share this. According to a lot of technical information websites, a bug in older versions of WinRAR is allowing hackers to install malware.

Be careful when downloading TORRENT files especially (anyway?) because this platform is also targeted.

the gist of the article is update your version of WinRAR to the latest version 5.7 winrar latest version

alternately, you can also use 7Z


My experience, never download any files from TORRENT!!! They are indeed virus files.
Undead Molten Llama
#13 Old 16th Mar 2019 at 5:37 PM
Quote:
Originally Posted by suzymarie64
My experience, never download any files from TORRENT!!! They are indeed virus files.


No, in general, they aren't. Antivirus software will flag key generators (the thing you use to generate a serial number if you're downloading software you don't actually own, which are often included in torrents of games and other software), but those aren't viruses, either. It's a false positive. The torrents themselves don't generally contain harmful stuff; that's just what's said to scare people away. Torrenting SITES, on the other hand? That's what you need to watch out for. Generally, you can't get to torrents without visiting a search site to find them, and that's where trouble happens for the unwary who just want a free game or something, who go to such sites without being well-firewalled and VPN'ed and stuff. Which you ought to be if you're on the Internet at all anyway, if you're smart.

As for malware: Get good software that prevents you from getting it in the first place. Spybot's good, even its free version. If you already have malware, antivirus programs can be hit-and-miss with detecting and removing it (viruses are only one type of malware), but a more specialized program like Malwarebytes works well, especially if you get the not-free version. Use that, Spybot, and a good antivirus program, and religiously keep all of them updated, and you'll be well-served.

As for unpackers: For heaven's sake, use 7-Zip. It'll unpack pretty much everything. Just set it as the default unpacker for every file type it recognizes. It's free and open-source, too.

I'm mostly found on (and mostly upload to) Tumblr these days because, alas, there are only 24 hours in a day.
Muh Simblr! | An index of my downloads on Tumblr.
Forum Resident
#14 Old 16th Mar 2019 at 8:34 PM
"torrent" is just a protocol. If you want to steer clear of torrents at all, you should never update windows (because IIRC that's the protocol of the updates since Vista - keeping things really simple). Oh... you cannot. Well... speaking of malware.

I'd not encourage anybody for going into "torrenting" in any form without some basic knowledge not only in the basics of computer hygiene and at last elementary competence in networking *and* some enlightement in local application of law. Because in this protocol any peer is both the host and the server. Which means (in plain english) that you're not only downloading but also redistributing the content in question; even if you disable shares, you're still part of the chain which may lead you into legal trouble if within said chain part of the transmitted data is copyrighted for example. And while the 1st may be completely (or barely) legal in your country, the second definitelly wont'be.
And there's the question of source. injecting the link from trusted repository is as safe as it can be in the worl in current state of madness and stupidity. But if you wanna torrent that cute Sims expansion you lack, well - that's a bad idea.

Quote:
As for unpackers: For heaven's sake, use 7-Zip. It'll unpack pretty much everything. Just set it as the default unpacker for every file type it recognizes. It's free and open-source, too.


I second that. Why would you use worse program with laughable encryption when you can use better, faster and safer not only without a charge but also well curated and maintained?

Fox-Lambert (A)RL
hiatus 'till the life run again in the normal-abnormal way
favorite quote: "When ElaineNualla is posting..I always read..Nutella. I am sorry" by Rosebine
self-claimed "lower-spec simmer"
Mad Poster
#15 Old 16th Mar 2019 at 10:21 PM
Well, glad I have nothing to worry about. Because I have no clue what everyone is talking about. So I'll just be leaving then.

Namaste
Lab Assistant
#16 Old 16th Mar 2019 at 10:54 PM
People seriously still spread the "torrentz are teh evilest thing online they will give you nothing but viruses!" mantra? You're more likely to get malware or virus from a shady ad popping up on adfly page than from a torrent downloaded from popular/safe source. Keywords being 'popular & safe source', if you grab your files from shady sites you're kind of begging for trouble regardless of what you're downloading.

Digitalangels - where I post all my creations / Sims2packrat - where I host (and search for) stuff by inactive creators
Mad Poster
#17 Old 19th Mar 2019 at 11:38 AM
Well, about that WinRAR exploit-it is worse than anyone expected. McAfee is still identifying the exploits going on:

WinRAR patch is issued but the unpatched are at risk

Receptacle Refugee & Resident Polar Bear
"Get out of my way, young'un, I'm a ninja!"
My downloads of various stuff: https://www.mediafire.com/#myfiles (including funerals!)
Field Researcher
#18 Old 19th Mar 2019 at 2:23 PM
Quote:
Originally Posted by iCad
No, in general, they aren't. Antivirus software will flag key generators (the thing you use to generate a serial number if you're downloading software you don't actually own, which are often included in torrents of games and other software), but those aren't viruses, either. It's a false positive. The torrents themselves don't generally contain harmful stuff; that's just what's said to scare people away. Torrenting SITES, on the other hand? That's what you need to watch out for. Generally, you can't get to torrents without visiting a search site to find them, and that's where trouble happens for the unwary who just want a free game or something, who go to such sites without being well-firewalled and VPN'ed and stuff. Which you ought to be if you're on the Internet at all anyway, if you're smart.

As for malware: Get good software that prevents you from getting it in the first place. Spybot's good, even its free version. If you already have malware, antivirus programs can be hit-and-miss with detecting and removing it (viruses are only one type of malware), but a more specialized program like Malwarebytes works well, especially if you get the not-free version. Use that, Spybot, and a good antivirus program, and religiously keep all of them updated, and you'll be well-served.

As for unpackers: For heaven's sake, use 7-Zip. It'll unpack pretty much everything. Just set it as the default unpacker for every file type it recognizes. It's free and open-source, too.


Just reposting what iCad said. For searching for malware, using something other than anti-virus is a must, as it doesn't pick up everything. Malawarebytes is very good for using after your anti-virus.

I'm still using Win-RAR though,
Mad Poster
#19 Old 19th Mar 2019 at 2:26 PM
Oh good, I have the latest patch, so I'm fine.
Mad Poster
#20 Old 19th Mar 2019 at 5:28 PM
The exploit itself is actually in the library used to extract ACE archives, which is removed in newer versions and not even present in 7-Zip. I would guess that that the infected "RAR" file is probably just an ACE with a renamed extension. That wouldn't even open in 7-Zip which lacks ACE support.

I'm secretly a Bulbasaur. | Formerly known as ihatemandatoryregister

If you have any questions about YOPD, feel free to PM me. | Looking for SimWardrobe's mods? | Or Dizzy's? | Faiuwle/rufio's too! | smorbie1's Chris Hatch archives | Welcome to Oakbrook.
Needs Coffee
retired moderator
#21 Old 19th Mar 2019 at 11:15 PM
So we are supposed to be using 7-Zip? I've used WinRAR for years to unzip sim files from here and to zip up lots for years.

"I dream of a better tomorrow, where chickens can cross the road and not be questioned about their motives." - Unknown
~Call me Jo~
Theorist
#22 Old 20th Mar 2019 at 4:35 AM
I switched to 7zip ages ago - mostly because the trial WinRAR was being annoying and I didn't love it enough to pay money. I find 7zip easy and reliable. It makes smaller files, too, I believe.
Scholar
#23 Old 20th Mar 2019 at 5:29 AM
Quote:
Originally Posted by aelflaed
I switched to 7zip ages ago - mostly because the trial WinRAR was being annoying and I didn't love it enough to pay money. I find 7zip easy and reliable. It makes smaller files, too, I believe.


Their .7z format is great. I've heard it beats .RAR files a bit in terms of compression. I also really like the "split" feature which it has. In other words, you can split huge files into smaller ones (or parts - split a 3 GB file into 50 MB increments) and you can also make SFX archives which can extract on any Windows machine without the need for 7zip.

To put it simply: I only use 7zip!
Lab Assistant
#24 Old 20th Mar 2019 at 5:32 AM
Stop using proprietary **** and install 7-Zip.
Mad Poster
#25 Old 20th Mar 2019 at 7:57 AM
I paid for WinRAR, because it was so useful and I haven't had any problems with it, so I'll keep using it.
Page 1 of 2
Back to top