New Virus Attack Technique Bypasses Filters

edited February 2005 in Science & Tech
Virus writers have once again gotten the drop on anti-virus vendors and IT administrators with a new technique that's finding early and considerable success.
Late last month, administrators and service providers began seeing virus-infected messages with a new type of attachment hitting their mail servers: an .rar archive. .Rar files are similar to .zip files in that they are containers used to hold one or more compressed files. The .rar format is not as widely known as .zip, but it is used for a number of tasks, including compressing very large files, such as music and video.

The emergence of .rar-packed viruses highlights the lengths to which virus writers are willing to go to evade anti-virus systems, as well as the limitations of those traditional signature-based defenses.

Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users, who are often unfamiliar with the file format. Administrators who have seen .rar-packed malware say that none of the messages have been stopped by their anti-virus defenses.
Source: eWeek

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2005
    The "lengths" they'll go to :rolleyes:

    wow, like clicking on "add to RAR archive" is SO much more 1337 and hardcore than clicking "add to ZIP archive" :thumbsup:
  • CammanCamman NEW! England Icrontian
    edited February 2005
    I wouldn't see how this would work better. .rar being a 'lesser used' compression format, as they say, don't you need WinRAR to unpack it? So...wouldnt less people be able to unpack the virus if they don't have a program to do so? Or does the built in Windows XP decompressor handle .rar files too?
  • GrayFoxGrayFox /dev/urandom Member
    edited February 2005
    Only winrar ,7zip and that one that came with debian do .rar as far as i know.
  • GargGarg Purveyor of Lincoln Nightmares Icrontian
    edited February 2005
    Camman wrote:
    I wouldn't see how this would work better. .rar being a 'lesser used' compression format, as they say, don't you need WinRAR to unpack it? So...wouldnt less people be able to unpack the virus if they don't have a program to do so? Or does the built in Windows XP decompressor handle .rar files too?

    Right, so while these packaged viruses may be spreading, are there really any infections? Seems to me that since it's a 'lesser used' format, most people who would be using .rars would know better than to open one that's an email attachment.
Sign In or Register to comment.