New Virus Attack Technique Bypasses Filters
Virus writers have once again gotten the drop on anti-virus vendors and IT administrators with a new technique that's finding early and considerable success.
Source: eWeekLate last month, administrators and service providers began seeing virus-infected messages with a new type of attachment hitting their mail servers: an .rar archive. .Rar files are similar to .zip files in that they are containers used to hold one or more compressed files. The .rar format is not as widely known as .zip, but it is used for a number of tasks, including compressing very large files, such as music and video.
The emergence of .rar-packed viruses highlights the lengths to which virus writers are willing to go to evade anti-virus systems, as well as the limitations of those traditional signature-based defenses.
Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users, who are often unfamiliar with the file format. Administrators who have seen .rar-packed malware say that none of the messages have been stopped by their anti-virus defenses.
0
Comments
wow, like clicking on "add to RAR archive" is SO much more 1337 and hardcore than clicking "add to ZIP archive"
Right, so while these packaged viruses may be spreading, are there really any infections? Seems to me that since it's a 'lesser used' format, most people who would be using .rars would know better than to open one that's an email attachment.