WinRAR's Apparent Involvement in Spreading Malwares: A Product of Man's Playful Intellect and Dark Intentions

WinRAR, the leading data compression software worldwide has now been involved and is being used for malware campaigns.


Tampa, FL -- (SBWire) -- 05/23/2014 --Originally, WinRAR is used to compress large files, increase system storage space, reduce email attachment size, and make the data transfer faster. WinRAR gained its popularity in doing all these. And these features are what hackers saw to spread malwares all throughout the internet. These hackers are going after government, international organizations and even Fortune 500 companies around the globe.

On a post made by Danor Cohen, an Israeli security researcher, it was discussed that WinRAR has vulnerability that permits an individual to make a ZIP file that seems to contain one thing when compressed, when in reality, it contains a different thing overall.

From a hacker’s point of view, it will be easy for them to compress a Trojan or any other malicious software with WinRAR and make it seem like the ZIP file contains a document, or something that’s actually undamaging. The attacker then waits for someone to open the file, which in fact is an executable file. Once the receiver runs the file, mission accomplished! System infected.

Initially, the vulnerability was observed – which Cohen called “WinRAR File Extension Spoofing” – on WinRAR version 4.20 but further researches shows that the exploit can be made on all versions including the latest version 5.1.

The malware campaign is made possible when a file is compressed using WinRAR and a new file with new properties is created which includes an extra “file name” input. By modifying one of the “file name” inputs, the file can mislead the receiver to think that the file contains harmless files when in fact, this is the actual opposite of what is inside.

The attackers’ modus is to send out emails to their target which are said to be the aerospace corporations, embassies, military subcontractors and fortune 500 companies. The email has a secured ZIP file attachment and the password can be found on the message’s body. The file is intended to be secured to surpass the virus scanner. Also, the message reads that it’s from a trusted person or branch of the government to convince the receiver to open the file and eventually run the malware.

On a sample spam email, IntelCrawler, a cyber threat intelligence firm from Los Angeles, California, analyzed and determined that the virus is a “Zeus”, a malware like Trojan capable of creating remote management channels with the victim’s infected system thereby gathering passwords and saved forms.

“We predict the rise of such kinds of attacks, as it is really a very efficient way to trick the user, and moreover, the malware does not need to be password protected,” Dan Clements said, President of IntelCrawler.

WinRAR is without a doubt a very useful software to businesses, agencies, organizations and private individuals because of its amazing features. It is man’s playful intellect and dark intentions that such beneficial software is being exploited in threatening activities. WinRAR is not originally made to be involved in these activities in the first place. Why can’t man just stick with the status quo and keep things the way it should be?

WinRAR downloader uses a smart installer that will manage the installation of the selected software. In addition to managing the installation of the selected software, the installer will make recommendations for additional free software that one may be interested in. Additional software may include toolbars, browser add-ons, game applications, anti-virus applications, and other types of applications. One is not required to install any additional software to receive the selected software. One can completely remove the program at any time in Windows' Add/Remove Programs.

Media Relations Contact

Ned H. Corbin

View this press release online at: