14 DAY TRIAL // WinRAR, the famous archiving software technology, is currently attacked as TrendLabs reported a vulnerability which can allow an attacker to obtain remote control over an affected computer. The exploit code takes advantage of a buffer flow vulnerability in WinRAR 3.50 and earlier, TrendLabs wrote. A successful exploitation can be conducted through a Trojan horse identified by TrendLabs as TROJ_RDROPPER.A. After the infection is installed on the computer, it attempts to get a new file which opens a port to allow the attacker to obtain remote control over the affected system.
"Further analysis by TrendLabs researchers reveal that the said exploit (detected as TROJ_RDROPPER.A) arrives as a malicious .RAR file. Once the said file successfully exploits the WinRAR flaw, it proceeds to drop the file %User Temp%WINRAR.EXE, which is detected by Trend Micro as BKDR_DARKMOON.AH. The dropped backdoor, in turn, opens a random port and allows remote code execution by a malicious user," the TrendLabs blog post reads.
Just like usual, you're advised to update WinRAR to the latest version and avoid downloading untrusted RAR files coming from unknown sources.
The exploitation of the software vulnerabilities has always been one of the best ways for hackers to invade an affected system and get control over its content. And this cannot be stopped since numerous attackers from all over the world are attempting to find new flaws and glitches in all kinds of technologies meant to be downloaded and installed on the system.
That's why it is extremely important to keep your programs updated and apply the latest patches as soon as they are released. In addition, you can always update your antivirus with the most recent virus definitions to detect and stop possible infections aiming to reach the data stored on your drives.
In case you're looking for a security solution, you can try one of the programs listed on Softpedia available right here.