News

Baidu Antivirus is the Perfect Defense against WinRAR's 0day Vulnerability that May Affect Millions of Users

2014-04-21

   Recently,the Baidu Antivirus Security Center issued a warning that the WinRAR 0day vulnerability can be used by Zbot,Banker,and other infamous malicious viruses and trojans to enhance the effectiveness of their attacks. The WinRAR extraction/compression software's 0day vulnerability allows viruses and trojans to be displayed as pictures. After users unknowingly click them, they will be immediately infected. Users of WinRAR 4.2 are especially at risk.Currently, Baidu Antivirus security experts have already developed specialized protection against this vulnerability. This feature can detect and intercept carefully disguised trojan archive files (identified as Exploit.WinRar.spoof.gen).

   (The viruses use vulnerabilities spread through the Internet to generate malicious archive files and disguise themselves as JPG files)

   It is reported that the details of the WinRAR 0day vulnerability were first disclosed by the infamous foreign vulnerability site exploit-db.com. Hackers can exploit this vulnerability to create a false virus suffix.For example, in archive files, exe format viruses and trojans can be displayed as images, documents, orother apparently safe file formats. Users will be unable to see the threat and may open them.This vulnerability affects the WinRAR 4.x versions (affects Windows 8, Windows 7, and Windows XP).

 

   The Baidu Antivirus Security Center has not detected a large scale use of this WinRAR vulnerability by viruses and trojans. However, according to the predictions of our security experts, due to the fact that many people use old versions of WinRAR (especially as some companies generally do not use the latest version, and therefore corporate users need to be especially vigilant)and hackers are apparently unwilling to forgo any attack methods that may enhance their success rate, Zbot, Banker, and other viruses and trojans can usethis camouflage technique to easily infect many users. If users unknowingly click "Download", their banking and other information is at risk fromvirus and trojan attack.

   (The cloud statistics information shows that, currently, several million users are still using old versions of WinRAR)


   Baidu Antivirus security experts suggest that WinRAR users immediately upgrade to version 5.0 or higher to avoid this vulnerability.Further more, when downloading archive files, users should use Baidu Antivirus or another security software with WinRAR 0day defense capabilities to scan the files. This will defend against viruses and trojan simplanted in archive files.