o_e_l_e_o (OP)
In memoriam
Legendary
 Offline
Activity: 2268
Merit: 18509
|
 |
March 08, 2019, 07:44:45 PM
Last edit: March 08, 2019, 09:12:09 PM by o_e_l_e_o |
|
Saw this post on reddit earlier: https://www.reddit.com/r/Bitcoin/comments/ayoz1k/hey_everybody_patch_your_winrar_or_lose_coins/Long story short, there is an exploit in Winrar which allows an attacker to deploy a .exe file to your startup folder whenever you extract an archive, thereby automatically executing it next time you restart. This is obviously a massive risk to anyone who holds coins in a desktop wallet. You should update Winrar immediately to the latest version from here: https://www.rarlab.com/download.htm. Alternatively delete Winrar altogether and use 7zip instead (but don't be fooled in to thinking that any piece of software is completely safe). Edit: As NeuroticFish points out below, 7zip also had a security vulnerability discovered last year, so if you are currently using that, you should update it too. And if you aren't already, use a hardware wallet. |
|
|
|
|
|
|
|
|
|
|
|
|
|
The network tries to produce one block per 10 minutes. It does this by automatically adjusting how difficult it is to produce blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3668
Merit: 6376
Looking for campaign manager? Contact icopress!
|
You only get a pop-up which notify trial already ended everytime you open WinRAR.
I've used WinRAR like that for a number of years, but it didn't feel OK. Now I use 7zip. It's free and it's as good as WinRAR. Alternatively delete Winrar altogether and use 7zip instead (but don't be fooled in to thinking that any piece of software is completely safe).
If you (we) advertise 7zip, it's fair to tell that 7zip also had a nasty vulnerability last year, so if anybody still has an ancient version of 7zip, that needs update too. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
wwzsocki
Legendary
Offline
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
|
|
March 09, 2019, 12:50:35 PM |
|
Thank you @o_e_l_e_o, I am actually using an old version of WinRar on my desktop together with my wallets so yes I am/was affected for sure. I am out of merits right now but when I only get my first smerit he will fly your way as soon as possible. You only get a pop-up which notify trial already ended everytime you open WinRAR.
If anybody wants to use WinRar legally the price excluding VAT is € 29,95 and this is a lifetime license. I think it should be freeware especially for personal use, not shareware because of 7zip and other programs like this which are all gratis. Winrar is the only one paid in this group. |
|
|
|
Awesomus Maximus
Member
Offline
Activity: 392
Merit: 66
|
|
March 09, 2019, 12:56:46 PM |
|
If you (we) advertise 7zip, it's fair to tell that 7zip also had a nasty vulnerability last year, so if anybody still has an ancient version of 7zip, that needs update too.
Thanks for the warning! I have given up on winrar a long time ago, using 7zip as a substitute. But, I haven't updated in a while, so again thanks for this information. |
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2506
Merit: 3645
Buy/Sell crypto at BestChange
|
|
March 09, 2019, 05:58:38 PM |
|
Is it not strange that hacker attacks are becoming in popular applications that we replicate frequently and trust them by default? "Metamask, MEGA,...etc" If you (we) advertise 7zip, it's fair to tell that 7zip also had a nasty vulnerability last year, so if anybody still has an ancient version of 7zip, that needs an update too.
Thank you, I'm using a very old version of that application and I have not updated it for a while. I did not have a problem with that app but it's better to update it. Thanks for the warning |
|
|
|
o_e_l_e_o (OP)
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
Is it not strange that hacker attacks are becoming in popular applications that we replicate frequently and trust them by default? "Metamask, MEGA,...etc" It's very concerning. The WinRAR exploit was from a .dll file which hadn't been updated in 14 years. WinRAR did not have access to this .dll file's source code, so they just had to drop it altogether in the latest update. It's kind of similar to the CoPay wallet hack last year, where someone was granted admin rights to a unmaintained dependency of the wallet, and the wallet then pulled in the malicious code. Even if you completely trust the writers of the program you are using, and even if you look at the code yourself, it becomes an impossible task to personally audit every dependency/file for every piece of software. It makes a really good argument for hardware wallets. |
|
|
|
|
|
Crypto Girl
|
|
March 10, 2019, 08:06:12 AM |
|
Thanks for the heads up though my hardware wallet isn't connected to my desktop that have old winrar application so I think this is at least a relief for me. If anybody wants to use WinRar legally the price excluding VAT is € 29,95 and this is a lifetime license.
How much will be the VAT? Is it depend on the country I'm residing? |
|
|
|
wwzsocki
Legendary
Offline
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
|
|
March 10, 2019, 02:08:37 PM |
|
Thanks for the heads up though my hardware wallet isn't connected to my desktop that have old winrar application so I think this is at least a relief for me. If anybody wants to use WinRar legally the price excluding VAT is € 29,95 and this is a lifetime license.
How much will be the VAT? Is it depend on the country I'm residing? Thanks for the heads up though my hardware wallet isn't connected to my desktop that have old winrar application so I think this is at least a relief for me. If anybody wants to use WinRar legally the price excluding VAT is € 29,95 and this is a lifetime license.
How much will be the VAT? Is it depend on the country I'm residing? Yes, this depends on the country You are actually residing @Crypto Girl and make the purchase from because you will be redirected to a proper page. Additionally, I have info from Winrar page about license and program usage after 40 days of the free period. Purchase of a WinRar licenseAfter the forty-day trial period, you must uninstall WinRAR (Control Panel / Add or Remove Programs) or purchase a license that will allow you to continue to use WinRAR permanently and without restrictions. The WinRAR software license is for life. Prices and ordering options can be found on this page. Private individuals only need one license for all computers used in their own homes. With a single license, you can install and use the program on all computers belonging to the buyer. You should buy a license because thanks to this:-You are motivating us to continue working on WinRAR -You can use WinRAR for commercial applications -You have the right to access technical support via e-mail and WinRAR Service Centers around the world The main licensing rules-The license will be issued electronically, in the form of a key file, and the installation program is downloaded from the winrar website -The WinRAR license will be issued by name in your name or company name. -We can not change or return, cancel the license after purchase. Test WinRAR for 40 days free of charge before ordering. During the testing period, the program is fully usable and has no functional limitations. |
|
|
|
Velkro
Legendary
Offline
Activity: 2296
Merit: 1014
|
|
March 10, 2019, 03:48:57 PM |
|
Long story short, there is an exploit in Winrar which allows an attacker to deploy a .exe file to your startup folder whenever you extract an archive
This is so critical i can't stress this enough. Im very suprised many security websites i tend to visit sometimes i checked and they didn't mention it yet. Bitcoin community is first to alert people about this so fast. |
|
|
|
|
o_e_l_e_o (OP)
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
March 10, 2019, 04:36:38 PM
Last edit: March 10, 2019, 04:57:39 PM by o_e_l_e_o |
|
This is so critical i can't stress this enough. Its potential implications are far wider reaching than stealing bitcoins as well. An .exe file dropped in a Windows start-up folder could achieve anything from stealing data, encrypting your hard drive and asking for a random, keylogging, you name it. With an estimated 500 million WinRAR users, and who knows how many archives being downloaded and extracted every day, it's only a matter of time before someone takes advantage of this exploit big style. I'm sure there will be many individuals, and quite a few companies, hit with an attack of some sort using this method. |
|
|
|
|
Kakmakr
Legendary
Offline
Activity: 3444
Merit: 1957
Leading Crypto Sports Betting & Casino Platform
|
|
March 10, 2019, 05:59:15 PM |
|
The question is, if they are aware of the exploit, why have they not patched it and distributed the update? I have been using 7Zip and WinZip and WinRAR for years without noticing any strange behavior, but I have several AV software and Malware detection, running on my computers. I also use several other OS like Tails and Linux for different uses, so one exploit in one software will never stop me from doing my thing. I also use Virtual machines for the testing of new software, to prevent critical infections.  |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Artemis3
Legendary
Offline
Activity: 2030
Merit: 1563
CLEAN non GPL infringing code made in Rust lang
|
|
March 11, 2019, 02:23:48 AM |
|
The question is, if they are aware of the exploit, why have they not patched it and distributed the update? I have been using 7Zip and WinZip and WinRAR for years without noticing any strange behavior, but I have several AV software and Malware detection, running on my computers. I also use several other OS like Tails and Linux for different uses, so one exploit in one software will never stop me from doing my thing. I also use Virtual machines for the testing of new software, to prevent critical infections. 7zip can open all file types, and can definitely make zip files, so there is zero reason to keep winzip and winrar. 7zip is free open source software, and that should be enough reason to give it priority. In Linux other compression algorithms have now taken the spot, such as xz. I think 7zip can handle those too. There is 7z for Linux of course. |
█████████████████████████
██████████████████████████
██████████████████████████
███████████████████████████ | BRAIINS OS+| | AUTOTUNING
MINING FIRMWARE| | Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Braiins Pool | |
|
|
|
o_e_l_e_o (OP)
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
March 11, 2019, 06:26:12 AM |
|
-snip- The latest versions of WinZip, WinRAR, and 7zip can all support .xz files. I agree about swapping to 7zip, but with the caveat that I pointed out in my first post, and also by NeuroticFish above - open source doesn't automatically mean safe. Always be careful. |
|
|
|
|
|
UserU
|
|
March 11, 2019, 07:36:13 AM |
|
Thanks for the heads up! I'll update mine ASAP.
And for something like this to happen not long after the Chrome 0-day attack, just wow...
|
.
.500 CASINO.██ | ▄▀ |
▄
▄ | | .
THE HOTTEST CRYPTO
CASINO & SPORTSBOOK | | ▄▄▄████████████
▄▄▄███████████████████
▐█████████████████████
█████████████████████
▐███████████████████
▐███████████████████
███████████████████
██████▀█████▀██████
▐████████▀█████████
▐███████████████████
███████████████████
▐███████████████████
▀██████▀▀▀▀▀▀ ▀▀▀█ | ▄▄▄▀▀▀▀▀▀▀▄▄▄
▄▄▀▀▄ ▄ ▀ ▀ ▀ ▄ ▄▀▀▄▄
▄▀▄ ▀ ▀ ▄▀▄
█ ▄ ▄ █
█ ▄ █████ ▄███▄ ▄███▄ ▄ █
█ ▄ ██▄▄ ██ ██ ██ ██ ▄ █
█ ▄ ▀▀▀██ ██ ██ ██ ██ ▄ █
█ ▄ ▄▄ ██ ██ ██ ██ ██ ▄ █
█ ▄ ▀███▀ ▀███▀ ▀███▀ ▄ █
█ ▄ ▄ █
▀▄ ▀ ▄ ▄ ▀ ▄▀
▀▀▄▄ ▀ ▄ ▄ ▄ ▄ ▀ ▄▄▀▀
▀▀▀▄▄▄▄▄▄▄▀▀▀ |
█▄▄▄██████████▄▄▄
███████████▀██▀▀██▄▄
███████████████████▄
█████████████████████
████▄████▄███████▄███
█████████████████████
████▀████▀███████▀███
█████████████████████
███████████████████▀
███████████▄██▄▄██▀▀
▀▀▀██████████▀▀▀ | |
► ORIGINALS
► SLOTS | |
► LIVE GAMES
► SPORTSBOOK |
▄
▄
| ▀▄ | .
██..PLAY NOW.. |
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2310
Merit: 10758
There are lies, damned lies and statistics. MTwain
|
|
March 11, 2019, 02:41:26 PM
Last edit: March 11, 2019, 03:35:20 PM by DdmrDdmr |
|
We should really be updating our winrar program asap if we intend to keep on using it. According to Bleeping Computer, there is already a Malspam running that exploits the rar vulnerability (see Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor). The article depicts that a malspam campaign is distributing a malicious rar file, whose intent is to extract end-up connecting to a site and downloading various files amongst which is Cobalt Strike Beacon DLL, used by hackers to gain control to your computer … |
|
|
|
|
|
yesiam6
|
|
March 13, 2019, 09:11:06 PM |
|
Thank you very much o_e_l_e_o updated my Winrar but how could this Exploit stay undetected for 14 years.
Are there any other cases of this exploit having been used in the past?
|
___ __ ______
/__/\ /__/\ /_____/\
\::\_\\ \ \\:::_ \ \
\:. `-\ \ \\:\ \ \ \
\:. _ \ \\:\ \ \ \
\. \`-\ \ \\:\_\ \ \
\__\/ \__\/ \_____\/
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
March 13, 2019, 10:34:13 PM |
|
Thank you very much o_e_l_e_o updated my Winrar but how could this Exploit stay undetected for 14 years.
Much the same way that the Electrum "error notification" exploit went undetected for so long... basically, no-one was looking for it, so no-one found it... The exploit wasn't in WinRAR itself, but in a bundled .DLL file for the ACE archiver, that the WinRAR devs did not have access to the source code for. To make use of this exploit, you needed to craft a malicious .ace archive (which could be renamed to .rar) that abused the way the ACE archiver dealt with file paths. Essentially, you could trick the archiver into extracting files to ANY file path, regardless of what the user selected. The implications of this are that you could then cause an arbitrary file to be extracted to the Windows "start-up" folder that would then be executed when the computer was next restarted... Are there any other cases of this exploit having been used in the past?
As far as I'm aware, there are no known cases of this exploit having been used prior to the current "malspam" attack that was launched after the exploit became public and the exploit generator script was published on github. |
|
|
|
|
