Raptrex
Feb 22 2005, 11:49 PM
QUOTE Virus writers have once again gotten the drop on anti-virus vendors and IT administrators with a new technique that's finding early and considerable success.
Late last month, administrators and service providers began seeing virus-infected messages with a new type of attachment hitting their mail servers: an .rar archive. .Rar files are similar to .zip files in that they are containers used to hold one or more compressed files. The .rar format is not as widely known as .zip, but it is used for a number of tasks, including compressing very large files, such as music and video.
The emergence of .rar-packed viruses highlights the lengths to which virus writers are willing to go to evade anti-virus systems, as well as the limitations of those traditional signature-based defenses.
Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users, who are often unfamiliar with the file format. Administrators who have seen .rar-packed malware say that none of the messages have been stopped by their anti-virus defenses.
Many of the messages in .rar virus e-mail are slick invitations to view pornographic content, which is part of the reason for the viruses' success, experts say. .Rar's compression algorithm is 30 percent more efficient than .zip technology, so it is often used to compress such content. E-mail purporting to deliver images and video in an .rar archive may well be taken as legitimate, experts say.
eWEEK.com Special Report: Worm Attacks Once opened, the archive typically contains an executable file with a double extension, such as "foto.jpg.exe." The viruses themselves are new and are usually droppers that install a Trojan or back door on the user's PC.
"Most of these are appealing to lustful young men," said Bill Franklin, president of Zero Spam Network Corp., in Coral Gables, Fla., a managed services provider. "It's a game of percentages. This is just another way to get control of machines. It may hit fewer machines, but they're probably more technical users, so their machines would be of higher value. It's a good example of the fact that virus writers are probing every nook and cranny."
One recent .rar virus that appeared at the end of last week is disguised as a patch from Microsoft Corp. Although the text of the e-mail is poorly written, users have often proved willing to fall for such pitches. Franklin said that he has seen about six or seven new .rar viruses each week this month and that all of them are getting past the anti-virus products installed on his network.
Anti-virus vendors have acknowledged the presence of viruses delivered as .rar files in the past few weeks and are scrambling to develop tools to identify and eradicate the malware.
Officials at McAfee Inc., which by the end of last week had developed signatures for a few of the new viruses, said virus writers probably have turned to using .rar archives to get past gateway filtering rules. "Some large corporations have blocked [.zip files], so this is a way around that," said Jimmy Kuo, a McAfee Fellow at the Santa Clara, Calif., company.
Kuo said some early NetSky variants used .rar archives as well.
One administrator who has seen a number of these viruses recently on his network said that while the social engineering in the messages is nothing special, the novelty of the .rar format is enough to fool some users.
"Most users have finally gotten trained not to open .zips and executables, and now we have to worry about this," said the administrator, who asked not to be identified. "Our [anti-virus system] doesn't catch these yet, so we have to block it at the gateway in order to stop them." Original Sourcedam i hope i dont get one and i hope they dont make one for ZIP files
Reply
canute24
Feb 23 2005, 06:24 AM
Make one for zip files?? There are thousands of them. Didn't you read the quote? This is very bad news! I lost about 2GB .exe due to a virus attack so I usually Rar the files to protect them also to save space. Thank you for the info. To be on the safe side don't open any attachment from unknown people. Not even pics (jpg) they can attack using Java script. Recently I reported a virus which was sent to me by someone. But the problem is that the user doesn't know anything about the virus because it mail itself. Be careful. 
Reply
dai
Feb 23 2005, 06:58 AM
People need to learn not to open any attachments in email even if it is from their best friend. I know a lot of people who use windows and they have no idea what a file extension is. in fact, windows comes with the file extensions turned off by default. Ive seen viruses come as picture.jpg.pif ... this is obviously suspiscious. I saw it but if I hadn't turned on file extension visibility, I would have thought it was just a jpg file. as for rar's, they have been around a LONG time and I've been using them for a long time. most download places use rar rather than zip because it works better and faster.
Reply
mahesh2k
Feb 23 2005, 03:11 PM
Thanks for the help i think rar is very rarely used with most of setup makers actually compression rate of rar iss much more than zip and gz format. maybe rar format makers are really worried about this now.causee this way many users and new version makers are in trouble.anyway thanks for notifying.
Reply
RGPHNX
Feb 23 2005, 08:30 PM
Hey Guys, There are several anti-virus scanners that adequately & completely scan RAR files. They use "heuristic" scanning techniques rather than the more common "dictionary" scanning methods. The problem with dictionary methods is that the specific "bug" must be identified via a unique string used in the bug's modus operandi that no other bug out there (ie. 100K bugs & counting) uses. Then the anti-virus program maker must re-distribute the unique ID string for that particular bug in an updated "dictionary" to all the end users out there. This takes time. The heuristic scanner totally side steps the ID string issue & IDs bugs thru what they are doing to your system files (ie. dll, exe etc.). If there's any unauthorized changes thru commands in the virus's files that attempt to change the core essential files on your system, then the anti-virus alerts you to it or blocks it. The advantage that heuristic scanners have is that there is a finite number of changes that can be made to any system files as defined thru the allowed commands built into the OS. Hope this Helps RGPHNX
Reply
canute24
Feb 24 2005, 04:47 AM
There is absolutely no need to worry about viruses if you have a good antivirus running. I have PC-Cillin 2002 updated almost everyday. When I click on any file haveing a virus, absolutely anything at all, RAR,ZIP it catches it. Just keep updating. 
Reply
s243a
Feb 24 2005, 06:13 AM
I don’t completely get this whole virus issue. The rar virus you have to double click on an executable to access. Well, then it is partly the users stupidity for clicking on it. Then again there are a lot of people that are pretty lax in this stuff. Anyway, if a file Microsoft says is a media file executes as an executable I think Microsoft should be held liable for any damage. This is clear incompetence or worse a deliberate attempt to prop up the anti-virus industry.
Reply
canute24
Feb 24 2005, 06:50 AM
You don't get the whole virus issue that's why you are talking like this. No one click on the virus file unnecessarily. When you get one in the inbox you will understand the whole issue. It is not a problem for those who already know about it. It is only a problem for newbies.
Reply
Casanova
Feb 28 2005, 04:13 AM
Are these viruses contained as an executable copresed inside the rar, or is the virus executed when the archive is opened?
Reply
no9t9
Feb 28 2005, 03:17 PM
QUOTE(canute24 @ Feb 24 2005, 12:47 AM) There is absolutely no need to worry about viruses if you have a good antivirus running. I have PC-Cillin 2002 updated almost everyday. When I click on any file haveing a virus, absolutely anything at all, RAR,ZIP it catches it. Just keep updating. there is a problem with your statement. You think you don't have to worry because your anti virus catches all the viruses. But, this is just what you SEE. Your antivirus program only catches what it knows and it isn't going to tell you when it couldn't catch the virus. You COULD potentially have tons of viruses in your computer that your anti virus didnt catch. Antivirus is not a perfect solution. The best solution is a combination of awareness, software protection (antivirus, firewalls, etc.), and backups.
Reply
serverph
Mar 3 2005, 07:11 PM
QUOTE(canute24 @ Mar 4 2005, 02:22 AM) When there is a new virus it takes time for it to spread around the world from its birth place. But old ones are close. Without and antivirus the old ones will get into action. The old viruses are just quiet because of the antivirus. Imagine your drive gets filled up within minutes of installing the OS and your PC crashes everytime so what are you going to do??? Wait for the virus to go away? there is something wrong with this statement. QUOTE Without and antivirus the old ones will get into action. The old viruses are just quiet because of the antivirus. -- not necessarily true. there are dormant viruses (which wreaks havoc on your PC at a designated date and time), yes, BUT if that virus is there in your hard disk in the first place, then that antivirus application you are using is not effective at all since it did not do its job to destroy the old virus. you should throw that stuff away instead, and choose a better antivirus. i could give some leeway if it's a new virus, and the antivirus did not detect it, but old viruses -- that's just plain useless antivirus.
Reply
canute24
Mar 3 2005, 06:22 PM
QUOTE(=Savage+) god this is so annoying....why is it that there are people that are sad enough to sit around and create viruses that mess up are computer. its stupid havent these people got anything better to do in there life?
And what the hell is the point in anti-virus software when there are tons of viruses and wroms etc that can penetrate that shield? When there is a new virus it takes time for it to spread around the world from its birth place. But old ones are close. Without and antivirus the old ones will get into action. The old viruses are just quiet because of the antivirus. Imagine your drive gets filled up within minutes of installing the OS and your PC crashes everytime so what are you going to do??? Wait for the virus to go away?
Reply
=Savage=
Mar 2 2005, 07:30 PM
god this is so annoying....why is it that there are people that are sad enough to sit around and create viruses that mess up are computer. its stupid havent these people got anything better to do in there life? And what the hell is the point in anti-virus software when there are tons of viruses and wroms etc that can penetrate that shield?
Reply
canute24
Mar 2 2005, 06:35 PM
I have PC-Cillin, Spybot and Zone Alarm. I open every attachment expecting a virus and it usually is. They take care of the virus and other problems.
Reply
Recent Queries:--
why cant you zip then rar a file - 3.88 hr back. (1)
-
new msn virus attack - 86.49 hr back. (1)
-
how ot remove .rar files that have a virus - 104.05 hr back. (1)
Similar Topics
Keywords : virus, rar, files
- Iexplore.exe
is a virus i think (20)
Got A Virus Thru Msn! Im Miserable
newest msn virus (6) ok, so a few days ago I was away from msn and when i got back i had a message from a friend on
msn..it was a link that said somthing along the lines of "hey is this really you" and listed my
email address..I clicked on the link stupidly and when i did that I got a window that said "run or
save" i didn't click on either of those, I actually restarted my laptop, but since i did that,
every time i log on I get that run/save message popping up. I am unable to fully use msn on my
computer. I cannot receive webcams and my msn is freezing frequently. /mad.gif" style="verti....
Virus Thru Msn Messenger
Instant message supposedly thru my daughter... (6) I clicked on a fake instant message from my daughter 4 months ago. Clicked on a link that was
supposed to take me to a site to find out if anyone has blocked me. Daughter & I just talked the
week before & discussed whether my son was blocking me. I'm in a computer nightmare. Damn
virus, or whatever has taken over my pc.. Administrative rights.....won't let me install my new
printer...won't allow me to reinstall windows, pc shuts down during process. How do I get my
life back?....
Best Anti-virus Program? [closed For Redundancy]
(4) I want to lnow which one is the best anti-virus program because i'm having serious problems
regarding all these viruses and spywares.So i want to know which is the best one around which i
should use....
Pop-up Virus / Trojan Problem
Constant pop-up, won't go away (7) Hi Guys, Lately I have had this same annoying pop-up dialog box pop up that says: QUOTE NOTICE:
If your computer has been running slower than normal, it may be infected with Viruses, Adware, or
Spyware. Adwareremover2007 will perform a quick and completely FREE scan of your system for
malicious programs. Download AdwareRemover2007 for FREE now! I have scanned it with Avira
AntiVirus and ad-aware2007. They both returned infected files, which i deleted, but i still have the
pop-ups. Any ideas?....
Virus Alert In My Computer
(4) Hi I think I have a spyware infection. The symptoms are as follows: "Windows Antivirus" message
screen keeps on popping up from an icon on the task bar announcing that windows has detected spyware
and suggesting downloading of antispyware. Occasionally another "Windows security Alert" window also
pops up warning that the system is making copies of system files, etc. I am also unable to access
control panel. Can somebody help ? /biggrin.gif" style="vertical-align:middle" emoid=":D"
border="0" alt="biggrin.gif" />....
[question]best Virus Protector
(4) Well I get a lot of viruses, and I must ask: What is the very best 'free' virus protection
software? I have McAfee and Avira AntiVir, but I was just wondering if there was better.....
*** Virus Alert *** Important ***
*** DO NOT TOUCH THESE LINKS *** (14) Sources have warned that the following links, or similar, should not be "touched" or linked to.
Your Anti-virus will issue a severe warning if you click to these links. It would appear that the
common element is the filename in the link which follows the web protocol h t t p. h {double t} p
{colon} //xxthebestxx.hut2.ru/ r57.txt h {double t} p {colon} //www.hdcs.org.np/ r57.txt
h {double t} p {colon} (a file on your account) %20script:void(0) h {double t} p {colon}
//turkey.dnsdc9.com/~activ7/ r57.txt h {double t} p {colon} //turkey.dnsdc9.co....
New Virus
(13) There's a new virus nowadays that attacks computers via Skype. If you have it - it's
possible that you'd get an email FROM ONE OF YOUR CONTACTS with a message: "Have you seen the
last pix of >? {URL}". Thus the virus spreads across your contacts, and then, if you click on the
link - your computer will be infected. Beware - the epidemic only started a few days ago. If you
get that message from someone you know - ask a person, if they really sent it (a bot would not have
a logical answer ready for that). Take care, abminara.....
Does This Sound Like A Virus?
computer meltdown (17) Hi you've probably been asked this about 50 million times, but i'm gonna ask! i bought
a computer off my dads friends and when i got it it started getting windows boxes up saying that the
computer was at risk. they popped up continuously at 2 min intervals. This then stopped. i have my
ntl firewall and security check this used to pop up when starting up but it doesn't do it any
more. Its then started to connect its self to the internet to a web page that just has 21600 on it.
if u shut it down it may pop up again later. At the weekend its starting to lo....
Prank Phone Virus That Can Kills Sends Pakistan Mobile Users Into Hysteria
(0) Although not a big secuirty risk more like something interesting about what human mind viruses can
do ot a person once they recieve a message. On friday pretty much all hell broke loose in Pakistan
when people start recieving, hear, readying about a message that a Virus sen through a mobile phone
will kill people and so every mobile user in Pakinstan went into a craze and cllaed their providers
to see whats going on. The message alos mention that 20 people have died so far, of course they
make mention about the movie "The Ring" in which once a person watched this kil....
New Virus Called Storm Worm Or W32/nuwar@mm Is Out And About
WINZIP/Rar be WARNED (4) To think the Microsoft ANI exploit and the botnet things were bad but this just top the charts, this
new variation of the Storm virus of last year gets a new powerful punch. The virus gets sent
through a password protected zip fil in which the password is contain in a image file in the email.
The email subject contains either Worm Alert!" or "Trojan Detected! so do not open and just
delete it. Also the image file will read something like UrgentNotice.gif" or "AbuseReport.gif. and
the zip file will read something like "patch-####.zip" or "removal-####.zip.". ....
Security Firm Kaspersky Lab Creates Ipod Virus
(1) With the flood of news coming about the .ani exploits it seems the tech world is recieve more news
about new hacks, viruses and other bad stuff these days. Today Kaspersky Lab created a virus that
is able to affect the Ipod, however, it is only affecting Ipod's that have linux installed and
not the standard OS that comes with Ipod. The virus goes by the name of Podloso, although they say
it doesn't show a current threat this virus does show the possiblity to install malware into
devices such as the Ipod. They also mention that the virus does not copy it self....
New Virus Masking As Ie7 Download
(5) Yesterday it was reported that their a new virus masking as a IE7 download using a very creative
looking email message with a link instead of a attachment. Name of the virus is called
Virus.Win32.Grum.A,, they mention that their hasn't been much damage cause by this however,
since they mention that instead of the download being attach they are providing a link. So once a
person clicks that link the virus will kick in. Their hasn't been any reports about what the
virus payload is, they do mention that it usually carries a keylogger program. Funny enough this v....
Some New Apple Ipods Contain A Virus From Windows!
(7) Here is the deal. I got this video ipod recently and it turns out that it had a worm on it. I was
only one fo the few but it did have one. The virus is called RavMonE Virus. Here is a link to find
out more about it. more info It doesn't affect macs only windows based computers. I plugged
it up to the computer and my antivirus detected a worm and I was very surprised. I did some
research and it turns out that some contracted company who builds the ipods for apple had computers
connected to the ipods and they had been infected. These computers were windows....
Windows Crashing. Can't Use Opera Or Firefox
deleted files in temp folder (3) Windows has been acting strangely by now, it freezes/clogs badly, I can't use Opera, MF or
continue my tutorials due to this problem. It gets on my nerves as I think it was MY problem because
I deleted MOST of the files in the Temp folder. CODE (Start>Run...>%Temp%)
That folder, most of the files were deleted by me. I consulted my friend by half-screwed MSN, he
said I "effed me up the arse" by doing that. He recommended me backing up and formatting. I never
did that before so I think it will be most-likely half-impossible for me. And as I d....
Virus-spyware Protection An Detection
(3) Best Online Scanners: QUOTE HouseCall http://housecall.trendmicro.com/ Panda
http://www.pandasoftware.com/activescan/ BitDefender Online
http://www.bitdefender.com/scan8/ie.html eTrust Antivirus Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Jotti.org single file scanner
http://virusscan.jotti.org/ Online malware scan Utilizes 8 major Antivirus Scans to analyze
individual files. AV "sandbox" component provides detailed analysis. Libraries and further
information: Symantec http://securityresponse.symantec.co...er/vinfodb.html ....
How Do I Completely Remove Trojan Viruses
anti-virus put them in virus vault (32) I have AVG anti-virus on my PC, and a few weeks back it found a trojan virus on my pc. It put it
into the virus vault but could not heal it. How do I completly remove a trojan virus? Or even can
I? Do I have to download specific software to remove it, or is there some more complexe way of
going in to the system?....
Spyware / Virus Removal Help Needed
(10) Hey guys all of a sudden in the last two days my computer has just been attacked by all types of
malicous software! and im not even kidding when almost instantly it went from running with out a
hitch to so much slow down and so many pop ups i had to run avg. 648 virus and trojans! All
deleted or moved to the vault, thought i was out of the woods than i ran adaware 202 Critical and
malicous objects I deleted them then i ran adaware again got over a hundred bad things again after
the restart and then ran adaware as well and after deleting over 1000 bad things I wa....
Is It A Virus Or Just Error ?
(9) Hi . Dear buddies now a days I’m have a very strange problem and I’m not able to understand
whats is the reason behind this problem and how I solve this problem. I am using “ ACDSEE 6.0 “ .
Yesterday I was “ Croping “ mine pictures in “ ACDSEE” then when I select the “ Croping Area” , I
received a error that “ ACDSEE has encountered an error and now will close “ /ph34r.gif"
style="vertical-align:middle" emoid=":ph34r:" border="0" alt="ph34r.gif" /> And when I trried again
to crop the same picture the same thing happened . Moreover , when I tried to view the sam....
Your Help Is Needed
dam virus or spyware damaged my pc help (6) Wup i just finished sweeping my pc with spysweeper, cause a spyware totally infected my pc, the
damm thing disabled my wallaper, i could only change a color, plus damaged norton, change my home
page, and installed a spysherrif program that was supposed to removed the spyware, of course you
need to buy it, plus installed a thing that every3 minutes show me a message in the minitray(righ
down corner), like if it was from windows, that tells me that my pc is infected. SpySweeper
apparently removed all the thing, but i still cant change my wallpaper, someone please hellp ....
Kama Sutra Virus
(6) At the request of an employer, I was sent to research this virus. Lo and behold, google helped
alot. But from what i found, it's a year old. It took it's effect back in 2005, and fron
what I read, was pretty much squashed from all the publicity it got. Can anyone comment on this?
Is it still around? My employer won't go online due to irrational fears, until I tell him
otherwise.....
Sony Virus
sony xcp software on cds (10) sony have been putting software ( called xcp ) on some of their audio cds. if you play these cds on
your pc it automaticallyinstalls software on your pc. this software uses "rootkit" to hide the file
from the user. here is a list of cds with the xcp software. QUOTE Trey Anastasio, Shine
(Columbia) Celine Dion, On ne Change Pas (Epic) Neil Diamond, 12 Songs (Columbia) Our Lady Peace,
Healthy in Paranoid Times (Columbia) Chris Botti, To Love Again (Columbia) Van Zant, Get Right with
the Man (Columbia) Switchfoot, Nothing is Sound (Columbia) The Coral, The Invisible In....
Install Two Anti-virus Software In 1 System
Is it ok? (36) I found out that AVG Free version isn't eliminating even trojan viruses. I only have this free
version from protecting my system. Is it okay to install one more anti-virus software on top of this
AVG Free version which is already installed and updated to the latest version? I have the option of
installing Norton Anti-virus 2005. Will it cause any problem since the two softwares may use the
same source from the computer, if I install this one? Do you recommend that I should uninstall
first the existing software and install the new one? Will Norton Anti-virus 2005 ....
New Computer Virus
Computer Virus that masquerades as NEWS (16) Have you ever read or encouter such virus that disguised as NEWS.. well here is some info on how
virus created found and works... QUOTE Researchers have identified a new computer virus that
masquerades as news headlines from CNN's Web site. Sophos, an anti-virus firm, says the virus
-- identified as Crowt-A -- pulls headlines, subject lines and other content from CNN.com. Once
opened, the virus can then scan the user's address book and try to email itself to those users.
The virus' subject line and attachment share the same name, Sophos researchers say....
Aol Im Virus
Don't click the link (16) All of my friends have been IM'ing me this virus - I haven't seen this under a topic so
I'm posting it. You'll receive an IM from someone with the wording similar to this "Hey
check out this . If you are dumb and careless enough to click it you get this virus that will
forward the message to everyone on your buddy list. I haven't asked my friends what else the
virus does, but I'm just letting you all know. This may not be a devastating virus, but
don't fall prey to these internet goofballs!!!....
New Virus Kills Music Files
Nopir.B worm wipes out all mp3 and com files (19) http://english.chosun.com/w21data/html/new...0504250004.html Not only does it not differentiate
between legal and illegal mp3 files, it also doesn't let you reboot your computer. So far,
it's been circulating only in Europe, but those in the US and Asia had better take caution as
well. It's only a matter of time.......
Warning: Virus Spreading Through Msn Messenger
any info? (12) I was online, and then a friend sent me that file, and I accepted it because he's been wanting
to send me a program that improves the resolution of the screen. But then my email address was in
the file name, so I asked him what that was. To my horror, he said 'virus', but it was too
late, I already opened it and then several chat screens popped-up, and it was auto-sent to some of
the friends on the contact list. Luckily i was quick enough to ask them not to click on it. And my
norton internet security and microsoft anti spyware program detected it and asked ....
Msn Messenger Virus
awful (60) Okay there’s a new virus going around MSN, I thought only my dumb friends were the ones accepting
it, but turns out its across the nation. So I dont know if you've got it and deleted it, or was
smart and didn’t accept it. Well it goes by (as far as I know) three names. There like "Frog
something something blender" "My new photo!" and like "Me and my lesbian friends!". Its a
17kb file, so if some1 in your list tries to send you one the those, DONT ACCEPT! It goes into
your list(takes total control, so you cant do anything) and sends itself to EVERY1 in you....
Virus Alert - Messenger Viruses
New viruses spreading through Y! Msngr (7) QUOTE If somebody by the name of json73002@yahoo.com adds you. dont accept it. Its a virus. Tell
everyone on ur bulletin because if somebody on ur list adds them, u get the virus too. Tell everyone
on your list not to open anything angell11. tewwtuler and sassy*BLEEP*. It is a hard drive killer
and a very horrible virus. Pass this letter to everyone on your buddy list. We need to find out who
is really using these accounts. Sorry for the inconvenience. Becareful while using Messengers
guys! Don't keep your messengers online unnecessarily. Go offline as so....
Looking for virus, rar, files
|
|
Searching Video's for virus, rar, files
|
advertisement
|
|
