Always on the cutting edge of new techniques, virus writers have found a new way to slip their evilware into your computer. This new method is so foolproof, that no anti-virus software has yet to detect a virus when it comes into your inbox.
Late in December, administrators and service providers realized that virus-infected messages with a new type of attachment were hitting their mail servers: an .rar archive. .Rar files are similar to .zip files in that they are containers used to hold one or more compressed files. The .rar format is not as widely known as .zip, but it is used for a number of tasks, including compressing very large files, such as music and video.
Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users, who are often unfamiliar with the file format. Administrators who have seen .rar-packed malware say that none of the messages have been stopped by their anti-virus defenses.
Many of the messages in .rar virus e-mail are slick invitations to view pornographic content, which is part of the reason for the viruses' success, experts say. .Rar's compression algorithm is 30 percent more efficient than .zip technology, so it is often used to compress such content. E-mail purporting to deliver images and video in an .rar archive may well be taken as legitimate.
One recent .rar virus that appeared at the end of last week is disguised as a patch from Microsoft. Although the text of the e-mail is poorly written, users have often proved willing to fall for such pitches. Franklin said that he has seen about six or seven new .rar viruses each week this month and that all of them are getting past the anti-virus products installed on his network.
The emergence of .rar-packed viruses highlights the lengths to which virus writers are willing to go to evade anti-virus systems, as well as the limitations of these traditional signature-based defenses.
Anti-virus vendors have acknowledged the presence of viruses delivered as .rar files in the past few weeks and are scrambling to develop tools to identify and eradicate the malware. Let us hope they find a way soon. Until then, don't open any .rar attachments.
PS. Sorry about not writing in the last three days, but have been on the road on business and am feeling a little under the weather.
No comments:
Post a Comment