You are probably smart enough not to open random exe files from the internet? Right? You might even drop an exe in to virustotal.com if you are doubting to see how the rest of the internet feels about that file.
But you probably don't think twice about opening winrar file. Well there is a winrar exploit now, that is going to make millions of victims.
Here is how it works. You open the wrong rar file with an unpatched version of winrar and a payload is dropped in to your windows startup folder. Which means on reboot you will load up an exe.
And nobody ever updates their winrar. And rar files are used intensively on usenet and also in torrents. So there are probably at least a 100 million computers with an unpatched version of winrar on it.
So this is going to steal a shitload of coins. I can guarantee it.
So PATCH YOUR WINRAR!!!!! Go to https://www.rarlab.com/download.htm and download the latest version. Search and delete and destroy any version on your computer you can find that's under WinRAR 5.70
The .dll file that contains the actual bug is unacev2.dll because the bug is in ACE, not in winrar. Winrar has just dropped support for ACE in 5.7 and removed the .dll file from their install. All software with ACE support is vulnerable which is not just winrar but also software like Total Commander among others.
Let your friends and family know. If you happen to be on any random computer with an older version of winrar, please replace it with 5.7 or higher.
If you downloaded and opened that leaks.rar that was posted here today about a big bitfinex leak, well you are infected now. Check %appdata%\Microsoft\Windows\Start Menu\Programs\Startup\ for a file called "IntelAudio.exe"
The payload tries to fool you in to thinking it's teamviewer, probably not the most sophisticated malware attack but more attacks will follow. Winrar simply is a piece of software that is trusted by almost everybody. And now you can't trust it anymore, unless you update.
All of this is also again a reminder to use a cold wallet/hot wallet system with a seperate computer that can not go on the internet. To steal coins from such a system you need something as advanced as stuxnet malware. Or use a hardware wallet.
[link] [comments]
No comments:
Post a Comment