Wednesday, 2 April 2014

WinRAR File Extension Spoofing helps Hackers to Hide Malware's


WinRAR , a tool which is mostly used by 90% of the people around the world to compress files or to extract ZIP files which are already compressed. WinRAR is even the most famous and much popular than other tools which compress or extract ZIP files.


Imagine that you opened a RAR file which had some images or some mp3 music files but when you played or opened any single of them , it installed a malware on your system. Wouldn't that be dangerous ? Yes ! obviously it will be ! This file extension spoofing vulnerability was discovered by a Israeli security researcher Danor Cohen (An7i)






The WinRAR File Extension Spoofing was done by an Israeli security researcher , he used a hex editor in which he noted that WinRAR adds two things in an archive file , it adds first name and second name of file. First name of the file contains the name of the original file and the second name contains the file name with extension which shows in WinRAR GUI window. Danor Cohen just edited the second name to "FAX.png" as the original malware name and extension was "FAX.exe".

This helped him to get victims trapped easily as when they open any format file which is shown in WinRAR GUI window , it shows some other file extension but it runs a malware with .EXE extension and the attacker successfully gets access to the victims computer..

No comments :

Post a Comment