WinRAR Vulnerability Exposed; Could Hurt Many Windows Users

WinRAR, the conventional choice for compressing and archiving files is under threat! The news has baffled millions of Windows users across the world as the security vulnerability issue found with the application can affect a computer within a few seconds. Iranian researcher Mohammad Reza Espargham first spoke of this vulnerability on the forum for security information Full Disclosure. He said, “The vulnerability allows unauthorized remote attackers to execute system specific code to compromise a target system.”

WinRAR security vulnerability exposedAll WinRAR SFX files under threat

These reports of a security threat have also been confirmed by security firm MalwareBytes, which stated that the remote attacker is so powerful that it can affect any version of WinRAR SFX.

The reports also confirm that this vulnerability allows remote attackers to operate different malicious codes in the computer when the user tries to unzip an archived SFX file. In its reports, the security firm stated, “Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive.”

Noticing the vulnerability found in WinRAR files, its developer RAR Labs said that the “executable files are potentially dangerous by design”. Hence, it is always wise to run them only when it comes from genuine sources. It also said that the rule should not be followed for SFX files only but also for any .exe files.

While news that the malware can affect the system as well as network is alarming for users, there is something even worse. At present, there is no patch for this threat, which means anyone using the application can be affected with a single interaction.

As of now, users need to be extremely cautious while operating SFX archive files and avoid ones coming from unreliable sources. Yet, that does not assure the safety of the device as the malware is quite strong this time.

Windows users worry

The news of vulnerability issues is WinRAR files has not only raised eyebrows of experts but is also a cause of concern for laymen using computers. Delhi-based student Devansh Sharma, who uses a computer for his college projects said, “This is quite a threat for the computer as I often download WinRAR files from different sources just out of curiosity.”

Neel Agasti sounded the same way, “I have to download different WinRAR files for my work and some come from unknown sources as well. So, my computer is at risk.”

This worry is common among Windows users all over the world and we expect Microsoft to come up with a fix soon. … Read the rest

Read more

Why Samsung Galaxy S4 Is Leading the Pack and Not Apple iPhone 5, Find Out….

To provide greater security on Android, Samsung has developed the KNOX – a mobile security platform which can make the Galaxy S4 more appealing for use as an enterprise device and stronger Apple iPhone 5 competitor. This feature lets users set multiple levels of security and keep personal data separate from official data on their Galaxy S4 smartphones.

There are essentially three separate layers of security on the Galaxy S4, thanks to Knox – Secure Boot, ARM TrustZone-based Integrity Measurement Architecture (TIMA), and a kernel with inbuilt security enhancements for access controls. The first level ensures that no unauthorized apps get installed on the Galaxy S4, which could put user data at risk. TIMA provides constant monitoring of the Android OS and can disable the kernel or shut down the device in the event of a security breach.

The third level, security enhancements, keeps app data separate and isolated from each other to ensure greater security for any confidential content on the device. This can help minimize or prevent any damage caused due to any security attack too. It could give a great boost for considering the Galaxy S4 as a device for BYOD programs in organizations.

 

 

 … Read the rest

Read more

VirusTotal: Google’s Latest Acquisition

Looks like Google is finally waking up to the increasing concern that is security. VirusTotal, a firm that deals with security, happens to be Google’s latest buy in the market, according to a blog announcement.

VirusTotal is a free service that lets users scan their computers for malware without going through the hassle of installing a tool into their system. All a user need to do is to feed in the URL or share the file on the company website and “Scan it” to assess how secure the content is.

Sounds simple, but is a big help to users online, especially as more and more online threats come to light. This acquisition may have cost millions of dollars to Google, but gives them a foot in the door into the field of web security. It also helps that these companies were already partners before the formal acquisition.

Even though Google has acquired the company, it has assured users of its plans to keep VirusTotal’s technology active, and learn security essentials from its employees. Given how Google is continuously providing innovations to serve their customers better, maybe now that security has become their latest forte, we can definitely look forward to major improvements in web security as well.… Read the rest

Read more

Gauss Hard to Decode, Kaspersky Looks for Help!

Gauss- the newly formed malware seems to be getting on nerves of researchers at Kaspersky Lab, as the security firm asks the community if someone can be of any help to decrypt the virus’s payload.

Kaspersky said that the hackers who formed Gauss shut down its power and control servers before the firm could track them down. And this is the main reason why the firm has problems decoding details about the virus.

In a statement, Aleks Gostev, chief security expert, Kaspersky global research and analysis team reveals that the idea and purpose of Gauss stays a mystery for the researchers. He further stated that the cryptography and precautions used by the authors to hide the payload of this malware can mean that it plans to target high profile users.

Gostev also explained that in order to understand the virus, it is mandatory to decrypt Gauss. He also revealed the fact that the payload of Gauss contains coding that could be used for cyber-sabotage, like Stuxnet’s SCADA code.

The destructive malware, Gauss, which was discovered by Kaspersky earlier this month, aimed to spy on banking passwords and transactions of computers in the Middle East, specifically in Lebanon. The banks that the virus attacked include Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank, and Credit Libanais. The malware also targets Citibank and PayPal, which are the only non-Lebanese banks.

The virus is believed to be directly related to Flame, and is also said to be a descendant of Stuxnet and Duqu.

Gauss malware is directed to steal financial information, browser passwords, system configurations, cookies, and more. And just like Stuxnet, this virus can also be passed from computer to computer by infecting USB drives.

Researchers at Kaspersky clarified that the payload of Gauss stays in the USB data-stealing module. This payload, they said, is always on a lookout for a particular folder in Program Files, which begins with an extended character, such as Arabic or Hebrew. Once a folder is discovered along with other system requirements, Gauss uses its payload to decrypt and infect the computer.

So far, Gauss malware is believed to have infected more than 2,500 computers.… Read the rest

Read more

Determine Gauss Virus With Two Tools! Read to Find Out…

The destructive virus founded few days back, Gauss has hit the headlines worldwide as the malware has been spying on banking transactions, social networking, and email passwords of users. The main focus of Gauss virus was aimed to steal access credentials to Lebanese banks. Recently discovered by Kaspersky Lab, now the researchers at the security firms have found out tools that can help us detect Gauss early. Let’s take a look at these tools to avoid being a victim of this virus.

Gauss virus is a piece of malware whose main focus is to steal bank account login details of users. The banks that this virus attacked include the Bank of Beirut, BlomBank, EBLF, ByblosBank, Credit Libanais, and FransaBank. Not only that, this malware can also steal information for Citibank and PayPal.

If you think this is it, don’t underestimate this virus as it can also grab users’ browser history, cookies, passwords, system configurations and more.

Researchers at security firms, Kaspersky Lab and Crysys Labhave could not get much information about the builders themselves due to the shutdown of the command and control servers, which also left Gauss in midpoint. It could take days or months to unravel and find the builders.

Gauss is believed to be a descendant of a number of high-profile viruses such as Stuxnet, which got fame after the attack on nuclear plants in Iran in 2010, and Duqu, its sister malware. Gauss virus is also related to the recently recognized Flame, which has been a known as a major advancement in cyberespionage.

Closely together in relation, Gauss and Flame have almost same features. Both the viruses were built off of the same code base. Kaspersky says creators of Stuxnet virus possibly worked closely with those of Gauss and may have even shared source code.

As per Kaspersky, the most easy and reliable way to determine Gauss virus is to download and install the security company’s anti-virus solution or use the Kaspersky Virus Removal Tool, which can be downloaded free of cost.

However, there is also a quick way to detect Gauss on computer, in case download is not available for some reason. The entire system can be checked using a webpage from CrySyS, which comes from a Hungarian research lab. The lab also has a web-based method to help you check system for Palida Narrow.

You can visit the link at http://gauss.crysys.hu./Read the rest

Read more