This Week In Security: WinRAR, DNS Disco, And No Silver Bullets

So what does WinRAR, day trading, and Visual Basic have in common? If you guessed “elaborate malware campaign aimed at investment brokers”, then you win the Internet for the day. This work comes from Group-IB, another cybersecurity company with a research team. They were researching a malware known as DarkMe, and found an attack on WinRAR being used in the wild, using malicious ZIP files being spread on a series of web forums for traders.

Among the interesting tidbits of the story, apparently at least one of those forums locked down the users spreading the malicious files, and they promptly broke into the forum’s back-end and unlocked their accounts. The vulnerability itself is interesting, too. A rigged zip file is created with identically named image file and folder containing a script. The user tries to open the image, but because the zip is malformed, the WinRAR function gets confused and opens the script instead.

Based on a user’s story from one of those forums, it appears that the end goal was to break into the brokers’ trading accounts, and funnel money into attacker accounts. The one documented case only lost $2 worth of dogecoin.

There was one more vulnerability found in WinRAR, an issue when processing malicious recovery volumes. This can lead to code execution due to a memory access error. Both issues were fixed with release 6.23, so if you still have a WinRAR install kicking around, make sure it’s up to date! Continue reading “This Week In Security: WinRAR, DNS Disco, And No Silver Bullets”

Never Gonna Give Up Free WiFi

Our conscience almost prevented us from posting this one. Almost.

What do people all around the world want most? Free WiFi. And what inevitable force do they want to avoid most, just after death and taxes? Rick Astley. As a getting-started project with the ESP8266, user [jaime] built a “free WiFi portal” that takes advantage of people’s deepest desires. Instead of delivering sweet, high-bandwidth connectivity, once you click through the onerous terms and conditions, it delivers you a looped GIF with background music.

And all of this on $4 worth of hardware, with firmware assembled in the cloud and easily available to anyone. We live in a truly frivolous glorious age.

Digging through our archives, we found a number of Rickroll posts that we’d rather forget, but this steam-powered record player bears a second look.