According to a Newsbin tweet they are seeing new Usenet posts that take advantage of an old WinRAR exploit. One that Trend Micro covered in 2007. It affects WinRAR version 3.50 and earlier. So check your WinRAR version and upgrade if necessary. If you’d rather seek alternatives then look at newsreaders like Newsbin and the Newshosting client that include auto-PAR and auto-unRAR features. Newsbin offers a 10 day free trial and Newshosting offers our visitors unlimited Usenet with free newsreader for just $9.99 a month or $99 a year.
According to the Trend Micro post:
the said exploit (detected as TROJ_RDROPPER.A) arrives as a malicious .RAR file. Once the said file successfully exploits the WinRAR flaw, it proceeds to drop the file %User Temp%WINRAR.EXE, which is detected by Trend Micro as BKDR_DARKMOON.AH. The dropped backdoor, in turn, opens a random port and allows remote code execution by a malicious user.
So again please check your version of WinRAR to ensure you are running a version higher than 3.50. If not upgrade or consider alternatives. Some of the leading newsreaders like the Newshosting client, SABnzbd, Newsbin, Newsleecher, Binreader and a few others take care of the unRAR process for you. Without the need for WinRAR. Visit our newsreader section to learn more and compare Usenet clients.
Visit Newsgroup Reviews to learn more about Usenet. Follow us @NewsgroupRevs for the latest news.
