By Dennis Fisher
January 31, 2005
Virus writers have once again gotten the drop on anti-virus vendors and IT administrators with a new technique that's finding early and considerable success.
Late last month, administrators and service providers began seeing virus-infected messages with a new type of attachment hitting their mail servers: an .rar archive. .Rar files are similar to .zip files in that they are containers used to hold one or more compressed files. The .rar format is not as widely known as .zip, but it is used for a number of tasks, including compressing very large files, such as music and video.
The emergence of .rar-packed viruses highlights the lengths to which virus writers are willing to go to evade anti-virus systems, as well as the limitations of those traditional signature-based defenses.
Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users, who are often unfamiliar with the file format. Administrators who have seen .rar-packed malware say that none of the messages have been stopped by their anti-virus defenses.