Quote:
Originally Posted by Sirtel
Seems to me that the ebooks themselves don't contain malware, the archives do. Why should anyone want to run an unknown executable from a random rar archive when they actually wanted an ebook is beyond me, but people are capable of doing some very stupid things.
|
From the article:
Quote:
|
Attack chains propagating the malware are known to employ cracked software and torrent sites, but the use of eBook lures is a newly observed approach. Present within the supposed eBook RAR archive file is a hidden folder as well as a deceptive Windows shortcut file that purports to be a benign document.
|
Quote:
|
Attack chains propagating the malware are known to employ cracked software and torrent sites, but the use of eBook lures is a newly observed approach.
|
Yeah, it's an issue with RAR files, not ePubs or AZW3s or MOBis. That RAR could be holding a cracked game or a bunch of porn pics and still have the malware.
A few years ago there was a "WinRAR" vulnerability - except it wasn't actually WinRAR, it was a vulnerability in unacev2.dll and would affect any archive program using that specific library.