win.rar GmbH, official publisher of the WinRAR compression program and RARLAB products warns users of fraudulent Google AdWords: "We have been informed that someone has fraudulently placed Google AdWords in our name and is directing users to a faked page of download.com. This page offers a modified WinRAR installation file (winrar.exe) for downloading," says Öncül Kaya, Managing Director of win.rar GmbH in describing the case. "To remove the file that is actually infected with malware, the scammers offer to sell users an 'anti-spyware solution' through a further link."
After installing the modified WinRAR, a malware is executed which opens a pop-up every minute with the content "intervalhehehe". When the alarmed user resorts to searching for the text in Google, he finds forum entries which confirm the problem's existence. Through a manipulation of the local host file, the user is directed to a counterfeit page of the "Microsoft Security Center" which offers a free "scan". The free scan naturally reveals an attack by "intervalhehehe" and immediately offers an "anti-spyware solution" for 39.95 from the fraudulent IT security firm.
The security company Websense has reported on the case in greater detail and with screenshots in their Security Labs Blog: http://securitylabs.websense.com/content/Blogs/3264.aspx
The counterfeit Download.com page with the WinRAR file infected with malware can be found at:
dreamcentury.cn/winrar.htm <-- WARNING ! THIS WEBSITE HOSTS THE INFECTED FILE
"The problem is that anyone can actually place Google Adwords for other companies which are generally not checked for accuracy or authenticity. As soon as a site is blocked, another one appears to take its place," Öncül Kaya comments.
About WinRAR
WinRAR is a 32-bit Windows version of the RAR Archiver, the powerful archiver and archive manager. RAR files can usually compress content up to 30 percent more effectively than ZIP files. WinRAR's most important functions include extremely powerful document and multimedia file compression, processing of other archive formats, long filename support, programmable self-extracting archives (SFK), damaged archive repair, authenticity verification, embedded file comments, and archive encryption. The command line version of RAR is available for Linux, DOS, OS/2, FreeBSD and MAC OS X. Pocket RAR, the free WinRAR version for Pocket PCs, WinRAR for U3, and the new WinRAR Unplugged complete the WinRAR product range.
About win.rar GmbH
win.rar GmbH, has been the official distributor of WinRAR and RARLAB products since February 2002 and handles all support, marketing, and sales related to WinRAR &rarlab.com. The company is registered in Germany and is represented worldwide by local partners in more than 70 countries on six continents. winRAR's declared objective is to provide first-class quality support and to optimize their software to meet the requirements and in accordance with the feedback of their customers. For more information about WinRAR and win.rar GmbH go to http://www.win-rar.com. |
