Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    If users wanted to download WinRAR, the popular archiver tool to process RAR and ZIP files, where would they go? Chances are, they’d type in the name of the tool itself and just add .com (www.winrar.com) in their browser’s address bar. Unbeknownst to them, however, the said site is not the official site from which the legitimate tool could be downloaded–that would be www.rarlab.com, actually.

    TrendLabs has just received reports on how unsuspecting users could end up downloading malware, instead of WinRAR, onto their systems. When they try to click on the “Free Software Downloads” button in www.winrar.com (as seen below), they would be led to another page where they are prompted to click on “Download Winrar”.

    winrar.gif

    When they click on “Download Winrar”, a link to {BLOCKED}ench.ircfast.com would appear. Finally, another Web page, wholly in French, would display 11 supposed versions of WinRAR:

    winrar2.gif

    In truth, these are 11 files that are all detected by Trend Micro as TROJ_STARTPA.QC.

    What is yet unclear is if the said site, which looks very professionally done, has been hacked or was purposely loaded with a Trojan to deceive would-be users of WinRAR. Updates to be posted soon.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice