By taking a closer look at how Check Point SandBlast Agent works we can get a better understanding of both the attack and protection against it.įigure 1: Forensics Report from Sand Blast Agent (in detect only mode to showcase the whole attack) highlighting the script drop and execution upon reboot. ![]() NET RAT called Orcus.įortunately, Check Point customers were already protected against this type of attack before the publication of this WinRAR vulnerability was made last week. It will download and run an executable when initiated. In this case, the malware is an ace archive containing a JS file that is, in turn, written to startup. The exploit works by simply extracting an archive from an innocent looking ACE file which could lead to a remote code execution.įollowing the discovery, it was not long at all before the Check Point Research team, as well as a researcher from NCC Group, spotted malware sample leveraging this vulnerability in the wild. ![]() ![]() ![]() A 19 year old, yet major, vulnerability was recently found by Check Point Research in the popular web application, WinRAR, that could potentially put over 500 million users at risk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |