Isn’t that irrelevant? According to the article, the archive itself doesn’t contain any malicious code. Rather, it’s encoded in the file name, and can start executing itself when being parsed by the shell - no extraction needed.
It seems to me that avoiding rar files, or limiting your ability to extract them will provide a false sense of security at best. Seems to me that this could be done using any file type at all.
The starting point of the attack is an email message containing a RAR archive, which includes a file with a maliciously crafted file name: “ziliao2.pdf{echo,<Base64-encoded command>}|{base64,-d}|bash”
Doesn’t it mean that a rar archive contains the malicious file?
It’s worth noting that simply extracting the file from the archive does not trigger execution. Rather, it occurs only when a shell script or command attempts to parse the file name.
Isn’t that irrelevant? According to the article, the archive itself doesn’t contain any malicious code. Rather, it’s encoded in the file name, and can start executing itself when being parsed by the shell - no extraction needed.
It seems to me that avoiding rar files, or limiting your ability to extract them will provide a false sense of security at best. Seems to me that this could be done using any file type at all.
Doesn’t it mean that a rar archive contains the malicious file?
Right you are! I’m not sure how that went over my head. Eh, too much morning, too little coffee. Thanks for correcting me.