- Popular
- Most Talked-About

Online Threat Alerts (OTA)

An anti-cybercrime community alerting the public to web or internet threats.

Categories

» Latest Online Alerts
» Trending Now
» Recently Talked-About
» What You Commented On
» Saved Alerts
» On This Day
» Yesterday's Most Popular
» Yesterday's Most Recommended
» Yesterday's Most Talked-About
» This Week's Most Popular
» This Week's Most Talked-About
» This Week's Most Recommended
» Last Week's Most Popular
» Last Week's Most Talked-About
» Last Week's Most Recommended
» This Month's Most Popular
» This Month's Most Recommended
» This Month's Most Talked-About
» Last Month's Most Popular
» Last Month's Most Recommended
» Last Month's Most Talked-About
» This Year's Most Popular
» This Year's Most Talked-About
» This Year's Most Recommended
» Last Year's Most Popular
» Last Year's Most Recommended
» Last Year's Most Talked-About
» All-Time Most Popular
» All-Time Most Recommended
» All-Time Most Talked-About
» Emergency or Crisis
» Facebook - Whatsapp
» Fake Anti-Spyware - Virus - Optimization Software
» Hacking - Cyber-attacks
» Hoax - Fake-News - Pranks - Chain Letters
» Kidnappings or Missing Persons
» Lottery - Donation - Inheritance Scams - Ponzi Schemes
» Phishing - Scamming - Fraud - Identity Theft
» Potentially Unwanted Programs (PUP)
» Quiz - Trivia
» Spamming - Adware
» Suspicious
» Useful - Informative
» Virus - Malware - Trojan - Ransomware - Spyware
» Public Review Community
» Web Browser Hijacking
» Questions and Answers
» Word Definition
» Content Removal Request

WinRAR Archive .R00, .R01, .R05, .R15, .R20, .R25 Malicious Email Attachments

Comments: 3
Views: 1,049
Save
Updated: May. 29, 2020 2020-05-29T03:30:22
Posted: Aug. 16, 2017 2017-08-16T03:40:49
Online Threat Alerts (OTA)

Online users who have received unexpected email messages with attached files with names ending with ".r00", ".r01", ".r02", ".r03", ".r05", ".r10", ".r12", ".r15", ".r20", ".r25" and so on... are asked not to open them. This is because the fake email messages are being sent by cyber criminals and the attachments are WinRAR compressed archived files that contain malware, malicious programs or computer viruses. And, any attempt to open the malicious attachments will result in the recipients getting their computers infected with a virus, Trojan horse, spyware, ransomware or other malware.

A Malicious WinRAR Archive .R00, .R01... Email Message

Subject: INVOICE NO 3
Date: Tue 15/08/2017 08:07
From: Sadiya Sayeed
Attachment: INVOICE NO 3.r20

Dear sir/madam,

Find and open attached document by double clicking it, because document is protected.

advice according invoice.

best regards

--

Sadia Saeed

Sales & Technical Manager

Mobile: +63 926 618 1579

+63 998 889 2257

Tel: +63 442 4295

sadia.asn@gmail.com

The .RAR compression is similar to ZIP which is the most popular file compression or archive formats.

Cyber criminals usually store their malware in compressed files to help prevent antivirus software from detecting them. In other words, they do it because the compressed malicious email attachments may bypass the recipients' antivirus software.

What is a ".RAR" file?

RAR is the native format of WinRAR archiver. Like other archives, RAR files are data containers, they store one or several files in the compressed form. The data-containers or split multi-volume RAR compressed files archive use file extensions or names ending with:

".r00",".r01", ".r02", ".r03", ,".r04", ".r05", ".r06", ".r07", ".r08", ".r09", ".r10", ".r11", ".r12", ".r13", ".r14", ".r15", ".r16", ".r17", ".r18", ".r19", ".r20", ".r21", ".r22", ".r23", ".r24", ".r25", ".r26", ". r27", ". 28", ". 29", ". 30" and so on.

After you have downloaded RAR file from the Internet, you need to unpack its contents in order to use it.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful? +

Yes (2)
No (0)

Share this with others:

Donate Help maintain Online Threat Alerts (OTA) by clicking here.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

July 12, 2019 at 1:48 PM by an anonymous user from: Mesa, Arizona, United States
I would suggest before opening any compressed file (.zip, .rar, etc), THAT YOU SCAN IT FOR VIRUSES, and if you are not expecting the email, or it comes from a complete stranger, DELETE without opening.
remove
July 12, 2019 at 7:35 AM by info
"Attachment: FedEx shipment Arrival Notification 12-07-2019 #AWB011040270.r00 (129 KB)
Dear Valued Customer,
Your parcel has arrived our trans loading/final delivery point, enclosed here with the final delivery schedule receipt for the destination country
kindly print attached shipping document (s) for confirmation during delivery.
Pieces : 1
Weight : 0.45 KG
Shipment reference : AWB: original invoice documents
Description : document
If you would like to find out about the many ways TNT helps you to track your shipment, or if you would like to know more about the services provided by TNT, simply connect to www.FedEx Express.com and select your location at any time."
Received the fake email above with the malicious .r00 attachment.
remove
November 22, 2017 at 9:39 PM by info
Here is another scam:
- - -
"RE: Quotation
Wed 22/11/2017 16:34
From: Fred
Attachment: Quotation.r12 (265 KB)
I have tried reaching you but no response.
This is my alternative email.
Kindly check if the attached quotation is still valid?
Your prompt reply is highly appreciated.
Thanks in advance.
Fred"
remove