Further analysis by TrendLabs researchers reveal that the said exploit (detected as TROJ_RDROPPER.A) arrives as a malicious .RAR file. Once the said file successfully exploits the WinRAR flaw, it proceeds to drop the file %User Temp%WINRAR.EXE, which is detected by Trend Micro as BKDR_DARKMOON.AH. The dropped backdoor, in turn, opens a random port and allows remote code execution by a malicious user.

Trend Micro strongly recommends WinRAR users that they upgrade to the latest version of the program (3.61) to avoid possible infection. Users of Trend Micro products are also advised to update their patterns.