Hackers are using 19-year-old WinRAR bug to install nasty malware