Cybercriminals have taken to a new way of HLPing themselves to your computer.
Normally .hlp files are used by Windows Help to provide users with instructional documentation on how to use Windows applications or even troubleshoot the Windows operating system itself should the need ever arise.
Now cybercriminals are giving Windows Help files an entirely new purpose by utilizing them in targeted attacks, serving .hlp files in emails as malware-infested attachments.
The uniqueness of this new technique used by cybercriminals lies with the fact that the malicious code can be executed without exploiting any system vulnerabilities since Windows Help files call the Windows API which will result in the underlying attack code being ran as well. Targeted attacks that rely on a system’s vulnerability can be thwarted if the user’s computer security is kept up-to-date.
When an unsuspecting victim opens the email sent by the hacker and opens the malware-laced .hlp file attachment, they will see a blank Windows Help window. Although this may make the user think that they’ve read a [confusingly] dead end, their computer is actually being infected with whatever nasty malware bugs are attached to it in the background.
Thankfully avoiding this new targeted attack is easy as users generally don’t receive .hlp files by email. So if an email lands in your inbox with a .hlp file attached, feel free simply delete it.
Network admins may want to go ahead and block the attachments by default to minimize the chances of their users falling victim to this targeted attack.
More information about the .HLP target attacks – along with screenshots of the blank Windows Help window – can be seen at Symantec’s blog.
No comments:
Post a Comment