Exploitation through Windows’ Help Files
Of recent, security experts at security firm, Symantec has highlighted that cybercriminals have started a new era of malware circulation by infecting Windows Help files.
Though security specialists had no single implication of malware circulation via this new technique, but they were also accustomed to the ways by which these malwares were posted through e-mails to befool their ignorant victims.
However, Symantec is informing net users, about how cyber criminals are sending malware through mails with an intention to mess our virtual lives. This type of targeted attacks triggers the circulation of malware through mail attachment. The instant a computer is hacked and compromised with malware, a crook can explore even the personal and sensitive victims.
Targeted attacks are quite common in many cases and are often concealed under innocent formats, such as jpg, avi, doc and pdf. Other methods involve imitating the executable icons into file formats and making them seemingly harmless.
As known, mostly people are accustomed about the .hlp extensions that are normally handled by Widows Help and they generally contain information about the ways in which certain applications and facilities work.
However, netizens are quite perplexed about the reason behind the explosion of such files. But it seems that attackers are not required to rely upon the vulnerabilities like they do for other file types that have been mentioned above.
Generally, vulnerabilities are required to be exploited for executing code of the malicious files. When a targeted system is patched, the attack remains unsuccessful. Nonetheless, .hlp files can run the shell code encoded in the file by directly calling the Windows Application programming interface (API). Thus, simply by attracting users to open an .hlp file, malicious files can be easily circulated. But, according to users by clicking .hlp file, the Windows Help file only opens.
In normal situation, users do not receive .hlp files through email and e-mail recipients could easily recognize the icon for help file, highlighted Symantec in its report.
Users are thus recommended not to open any suspicious document received through e-mails. For administrators who secure their networks, it is advised to filter away the .hlp extension if there is no proper justification for the same.
Related article: Exploiting BITS To Compromise Windows Update
» SPAMfighter News - 22-09-2011