Malware Hides as Help File

Tuesday, September 11, 2012 @ 03:09 PM gHale


Windows help files are an invaluable tool for those trying to understand what just went wrong, but for attackers they can plant some serious malware within a simple .hlp file.

There is one file called Amministrazione.hlp (Italian for “administration”) and once it executes, it drops a couple of additional elements: Windows Security Center.exe and RECYCLER.DLL, said researchers at Sophos.

RELATED STORIES
Windows 8 Prerelease has Flash Hole
Backdoor.LV Malware on Rise
Trojan Attacks Focus on Zero Days
Pushdo Trojan a Master of Disguise

The dynamic library file is actually a keylogger part of the DarkShell Trojan.

The malicious element records every keystroke, stores the information in a file, and then sends it back to a remote server.

So, even an innocent-looking files that come via unsolicited emails can actually hide a dangerous piece of malware.



Leave a Reply

You must be logged in to post a comment.