Seeking Help? Beware

Thursday, September 15, 2011 @ 03:09 PM gHale


Viruses and other malware in help files are not new, but the fact they are going out in email messages is part of a newer plan by attackers to gain more information from victims.

These new targeted attacks come as emails and infect our computers with all sorts of applications used to take over our virtual lives, Symantec officials said.

RELATED STORIES
Cutting Through Morto Worm
Virus Hides from Scanners
Malware Changes, Systems Need to, Also
Executive Fear: APT Attacks

Targeted attacks are not uncommon, in many cases hiding under “innocent” formats such as jpg, avi, doc and pdf. Other such methods imply the forgery of executable icons to make them look like harmless file formats.

As most know, Windows Help handles .hlp extensions and they contain information on how to work with certain applications and facilities.

This new technique used by hackers is very efficient because typically, a victim needs to start the process of exploiting the vulnerability which then starts the chain reaction of the attack code to execute and if the target computer’s security is up to date, the hit will probably fail.

Help files on the other hand call Windows API to execute and this way the planted code runs along with it.

While the victim only sees a blank Windows Help window, the system becomes infected.

Symantec researchers said they haven’t seen any .hlp files with forged icons so it is fairly easy to visually identify them by the large question mark contained in the blue circle.

Users should not to open any such document received by email except if they are involved in related activities. Network administrators also should set up servers to filter out any messages containing .hlp attachments unless they have a good reason not to do it.



Leave a Reply

You must be logged in to post a comment.