Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
A Malicious LNK Stealer Part 1
Message
<blockquote data-quote="ForgottenSeer 98186" data-source="post: 1031202"><p>Of course threat actors can package a LNK file with their executables and social engineer the user into executing the malware with that file.</p><p></p><p>Generally, in malicious LNK files, the following processes are used to download and execute malware to the system:</p><p></p><p>[CODE]cmd</p><p>powershell</p><p>cscript</p><p>wscript</p><p>rundll[/CODE]</p><p></p><p>There are others, but statistically, these are the most encountered in terms of malicious LNK files.</p><p></p><p>The above also applies to Office macros and other download cradles, such as OneNote (.one). A Golden Rule to always follow is to assume that ANY widely-used Windows file type will be abused by threat actors. This means anything associated with Office and Adobe. Evidently there were some who were shocked that OneNote (.one) files were being abused. lol, those were on internal block lists for years.</p><p></p><p>Typically, at enterprise level, protections are put into place to prevent all of this through various methods. But you know, we're talking about unmanaged home users here, and somehow when it comes to that utterly insecure group, it is unacceptable to prevent them from shooting themselves in the foot by default. "Users want to use stuff" and all that nonsense.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 98186, post: 1031202"] Of course threat actors can package a LNK file with their executables and social engineer the user into executing the malware with that file. Generally, in malicious LNK files, the following processes are used to download and execute malware to the system: [CODE]cmd powershell cscript wscript rundll[/CODE] There are others, but statistically, these are the most encountered in terms of malicious LNK files. The above also applies to Office macros and other download cradles, such as OneNote (.one). A Golden Rule to always follow is to assume that ANY widely-used Windows file type will be abused by threat actors. This means anything associated with Office and Adobe. Evidently there were some who were shocked that OneNote (.one) files were being abused. lol, those were on internal block lists for years. Typically, at enterprise level, protections are put into place to prevent all of this through various methods. But you know, we're talking about unmanaged home users here, and somehow when it comes to that utterly insecure group, it is unacceptable to prevent them from shooting themselves in the foot by default. "Users want to use stuff" and all that nonsense. [/QUOTE]
Insert quotes…
Verification
Post reply
Top