Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
A Malicious LNK Stealer Part 1
Message
<blockquote data-quote="Andy Ful" data-source="post: 1031218" data-attributes="member: 32260"><p>The standard protection (any AV on default settings) cannot protect well against such attacks in the wild. Even when the attack is detected in the antivirus test, the result is not reliable because most such malware is already dead. In many cases, it successfully managed to bypass AV protection in the wild (when malware was alive). Most malware is short living (from several minutes to several hours).</p><p>Also, the Windows built-in protection via AppLocker and WDAC can sometimes be insufficient against LNK malware because they cannot block shortcuts. One can decrease the chances of infection by blocking some LOLBins (especially script interpreters), but it would be impossible to block all LOLBins that can be executed via shortcuts.</p><p>Promising prevention can provide Smart App Control (if MOTW is not bypassed) and SRP because they can block shortcuts in unsafe locations.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1031218, member: 32260"] The standard protection (any AV on default settings) cannot protect well against such attacks in the wild. Even when the attack is detected in the antivirus test, the result is not reliable because most such malware is already dead. In many cases, it successfully managed to bypass AV protection in the wild (when malware was alive). Most malware is short living (from several minutes to several hours). Also, the Windows built-in protection via AppLocker and WDAC can sometimes be insufficient against LNK malware because they cannot block shortcuts. One can decrease the chances of infection by blocking some LOLBins (especially script interpreters), but it would be impossible to block all LOLBins that can be executed via shortcuts. Promising prevention can provide Smart App Control (if MOTW is not bypassed) and SRP because they can block shortcuts in unsafe locations. [/QUOTE]
Insert quotes…
Verification
Post reply
Top