Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler

[[correlate]]

Content source

https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html

Threat Summary
In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows operating system provides a powerful search feature that allows users to quickly find files, folders, and other items on their computers. One of the less known aspects of this search feature is the "search-ms" URI protocol handler, which offers enhanced search capabilities to perform local searches. It also offers the capability to perform queries on file shares located on remote hosts, this can be exploited, as explained in our Trellix Research blog.

Unraveling the Illusion of Trust: The Innovative Attack Methodology Leveraging the "search-ms" URI Protocol Handler

Join us as we delve into the mysterious world of the "search" or "search-ms" URI protocol attack. Threat actors craft deceptive emails and compromised websites to trick users into executing malicious code disguised as trusted files.

www.trellix.com