DLL hijacking vulnerabilities in Nirsoft tools

  • Thread starter ForgottenSeer 85179
  • Start date
scorpionv

scorpionv

Level 2
Apr 20, 2020
87
Andy Ful said:
Using NirSoft tools in the home environment is safe (except maybe in the Downloads folder).
Click to expand...
Andy Ful said:
DLL hijacking is simply one of the secondary chains of the infection (but not the first).
Click to expand...
Andy Ful said:
Auto-run malware is rare nowadays, because of Windows settings introduced in Windows Vista SP2. There were dangerous autorun attacks based on icon shortcut exploits, but they were patched by Microsoft a few years ago. So, the infections via flash drives must assume that the user must manually run something. The DLL hijacking method is used mostly to hide the source of infection. The average user can be infected in a simpler way without DLL hijacking.
Click to expand...

Thanks for the perspective, I was wondering how serious this threat is. Nirsoft has some helpful utilities, I like to keep these in my toolbox.
 
  • Like
Reactions: simmerskool, Protomartyr, Gandalf_The_Grey and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
This Nirsoft tools vulnerability is not important for home users, at all. The DLL hijacking is mostly used to hide the source of infection, so the user has to use the already infected device or has to be already infected. It is much simpler to infect someone without using DLL hijacking. If one is worried about it, then he/she should mitigate in the first place more popular and effective methods, like all possible autostart registry entries (one hundred or more ). (y)
Also, removing this vulnerability from NirSoft tools does not improve much the security, because the attackers usually do not use these tools for DLL hijacking, but Microsoft binaries.
It can be relevant for people who rely on anti-exe solutions.

If one is still worried, then he/she can simply check the Downloads folder for DLLs and remove them from there. This should be done not because of NirSoft tools, but because of other more popular application installers and portable applications.

Maybe the developer should avoid this vulnerability, but it would be too much to demand it for free tools. He probably thinks that this vulnerability is not important for non-security tools. It would be better if the developer explained it on the NirSoft website.
 
Last edited:
  • Like
  • +Reputation
Reactions: Protomartyr, scorpionv, [correlate] and 4 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Security News New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
Replies
5
Views
2,253
Security News
NoVirusThanks
NoVirusThanks
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Windows: Side-Loading DLL attacks via licensingdiag.exe
Replies
0
Views
1,967
Security News
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
    • Thanks
QBot malware abuses Windows WordPad EXE to infect devices
Replies
2
Views
1,075
News Archive
Kongo
Kongo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top