Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
News
Security News
Fake Google Meet conference errors push infostealing malware
Message
<blockquote data-quote="Andy Ful" data-source="post: 1105146" data-attributes="member: 32260"><p>This attack vector can be dangerous for inexperienced users. The malicious code is executed outside the web browser via CmdLine, similar to a shortcut attack.</p><p>The attack can be done filelessly. </p><p>Such attacks are not especially dangerous for cautious users. Anyway, this attack vector can be easily prevented by blocking the Run option in Explorer:</p><p></p><p>1. System wide:</p><p>[CODE][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]</p><p>"NoRun"=dword:00000001</p><p>[/CODE]</p><p></p><p>2. Per user only:</p><p>[CODE]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]</p><p>"NoRun"=dword:00000001</p><p>[/CODE]</p><p></p><p>Warning.</p><p>This policy will block another possible attack by opening Windows Explorer via the <strong>Windows logo key </strong>+ <strong>E </strong>and pasting the malicious CmdLine into the Address bar.</p><p>Of course, the user will not be able to use this method for benign actions like running an application by pasting the application path into Explorer's Address bar (most people do not use this at all).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1105146, member: 32260"] This attack vector can be dangerous for inexperienced users. The malicious code is executed outside the web browser via CmdLine, similar to a shortcut attack. The attack can be done filelessly. Such attacks are not especially dangerous for cautious users. Anyway, this attack vector can be easily prevented by blocking the Run option in Explorer: 1. System wide: [CODE][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"=dword:00000001 [/CODE] 2. Per user only: [CODE]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"=dword:00000001 [/CODE] Warning. This policy will block another possible attack by opening Windows Explorer via the [B]Windows logo key [/B]+ [B]E [/B]and pasting the malicious CmdLine into the Address bar. Of course, the user will not be able to use this method for benign actions like running an application by pasting the application path into Explorer's Address bar (most people do not use this at all). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
