- Jan 24, 2011
- 9,379
Viruses and other malicious software contained in simple help files are not news to internet security specialists, but the fact that these pieces of malware are sent using email messages is part of a more recent scheme deployed by cybercriminals to fool unsuspecting victims.
Symantec's blog informs us about these new targeted attacks that come as emails and infect our computers with all sorts of ill-intended applications that are used by those who control them to take over our virtual lives.
Targeted attacks are not uncommon, in many cases hiding under "innocent" formats such as jpg, avi, doc and pdf. Other such methods imply the forgery of executable icons to make them look like harmless file formats.
As most people know, .hlp extensions are normally handled by Windows Help and they contain information on how to work with certain applications and facilities.
This new technique used by hackers is very efficient because typically, a vulnerability needs to be exploited in order for an attack code to be executed and in case the target computer's security is up to date, the hit will probably fail.
Help files on the other hand call Windows API to be executed and this way the planted code is ran along with it.
While the victim only sees a blank Windows Help window, his system is being infected with all sorts of bad things.
Under normal circumstances, no user should ever receive .hlp files by email. However, email recipients can easily recognize the icon for the .hlp file type, as shown below:
Read more
Symantec Report : .HLPing Targeted Attacks