Files with code-executing properties attached to emails.
Researchers at
Symantec
have discovered
Windows
Help Files being used in targeted attacks.
Such help files, which use the
.hlp
extension, are used by
Windows Help
, a program that allows users to find help for programs running on the popular operating system. Because the files can call the
Windows
API, they have been used for malicious purposes for a long time. However, this is the first time they have been attached to emails.
Because of the ability of such files to call the API, malware authors do not have to exploit vulnerabilities. On the other hand, there may be few legitimate reasons for attaching
.hlp
files to emails, and developers of email security software may want to consider blocking such attachments by default – thus protecting their users from falling victim to such an attack.
Targeted attacks, often referred to as Advanced Persistent Threats (APT), have led to a lot of debate in the anti-malware industry. Some experts claim that this is the most important threat for larger organizations, while others believe the threat is exaggerated and that many such attacks use methods that are far from advanced. In a
panel discussion
at VB2011, experts will discuss how the industry should approach such attacks.
More at
Symantec
‘s blog
here
.
VB2011 takes place 5-7 October in Barcelona, Spain.
Click here
for more information or to register.
Posted on 15 September 2011 by
Virus Bulletin
Leave a Reply