Your one-stop web resource providing safety and security information to manufacturers

Windows help files are an invaluable tool for those trying to understand what just went wrong, but for attackers they can plant some serious malware within a simple .hlp file.

There is one file called Amministrazione.hlp (Italian for “administration”) and once it executes, it drops a couple of additional elements: Windows Security Center.exe and RECYCLER.DLL, said researchers at Sophos.

Windows 8 Prerelease has Flash Hole
Backdoor.LV Malware on Rise
Trojan Attacks Focus on Zero Days
Pushdo Trojan a Master of Disguise

The dynamic library file is actually a keylogger part of the DarkShell Trojan.

The malicious element records every keystroke, stores the information in a file, and then sends it back to a remote server.

Schneider Bold

So, even an innocent-looking files that come via unsolicited emails can actually hide a dangerous piece of malware.

Pin It on Pinterest

Share This