Cyber criminals use Microsoft help files that Windows users just provide information on various subjects, in order to spread malware. The software giant should therefore take measures to defuse this threat, as advocates security company Check Point.
The problem is present with chm files, which stands for Microsoft Compressed HTML Help. This format is the successor of the famous .hlp file in Windows. CHM files are highly interactive and can contain various technologies, such as JavaScript and PowerShell commands. This makes it possible to automatically download a file when the CHM file is opened.
There have been several attacks in which malicious observed chm files are distributed via e-mail. Many users would not know that this is a potentially dangerous file. "The .chm help files are often used as software documentation and help manual. As the use is so common, we find the use of the help files is usually not suspected," says analyst Oded Vanunu Check Point.
He recently discovered a CHM file that the program Putty downloaded and executed on the computer, which then further commands could be executed on the computer. Many virus scanners, however, would not detect the malicious CHM files."Microsoft has not yet developed a patch to prevent this attack method. Therefore, it is still used by attackers as not be noticed by virus," said Vanunu.
No comments:
Post a Comment