Search

Friday, 21 September 2012

DarkShell Keylogger Comes as Windows Help File.

DarkShell Keylogger Comes as Windows Help File.

To inexperienced users, Windows help files are among the most innocent files around. However, information security enthusiasts know that, in reality, some nasty pieces of malware can hide within a simple .hlp file.


Sophos researchers have come across such a sample. The file is called Amministrazione.hlp (Italian for “administration”) and once it’s executed, it drops a couple of additional elements: Windows Security Center.exe and RECYCLER.DLL.

According to experts, the dynamic library file is actually a keylogger part of the DarkShell Trojan. The malicious element records every keystroke, stores the information in a file, and then sends it back to a remote server.

So there you have it. In case you didn’t know, innocent-looking files that come via unsolicited emails can actually hide a dangerous piece of malware. We advise you to be on the lookout for such schemes and ensure that your antivirus is constantly up to date.


0 comments:

Post a Comment