web analytics
Home » Technology » Windows calculator Being Used to Infect Devices

Windows calculator Being Used to Infect Devices

You wouldn’t suspect that there is a malicious software gateway behind the Windows computer. This is exactly the path that the creators of the QBot malware are now taking. The attacks target less cautious Windows 7 users and use manipulated DLL files.

There is potential for danger between plus, minus, and time

Windows 7 is becoming more and more outdated, small cracks appear here and there in the facade, which grows into really big problems. Currently warning bleeping computer for a new gateway in the 13-year-old operating system. The people behind the QBot malware, which are already ten years old, are currently using a hole in the Windows computer to load the malicious payload on infected computers.

This is basically an attack that relies on the common “DLL sideloading”, which exploits a weakness in the way dynamic link libraries (DLLs) are handled in Windows. The fairly simple attack method: a legitimate DDL is forged and placed in the correct folder from which the operating system then retrieves it.

Now, the security researcher with the alias ProxyLife has discovered that QBot has been using this method since at least July 11 to infect computers for malware campaigns and possible further attacks. As so often, however, it is not possible without the victims’ lack of caution. The people behind the scenes use emails with attachments that not only need to be opened but are actively downloaded.

Jump through the hoop three times, please

But that was not the end of the involuntary assistance that those who were attacked had to offer. Several steps are required when requesting passwords until clicking a link triggers the infection. This is where the Windows DLL problem comes in: the calculator doesn’t look for the DLL in hard-coded paths, but simply loads any DLL with an apparently matching name that resides along with the Calc.exe executable.

The associated DLL sideloading flaw can no longer be exploited with Windows 10 Calc.exe and above, so these attacks target the Windows 7 version. And on Windows 7, a healthy dose of caution and vigilance when opening an email can completely prevent the attack.