Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Hackers Abusing Windows Search to Spread Malware
Cyber security researchers at SOCRadar and Trellix have recently uncovered a new method hackers are using to spread malware on Windows computers. This method takes advantage of a Windows feature called the “search-ms” protocol handler.
What is the “search-ms” protocol handler?
The “search-ms” feature allows you to quickly search for files and folders on your computer or network. When you click on a specially crafted link, it will start a search using the “search-ms” system.
How are hackers abusing this feature?
Hackers are creating phishing emails and websites with links that use the “search-ms” protocol. When you click these links, it secretly searches a hacker-controlled server and shows you fake search results. These fake results look like real files on your computer, but they are actually shortcuts to malware.
If you click these malicious shortcuts, it will download malware onto your computer. This allows hackers to infect your computer with dangerous programs called “remote access trojans” or RATs.
What can RAT malware do?
Once installed, RAT malware allows hackers to:
- Steal sensitive information like passwords and financial data
- Remotely control your computer
- Use your computer for criminal activities
Notable Attributes:
- The use of unique file signatures/fingerprints and frequent updates to malicious files are employed to obscure their true nature, making it harder for security software and measures to detect and prevent them.
- Additionally, the use of SSL encryption throughout the attack further enhances the ability to evade network security measures.
How to stay safe:
- Be very cautious of email links, even if you know the sender. Hover over links to check the real destination.
- Don’t download files from websites you don’t fully trust.
- Keep your anti-virus software up-to-date.
- Consider disabling the “search-ms” feature if you don’t need it. This prevents abuse.
While this threat sounds scary, just exercising caution with links and downloads will go a long way in keeping you safe. Be skeptical of anything encouraging you to download files or shortcuts.
Related Links:
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…