What You Know About Windows Shell Vulnerability Towards Malware?

In a recent advisory, Microsoft has dispatched a alert to all users, informing users about Microsoft Windows Shell's vulnerabilities to hacker attacks and malware. These types of attacks are generally transmitted via USB devices that are infected with viruses. This vulnerability could affect all Windows system, whether it's Vista as well as Windows 7. Microsoft further confirmed that the attacks could be carried out via WebDAV and network shares. The virus usually appears when it is discovered that the Windows Shell is not able to verify the parameters of the shortcuts that virus is trying to download. This allows attackers to download malware by opening a window after you click the link of the malicious program. These shortcuts are files that have links that are linked extension of the file. www.webroot.com/safe

But, researchers are of the opinion that it is not necessary for the user to click the icon. Connecting the USB drive and browsing it is enough for malware to infect the system, leaving it vulnerable to attackers. The malware is able to override the majority of security features of the Windows operating system, even when running without having any administrative privileges. According to the analysts the malware utilizes the shortcut files with a .lnk extension of the USB which will automatically run when the operating system begins reading the files. To make things easier to access the USB stick using an application that supports shortcuts or files that are easy to access could run the malware without having to take any action.

This vulnerability was first detected this week by the Belarusian antivirus company, in which hackers were able leverage Stuxnet rootkit. For those who aren't familiar, Stuxnet rootkit is a malware that targets multinational corporations for information that is sensitive. Stuxnet rootkit has demonstrated its it's ability to hide from detection by hiding files with the suffix .lnk as well as files that begin with 'WTR' but finish in '.tmp'. Another aspect that was discovered by this virus is the capability to take over the autorun feature. This means that even if you disable autorun off the rootkit will be able execute and install itself on your system. The rootkit also is able to bypass firewalls and antivirus. What it does is inject it inside iexplore.exe files. Since many firewalls rely on iexplore.exe files it is not detected to the operating system. The malware could even disable some security features on your system. It has been discovered that using two driver types "mrxnet.sys" in addition to "mrxcls.sys" specifically the rootkit can be capable of loading and running without detection. In addition it also is able to hide the two drivers.

A security analyst from another company also said that the malware could be capable of using the default password to access information from Siemens SCADA WinCC + S7 control system database. The analyst further stated that this could point to the usage of Trojan for industrial espionage.

Microsoft has recommended that users disable icons as shortcuts and shut off their WebClient service. However, this will not resolve the issue that corporate clients face since disabling icons shortcuts could create confusion between their users, because turning off the WebClient services will render the sharing-based apps useless.

Popular posts from this blog

How to set up Webroot Safe Kids?

Image
The developers of all antiviruses try to make their product as convenient and functional as possible for the user. In this regard, the developers of Webroot antivirus have gone the furthest by creating the Webroot Safe Kids feature. And today we will tell you what this feature is, as well as how to activate and configure it. www.webroot.com/safe Webroot Safe Kids is a very convenient, and most importantly, useful application that will allow you to control your child's "movements" on the Internet. In this way, you will be able to protect him from content that you consider inappropriate for him. But besides this, the program has a number of other useful features, which we will return to in today's article, but for now, let's figure out how to install this application. So, there is nothing complicated. To get started, you must find the app on Google Play. Download it to your child's phone. At startup, you must check 2 checkboxes next to the items shown in the scr
Read more

How to disable Webroot on Samsung?

Image
Many users choose Webroot antivirus because of its reliability and versatility. However, not many people know that the developers have also made a version of the antivirus for mobile phones. It is clear that smartphones are far from computers in terms of power, so not every one of them is able to process antivirus. Because of this, the phone starts to lag. This is treated by temporarily disabling the antivirus, and in this article, we will tell you how to do it. www.webroot.com/safe Let's jump ahead a little and say that we will give an example on the Samsung Galaxy S10 smartphone, but this method is suitable not only for any other version of Samsung, but also for any other smartphone. It's just that the order of actions and some names on the menu will be slightly different. So, in order to disable Webroot on Samsung, you must go to your smartphone settings and select the "apps" item. In the top right corner, you will see a 3 dots icon. Go to it and select "show
Read more

How do i disable the firewall in Webroot?

Image
You probably know that Webroot Anti-virus is one of the most popular in the Worldwide. It's all about its functionality and reliability. And one of the features of the antivirus is the built-in firewall. It constantly monitors the data exchange between the PC and the network, thereby reliably protecting your device. But sometimes the firewall blocks the sites you really need, in which case you will have to turn it off. www.webroot.com/secure Firewall protection will be triggered when any suspicious activities of your browsing on the Internet are detected. And it doesn’t have to be something malicious, the firewall can restrict your actions “at its own whim”. To prevent this from happening, you will need to reconfigure your antivirus so that the firewall is disabled. How to disable Webroot firewall Initially, you will need to run an antivirus. To do this, find it on the panel of hidden icons, which is located on the right side of the start bar. Click on the lock of the antivirus to
Read more