Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Hackers Are Spreading Malware Through Windows Troubleshooting Platform!

 

 

Windows Troubleshooting Platform (WTP) is a legitimate feature of Windows, which is helpful for Windows users to troubleshoot all the problems related to Operating System. A new social engineering attack has been discovered by security researchers of US based cyber security company Proofpoint. Hackers are exploiting this WTP feature of windows to spread LatentBot malware. Hackers are tricking users to run a cloned malicious troubleshooting program.

 

How it is possible?

Let me give you some more information about Windows Troubleshooting Platform. After a security update, windows is not representing its WTP as a security warning in front of users. Windows had asked its users to run troubleshooter every time when it appears. Hackers are taking advantage of this fact. They are manipulating windows users to run a malicious troubleshooting program.

 

Social Engineering Attack Used By Hackers

Hackers are sending a malicious file as an email attachment to the victims. When victim opens that attachment after downloading, it shows a troubleshoot window. This troubleshoot window is telling the victims that there is an issue with font settings of system. Further it asks victim to double click on an error to automatically detect actual charset. When a victim clicks on it, he/she is actually allowing malicious DIAGCAB file to do its work. (DIAGCAB is a file extension of Windows WTP). It allows malware to show a "convincingly realistic" download wizard to user. When victim clicks on next button, malware enters into program files of system and executed on the system.

 

 

About Malware

Hackers are spreading LatentBot named malware through this social engineering attack. It is a well-documented hard coded modular botnet. Hackers are using it for anonymous surveillance, to steal sensitive information and to get remote access of any system.

 

Similar Posts: 

Windows Users Locked Out By SOPHOS Antivirus Tool!

Alert For Windows 10 Users! Update Your System Immediately to Patch 9 Critical Vulnerabilities!

6 Key Elements To Protect Small Businesses From Hackers!

 

According to security researchers of Proofpoint, this malware is capable to bypass observations of various sandbox product because all the process is happening outside of msdt.exe file. This social engineering attack is a proof that hackers are bypassing evasion methods of sandbox products very easily through command based nonstandard execution flow of codes.

 

"Spreading malware through Windows Troubleshooting Platform (WTP) is not a new thing for hackers. Background Intelligent Transfer Service, WMI, Task Scheduler and Office Interoperability services of Microsoft Windows had been exploited by hackers already to spread malwares."

 

Security Tip For Windows Users

This convincing method of hackers is making fool of experienced window users as well because it is capable to bypass security techniques of various sandbox products. To protect yourself from this malware, never clicks on that attachments which you are getting from unknown email addresses. 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.