Computer hackers have devised a new way to infect target hosts by using malicious Windows 10 shortcuts. This strategy is being used at large by numerous hacker groups and individual hackers as it is relatively easy to implement. The malicious Windows 10 shortcuts allow the criminals to perform arbitrary code execution.
Arbitrary Code Execution Possible via Malicious Windows 10 Shortcuts
Shortcuts are one of the core elements of every desktop environment and they serve a simple function — to show the path to an application and file thereby making it easier to access them. The newest version of Microsoft Windows (10) has added a new file type format that has been found to allow code execution. It is called .SettingsContent-ms and is used to create a special kind of shortcut that leads to the Windows 10 settings menu. It has replaced the “classic” Control Panel that was found in previous versions of the operating system.
Upon further analysis the files have been found to be XML documents that contain a DeepLink tag which is used to specify the on-disk location of the relevant settings page. A security researcher has discovered that this tag can be replaced with any executable file that is located on the local machines. It is possible for several commands to be chained together and executed in a sequence.
Given the fact that there have been numerous virus infections and other cybersecurity damage done to both individual users, government agencies and business networks, it is speculated that this might be one of the possible infection vectors.
There are two main cases that can be utilized by the criminals:
- Direct File Execution — The malicious Windows 10 shortcuts can be configured to start a certain program that is (Read more…)