In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >
Share
Shulou(Shulou.com)11/24 Report--
CTOnews.com, November 22, when you download a file from a remote location that you can't trust, such as a website or email attachment, the Windows system adds a special attribute to the file called "Mark of the Web" (MoTW for short). Recently, a zero-day vulnerability has been exposed in the Windows system, which can release Qbot malware without displaying the "network tag".
CTOnews.com learned that MoTW is a supplementary data stream that contains file information such as URL security zones, referrals, download URL, and so on. When users try to open a file with the MoTW attribute, Windows displays a security warning asking them if they are sure they want to open the file.
The warning reads: "while files from the Internet may be useful, this file type may damage your computer. If you don't trust the source, please do not open this software."
HP's threat intelligence team (HP Threat Intelligence) reported last month that hackers were found distributing Magniber blackmail software in the form of JavaScript files during a cyber attack phishing. These JavaScript files are different from those used on the site, but are stand-alone files with the ".JS" extension, executed using the Windows scripting host (wscript.exe).
After analyzing the files, Will Dormann, a senior vulnerability analyst at ANALYGENCE, found that the threats used a new Windows zero-day vulnerability that prevented the flags in the network security warnings from being displayed.
By exploiting this vulnerability, JS files (or other types of files) can be signed with signature blocks encoded by embedded base64. After that, the user opens the malware and is not marked by Microsoft SmartScreen and displays a MoTW security warning, but automatically allows the program to run.
This QBot malware phishing activity distributes ZIP files containing ISO images and password protection. These ISO images contain a Windows shortcut and DLLs to install malware.
CTOnews.com has learned that Microsoft has fixed this vulnerability in its cumulative update released on Tuesday, November 2022.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
