Corbin Davenport
Windows has become better and better at stopping viruses and malware, even if you don’t have the best antivirus software installed. Malware developers have to get creative to infect systems, which now includes utilizing the Windows 7 Calculator application.
Security researcher ‘ProxyLife’ discovered some malware and phishing attacks are now using the Calculator application from Windows 7 to break into modern Windows PCs, as reported by Bleeping Computer. The attack starts by tricking someone into downloading an ISO disc image disguised as a PDF or other file, which contains a shortcut that opens an included copy of the Calculator application.
So, why use an outdated version of Calculator to break into systems? Well, the Windows 7 Calculator will use Dynamic Link Libraries (DLLs) in the same folder if they are present, instead of always using the libraries in the Windows system folder. Opening the Calculator doesn’t set off any alarm bells in Windows, likely because since it’s signed by Microsoft, but it can still load an infected “WindowsCodecs.dll” library bundled with Calculator. Newer versions of the Calculator app included in Windows aren’t vulnerable to switching DLLs, which is why an older version is included in the package.
It’s not clear yet if Microsoft has updated Defender to properly recognize this type of attack, but if you don’t download files from strange websites (or email attachments from people you don’t know), you probably don’t have to worry about it.
Via: Bleeping Computer
- › The New Kubuntu XE Could Be the Linux Laptop for You
- › Audible Now Has Audio Books With Dolby Atmos
- › Lenovo’s New Gaming Laptops Have Too Many Options
- › Grab an Anker 65W USB-C Charger for Just $35 Today
- › YouTube Music vs. Spotify: Which Is Better for Streaming?
- › Windows 11 Will Make USB4 Easier to Troubleshoot
