ADVERTISEMENT

Unofficial Solution to Windows Bug Used to Infect Home Computers with Ransomware

Unofficially, a cybersecurity company has released another patch to fix a Windows bug that Microsoft has not fixed. This hole is being actively exploited by ransomware writers to spread ransomware.

ADVERTISEMENT

Let’s go back to October 17th, when Acros Security published a tiny binary patch to fix a bug in Microsoft’s Mark-of-the-Web feature (MotW). This feature will set a flag in metadata for files downloaded from the internet, USB sticks and other untrusted sources. This flag makes sure that extra security protections kick into place when files are opened. For example, Office blocks macros from running, and the operating system checks that the user actually wants to run that.exe.

Trending
Facebook and Instagram Reopen Ban on Naked Breasts

Windows bug
ADVERTISEMENT

It turned out that it is possible to bypass this feature and have files downloaded from a website not carry the MotW Flag, bypassing all protections when they are opened. An attacker could block Windows from placing the MotW flag on files that are extracted from ZIP archives that were obtained from untrusted sources. This vulnerability can be used by criminals to trick marks into opening ZIP archives and then running malicious software inside without the usual security protections. Will Dormann, the senior vulnerability analyst at Analygence, highlighted the bug months earlier.

This oversight has not been corrected by Microsoft. Kevin Beaumont, an IT observer, stated that the bug was being exploited by the wild on October 10. Acros released a micro patch a week later to help close the hole while Redmond catches up.

Acros has now emitted another patch that addresses a related MotW security flaw in Windows, which Microsoft has yet to fix.

What’s new?

HP Wolf Security published a report just days before the release of the first patch. It detailed a series of ransomware attacks in September that all started with a web-download. Victims were instructed to download a ZIP file that contained a JavaScript file disguised as an antivirus program or Windows software update.

When the script was run, Magniber, a ransomware attack targeting Windows home users, was actually executed. Wolf Security claims that the script can scramble documents and extract as much as $2,500 from victims in order to restore their data.

Magniber doesn’t fall under the Big Game Hunting category, but it can still cause serious damage,” Wolf Team wrote in its report. Big Game Hunting is when criminals infect large, wealthy enterprises with the hope of making a huge payday. This malware was likely to target home users based on the supported operating systems versions and UAC bypass.

Next >>

Related Articles

MusicLM

Google Has Created ‘MusicLM’, an AI That Converts Text to Music.

Google alum Elad Gil

ChatGPT Has Been Down , but People Still Use It. Elad Gil, Google Alum, Says This Is Bad Silicon Valley Advice.

Audi’s new EV

Audi’s New EV Luxury SUV is Augmented Reality and Doubles As a Pickup

Sherp The Ark is the Only All-Terrain Vehicle

Sherp The Ark Is the Only All Terrain Vehicle You’ll Need

Moon Look Upside Down From Australia

People in Australia See the Moon Upside Down

ban on bare breasts

Facebook and Instagram Reopen Ban on Naked Breasts

Video Game Room Ideas

Video Game Room Design Ideas to “Level up” Your Gaming Space

Video of Tsunami-Like Clouds

Video of Tsunami-Like Clouds Making a Neighborhood Viral Today

New Algorithm Closes Quantum Supremacy Window

Quantum Supremacy Window Closed by a New Algorithm

WhatsApp message

WhatsApp Users Will Be Able to Send Messages During Internet Blackouts

ADVERTISEMENT