Kingsoft drug overlord Security Warning: insecure dll files cause Windows attacks

Source: Internet
Author: User

On July 15, August 23, Microsoft released the 2269637 Security Bulletin, announcing that writing some nonstandard dll files may lead to execution of arbitrary programs, including virus Trojans. Kingsoft drug overlord security expert said that when the program is running, you need to search for files with dll extensions in the current path and system path. If the library file has defects such as writing non-standard files, this may cause Trojans and other malicious programs to be loaded. It is reported that this vulnerability may exist in multiple versions of Windows XP to Windows 7, and nearly third-party applications may also be exploited.

Microsoft Security Bulletin shows that this vulnerability may exist in multiple versions from Windows XP to Windows 7, and third-party applications may also be exploited. Attackers can exploit this vulnerability to create special programs or documents. If a user with administrative permissions opens these special files, the computer may be fully controlled by attackers.

Currently, the attack code has been published on the Internet. Hackers can create attack programs based on these Attack codes. Kingsoft drug overlord security lab has been tested to determine that these vulnerabilities are more serious. Wireshark, Windows Live email, Microsoft MovieMaker, Firefox, uTorrent, and PowerPoint are known to have been used.

As demonstrated, attackers construct a plugin_dll.dll with a hidden property and put it in the same path as a BT seed file. When users double-click this seed file to start BT download, they will call the calculator program, of course, real attackers will directly call harmful programs, rather than an interactive calculator.

650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'border =" 0 "alt =" insecure dll causes windows to be attacked "src =" http://www.bkjia.com/uploads/allimg/131227/09151UX8-0.png "/>

In the same way, hackers can construct a pptimpconv. dll file and package a PPT file. When the user opens the pptfile, the specified attack program can run in the background.

According to an analysis by Kingsoft drug overlord security lab, this vulnerability exists in a wide range of third-party software except Windows systems. The dll file of the digital theft virus last week was maliciously exploited, similar to this vulnerability. It is recommended that software developers check their own DLL programs for risks by referring to the official Microsoft MSDN documentation.

Kingsoft drug overlord security lab will pay close attention to the progress of the vulnerability. Users can use Kingsoft guard to fix the vulnerability and use Kingsoft drug overlord 2011 security package to improve system security.

References:
Http://www.exploit-db.com/exploits/14723/
Http://www.exploit-db.com/exploits/14726/
Http://www.theregister.co.uk/2010/08/24/windows_dll_casualties/
Http://www.microsoft.com/technet/security/advisory/2269637.mspx
Http://blogs.technet.com/ B /srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx


Special thanks:
A rust sword

This article is from the "anti-virus circle" blog, please be sure to keep this source http://litiejun.blog.51cto.com/134711/384354

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.