Windows is increasingly trying to stop viruses and malware, even if you don't have the best protection software installed.
So malware developers have to be very creative to infect systems. Attacks have recently been observed using the application Calculator of Windows 7.
Security researcher “ProxyLife” He discovered that some malware and phishing attacks are using Windows 7's Calculator app to break into modern Windows PCs, Bleeping Computer reports.
The attack begins by tricking someone into downloading an ISO disc image disguised as a PDF or other file, which contains a shortcut that opens a malicious copy of the Number appmachine (Calculator).
Why are they using an outdated version of the Calculator app to hack systems?
Well, the Windows 7 Calculator uses Dynamic Link Libraries (DLLs) in the same folder, if any, instead of using the libraries located in the Windows system folder.
Opening the Calculator app doesn't trigger any alarms in Windows, probably because it's signed by the Microsoft, but is still able to load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.
Newer versions of the Calculator app included with Windows are not vulnerable. That's why they use an older version.
The files used in the phishing attack are “calc.exe” from Windows 7 and two ProxyLife DLL files
It's not yet clear if Microsoft has updated Defender to recognize this type of attack, but if you're not downloading files from strange websites (or email attachments from people you don't know), you probably don't need to worry.
Update:
On our Facebook page we saw comments questioning the above, using Microsoft's non-support of Windows 7 as justification. You should read the whole text before judging it.
So above we mention:
“Why are they using an outdated version of the Calculator app to hack systems?
Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.”
Attackers use an older application to attack new systems:
“Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.
Newer versions of the Calculator app included with Windows are not vulnerable. That's why they're using an older version.”