The discovery of a dangerous vulnerability that allows to bypass all Windows security warnings

Discover Security researchers recently released a critical vulnerability that allows hackers to run malware on Windows PCs without the targeted devices triggering any kind of alarm.

The vulnerability, which has not yet been patched, allows hackers to bypass Mark of the Web, a Windows feature that labels files downloaded from untrusted websites.

The malware distributed through the vulnerability is Qbot, which belongs to the Trojan software category. It is software targeting the banking sector, and although it is old and well-known, it still poses a great threat to victims.

explained Security researchers have determined that the distribution of the malware, also known as Quakbot, begins with a phishing email containing a link to a password-protected ZIP archive.

The ZIP archive contains an ISO or IMG disc image file that, when downloaded, displays a standalone JavaScript file with garbled signatures, a text file, and a folder with a DLL file. The javascript file loads a VB script that reads the contents of the text file, which then runs the DLL file.

Since Microsoft’s Windows system did not correctly name the ISO disc image file with Mark of the Web, it allowed the software to run without any warnings. On Windows 10 or Windows 11 devices, double-clicking a disk image file will automatically mount the file as a new drive letter.

It is noteworthy that this is not the first time that hackers have abused the vulnerabilities surrounding the Mark of the Web feature, recently, it was observed that hackers published a similar method to distribute the Magniber ransomware, according to the website Bleeping Computer, as well as a recent HP report that discovered the campaign. It has also been noted that the same distorted key was used in both this campaign and the Magniber campaign.

Related Articles:  Ghost Recon: Does the end of Breakpoint announce the arrival of a new episode? Several clues

It is believed that Microsoft knew about the vulnerability since last October, but did not release a patch for it, but given that the company realizes that the vulnerability is really being exploited, it is expected that it will release a patch for it in the Patch Tuesday update for next December.

Related posts:

Apple and Game Streamer Nickmercs Collaborate on Limited Edition Beats Studio Buds
WhatsApp launches official chat on Android and iOS to provide news, tips and more
A lower-priced cell phone can also be powerful – Samsung Newsroom India
Intel relaunches the challenge to Nvidia: with Gaudi 3 the new chip arrives to push Gen AI into busi...
Ready to take off? This 4K pro drone flies away at less than 50 euros for a few hours
Itaipu Astronomical Center is under construction
Activation with the Apple SIM card that came with the iPad series is not possible - iPhone Wired
Samsung Leads Global 5G Smartphone Market With 5 Models: Counterpoint Report

Oil compensates for most of its early losses after Saudi Arabia denied a report on “OPEC +”

Fans Festival kicks off at Oman Convention and Exhibition Centre

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.