Gravité Blog
Even the Built-In Calculator in Windows Could Allow Threats In
You might be surprised by some of the security breaches and vulnerabilities out there, including some for apps that you would never suspect, like Windows’ Calculator application. Hackers are always looking for new ways to infect endpoints, and nothing exemplifies this better than this particular threat, one which utilizes the Windows 7 calculator app to launch attacks against Microsoft operating systems.
How Does This Threat Work?
According to security researcher ProxyLife on Twitter, there are several strains of malware utilizing an old version of the Calculator application loaded on Microsoft’s Windows operating systems. This particular version of the Calculator app was used on Windows 7, and this threat works by tricking a user into downloading an ISO disc image disguised as a PDF or other file. The ISO uses a shortcut to open the included Calculator application.
One of the features of the Windows 7 Calculator app is the use of Dynamic Link Libraries, or .dll files, rather than defaulting to Windows’ system default libraries. This is a feature that hasn’t been used in the Calculator app since Windows 7, hence the need to run the older version of the software. The Calculator app runs these libraries to infect the system with malware, and since the Calculator appears to be a legitimate application used by Windows, the system doesn’t think twice about it, allowing it to circumvent Windows’ built-in security benchmarks.
How Much Should You Worry About It?
Ultimately, we think it’s reasonable to look at this threat as an obscure one that simply shows off the ingenuity of hackers and how they are using tools in different ways. It’s not clear whether or not Microsoft has issued an update to Defender to stop these attacks, but all you need to know is that you likely won’t encounter this type of threat, so long as you are treating potential threat vectors with the scrutiny they deserve, i.e. not downloading random files that are suspicious at best.
Even if it is unlikely you will encounter these threats, it’s a bit unnerving that trusted and known applications can create these types of issues for your IT department. One way to make sure you don’t let threats fly under the radar, even for those that aren’t deemed threats by your operating system, is to proactively monitor your infrastructure for anything that is out of the ordinary. You can then take steps to contain, isolate, and eliminate them.
Let Us Help You Monitor Your Network
If you would rather not worry about keeping tabs on your network, Gravité is happy to assist with this incredibly important part of running a business. We can implement comprehensive data security measures that minimize the opportunity for hackers to infiltrate your network. To learn more, contact us today at 1300 008 123.
Comments