BlackCSI Blog

BlackCSI has been serving the Pennsylvania area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

A Windows Vulnerability found in your Calculator? Here’s What You Should Know

A Windows Vulnerability found in your Calculator? Here’s What You Should Know

Sometimes security breaches and hacking attacks come from the most unlikely of sources, even going so far as to utilize trusted applications to infect an endpoint or network. This is the case with a new phishing attack which uses the Calculator application that comes built-in with Windows in a very creative way. This is just one example of how hackers have been forced to innovate to combat the increasingly secure systems which businesses and users rely on today, and it should be a testament as to why you can never be too careful.

What is the Threat?

A security researcher who goes by ProxyLife on Twitter has reportedly discovered that there are several strains of malware and phishing attacks utilizing an outdated version of Microsoft’s Calculator application to find their way onto your network and launch their attacks—specifically the Windows 7 version of Calculator. The way that it works is that a cybercriminal tricks the user into downloading an ISO disc image which is disguised as a PDF or other similar file. This ISO contains a shortcut to an opened version of the Calculator application.

The Windows 7 Calculator can use what are called Dynamic Link Libraries in the same folder rather than defaulting to Windows’ system default libraries. The Calculator then runs the library, which is infected with malware. Later versions of Calculator do not have this capability, hence why an older version is necessary. Since Windows thinks that Calculator is a legitimate application, opening it in this way doesn’t set off any red flags within the system.

Should You be Worried?

At the end of the day, this is largely an obscure threat that sees hackers using the tools at their disposal in creative and different ways. It is not yet known if Microsoft has issued an update to Defender to put a stop to these types of attacks, but the long and short of it is that you probably won’t encounter this specific threat, as long as you are using proper security practices while browsing the Internet or checking your email.

Still, the idea that threats can use trusted and known applications in this way can make things a bit of a hassle for your IT team. These types of attacks might bypass the defenses built into your operating systems, but they can be caught if you are proactively monitoring your infrastructure for abnormalities. These abnormalities can then be contained, isolated, and eliminated. Of course, the problem here is that you likely wouldn’t find this type of threat if you weren’t actively looking for it—which is where we come in.

Proactively Monitor Your Network with Our Services

We know that it can be a challenge to keep your network safe. That’s why we make it easy with our remote monitoring services. Combined with comprehensive security solutions like a firewall, antivirus, spam blocker, and content filter, you’ll find that your network has never been safer. To learn more about what we can do for your business, contact us today at (717) 620-3042.

4 Actions You Can Take to Secure Your Wireless Net...
Managed IT Services Destroy Downtime
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Tuesday, October 04, 2022

Captcha Image

Latest News & Events

Leading MTSP Shares How to Protect Businesses from Cybercrime HARRISBURG, PA – September 23, 2022 – BlackCSI, a leading managed technology services provider (MTSP), is educating small to mid-sized business (SMB) owners on how they can prote...

Latest Blog

We apologize for the pun, but we couldn’t help ourselves. When you go about your business and attempt to onboard a new client or implement a new tool for your company, you spend time getting to know what your business is doing and why. Well...

Contact Us

Learn more about what BlackCSI
can do for your business.

(717) 620-3042

BlackCSI
507 N. York Street
Mechanicsburg, Pennsylvania 17055