A new threat hits Windows. It is Pingback, a malware that uses the Internet Control Message Protocol (ICMP) to carry out command and control activities. It is capable of loading malicious DLLs and putting users’ safety at risk. We will give some important tips on protecting ourselves from this problem and always remaining safe.
Pingback, a new malware that affects Windows
As you know, in today’s time, Windows 10 is the most used. This means that when a new threat appears, many users can be affected. We must therefore take precautions and not have problems.
Trustwave security researchers who have discovered this problem have dubbed the malware Pingback. It affects 64-bit Windows systems, and as we have stated, it relies on DLL hijacking to achieve its goal.
This malware targets the Internet Control Message Protocol used by the ping command and by traceroute in Windows. Specifically, it uses a 66 KB file with the name oci.dll and places it in the System folder through another attack vector or process.
However, as security researchers point out, this threat was not loaded via rundll32.exe, as usual, but via DLL hijacking. This is a technique used by cybercriminals to sneak a malicious DLL into a folder that the operating system will trust and get a legitimate application to run it.
Specifically, hackers have used the Microsoft Distributed Transaction Control (msdtc) process to run oci.dll, the malicious file. The actual oci.dll file is an Oracle library.
Entry method unknown
At the time of writing, security researchers are unaware of exactly how they could have introduced the malicious oci.dll file. However, they suspect that it may be through another malware sample, Updata.exe.
This threat, once launched through msdtc, uses ICMP to receive commands from its server. The researchers also indicate that Pingback remains hidden from users, so that is an advantage in the face of attackers. By not using TCP or UDP, it is more difficult to detect by specific tools.
Once again, we can see the importance of always keeping our equipment safe. It is very important to have the system updated, as this will prevent vulnerabilities that hackers can exploit to launch their attacks. The developers themselves release those patches to correct problems. We must stop them from entering the computer and attacking us.
But it is also essential to have security programs. A good antivirus, firewall, and other tools can help us avoid problems. They help us analyze files that may be malicious and seriously compromise our security.
Another essential issue is common sense. Keep in mind that in most cases, hackers will require user interaction to execute their threats.
- How to Create an Anonymous and Secure Email
- What is electronic invoicing?
- How to Delete Deleted Messages on Facebook?