According to a research done by SOPHOS malware analysis team. hackers are using windows help file (.HLP) to infect victims computer.
Malware authors can create BODYTRAPPED .HLP files that will infect your computer with a keylogger.
The below screeenshot presents an example how a cyber criminal can use Social Engineering to trick unsuspecting users into infecting their computers.
If the victim will open this file he will receive this error message:
"Help could not read the current Help file.
Make sure there are no errors on the disk, or if the file is on a network drive, that the server is active. (163)"
However in the background a file called Windows Security Center will be dropped on to computer which in turn creates a file called RECYLER.DLL.
Recycler.dll file is a keylogger which stores your keystroke in following file:
\Documents and Settings\username\Local Settings\Application Data\UserData.dat
The Malware attempts to send this data to images.zyns.com.
So Stay safe- Do not click on HLP files without verifying the source of the file.
Source: News.sofia.com
Malware authors can create BODYTRAPPED .HLP files that will infect your computer with a keylogger.
The below screeenshot presents an example how a cyber criminal can use Social Engineering to trick unsuspecting users into infecting their computers.
 |
| Administrator.hlp file |
If the victim will open this file he will receive this error message:
 |
| Error after opening HLP file |
"Help could not read the current Help file.
Make sure there are no errors on the disk, or if the file is on a network drive, that the server is active. (163)"
However in the background a file called Windows Security Center will be dropped on to computer which in turn creates a file called RECYLER.DLL.
 |
| Files Associated with this threat. |
\Documents and Settings\username\Local Settings\Application Data\UserData.dat
The Malware attempts to send this data to images.zyns.com.
So Stay safe- Do not click on HLP files without verifying the source of the file.
Source: News.sofia.com
