Shortcuts as entry point of Malware Part 1

We came across a way of installing malware threats in a Microsoft Windows Operating System using the well-known Shortcut System that nearly everybody uses and blindly trusts.

Because of it's very nature, it is quite hard to detect. Removal might even be more difficult.


Preface

A shortcut isn’t a binary executable file. At least not directly, as it mostly points to another location folder or file. However, it can also execute Windows shell commands (which is potentially a very dangerous feature, but often used for programming tasks such as system shutdown/logoff/restart directly via a regular shortcut).

Since a shortcut isn’t a binary executable, an antivirus program will not detect such a shortcut as a possible malicious shortcut.

Shortcuts can be shared through archive files without losing its properties.

Finally you can easily change the icon and disguise the malicious shortcut with a folder icon or ...

read more...