Monday, November 28, 2022
HomeDigit NewsHackers learned how to hack Windows 7 using the "Calculator"

Hackers learned how to hack Windows 7 using the “Calculator”

The Windows 7 operating system is still popular. However, due to the lack of security updates, it has become vulnerable to some attacks that do not work on newer operating systems.

Experts recently found a modification of the Trojan Qbot (also known as Qakbot), which uses a DLL substitution technique. It is noteworthy that the calculator in Windows 7 is involved for this.

In the first stage, the virus spreads through email. The victim is sent an HTML file, which then downloads a ZIP archive with a password. Inside it is an ISO image that contains the calc.exe file, two libraries – WindowsCodecs.dll and 7533.dll, and a shortcut with the “.lnk” extension. It pretends to be a PDF file with important data or a file that opens in the Microsoft Edge browser. However, when it is opened, the calculator is launched, which initiates the infection.

The fact is that calc.exe loads the WindowsCodecs.dll library, but if a library with the same name is placed next to the start file, then it will be used. Thus, it is possible to replace a legitimate library with a malicious copy.

Note that this attack only works on Windows 7, since the vulnerability with the library has been fixed in newer OSes.

Formerly Microsoft updated Windows 7, Windows 8.1, Windows 10 and Windows 11.

- Advertisement -

- Advertisment -

- Advertisment -spot_imgspot_imgspot_img


Two Wheeler


Digit News