DLL Counterfeiting: Security Researchers Have Proposed A New Strategy To Prevent Blackmail Software From Encrypting Files

take 5 minutes to read
Home News Main article

Although malware developers are good at using various software and hardware vulnerabilities to achieve their goals, the finished products they spread are not flawless For example, recently, security researcher John Page (also known as hyp3rlinx) introduced a new routine of anti blackmail software According to the content published on personal websites and twitter accounts, John Page specializes in finding vulnerabilities in malware itself and recently shared methods to prevent blackmail software from encrypting victim files.

1.jpg

Video screenshot (from malvuln / YouTube)

It is reported that many blackmail software will be affected by DLL hijacking. Usually, attackers will use this dynamic link library to trick programs into loading to run the malicious code they expect.

But on second thought, you can also make rational use of this technology to "anti hijack" and prevent some types of blackmail software.

Ransom WannaCry - Code Execution Vulnerability(via)

John Page shared details of vulnerabilities and custom DLLs against the latest version of malware such as Revil, wannacry and conti on the website.

It can be seen that to successfully unravel, the DLL needs to wait in the potential directory where the attacker may place malware.

3.png

Screenshot (from malvuln website)

John page also recommends a layered strategy, such as placing it on network sharing containing important data.

Since DLLs are not called before ransomware accesses them, this can ignore ransomware activities that bypass anti-virus software protection.

2.png

Unfortunately, the DLL anti hijacking routine is only applicable to Microsoft Windows Operating system, which cannot be easily copied to Mac, Linux or Android platforms.

In addition, it can only try to avoid being blackmailed to encrypt files, but can not prevent the attacker from accessing the system and divulging data.

Gu Ailing Does Not Rule Out Another Winter Olympics: She Still Loves Skiing
« Prev 05-05
New Imaging Technology Is Expected To Bring Low-cost Handheld Skin Cancer Scanners
Next » 05-05