To inexperienced users, Windows help files are among the most innocent files around. However, information security enthusiasts know that, in reality, some nasty pieces of malware can hide within a simple .hlp file.
Sophos researchers have come across
such a sample. The file is called Amministrazione.hlp
(Italian for “administration”) and once it’s executed, it drops a couple of additional elements: Windows Security Center.exe
According to experts, the dynamic library file is actually a keylogger part of the DarkShell Trojan. The malicious element records every keystroke, stores the information in a file, and then sends it back to a remote server.
So there you have it. In case you didn’t know, innocent-looking files that come via unsolicited emails can actually hide a dangerous piece of malware. We advise you to be on the lookout for such schemes and ensure that your antivirus is constantly up to date.