14 DAY TRIAL // Viruses and other malicious software contained in simple help files are not news to internet security specialists, but the fact that these pieces of malware are sent using email messages is part of a more recent scheme deployed by cybercriminals to fool unsuspecting victims.
Symantec's blog informs us about these new targeted attacks that come as emails and infect our computers with all sorts of ill-intended applications that are used by those who control them to take over our virtual lives.
Targeted attacks are not uncommon, in many cases hiding under "innocent" formats such as jpg, avi, doc and pdf. Other such methods imply the forgery of executable icons to make them look like harmless file formats.
As most people know, .hlp extensions are normally handled by Windows Help and they contain information on how to work with certain applications and facilities.
This new technique used by hackers is very efficient because typically, a vulnerability needs to be exploited in order for an attack code to be executed and in case the target computer's security is up to date, the hit will probably fail.
Help files on the other hand call Windows API to be executed and this way the planted code is ran along with it.
While the victim only sees a blank Windows Help window, his system is being infected with all sorts of bad things.
Symantec researchers state that they haven't so far seen any .hlp files with forged icons so it is fairly easy to visually identify them by the large question mark contained in the blue circle.
Users are recommended not to open any such document received by email except if they are involved in related activities. Network administrators are also advised to set up servers to filter out any messages containing .hlp attachments unless they have a good reason not to do it.