Hackers learned how to hack Windows 7 using the “Calculator”
Tech News

Hackers learned how to hack Windows 7 using the “Calculator”

Windows 7 is still very popular. It is still popular due to its inability to update security.

Experts have discovered a modified Trojan Qbot (also called Qakbot) that uses a DLL substitution technique. This is notable because Windows 7’s calculator is involved.

The virus spreads via email in its first stage. A victim receives an HTML file. This HTML file then allows them to download a ZIP archive with their password. It contains an ISO image containing the calc.exe and two libraries, WindowsCodecs.dll & 7533.dll. A shortcut with the “.lnk” extension is also included. It appears to be a PDF file containing important data, or an open file in Microsoft Edge. The infection begins when the calculator is launched after it is opened.

It is a fact that calc.exe loads WindowsCodecs.dll, but it will not use a library of the same name if it is placed next the start file. It is possible to replace an authorized library with a malicious copy.

This attack is only compatible with Windows 7 because the vulnerability in the library was fixed in newer OSes.

Microsoft previously updated Windows 7, Windows 8.1 and Windows 10 in the past.

 

Hackers learned how to hack Windows 7 using the “Calculator”
Click to comment

Leave a Reply

Your email address will not be published.

Most Popular

To Top