Beware while opening Windows Help File: There is new malicious file which disguise as Windows Help file(.hlp) and drops DarkShell Keylogger.
Sophos Researchers have come across a windows help file Amministrazione.hlp ("Amministrazione" is Italian for "Administration").
If a user open the file, it will display the following error message:
According to the Researchers, the DLL part of the malware attack is keylogger that found to be part of the DarkShell Trojan. The Keylogger component records every keystrokes and store in a file "UserData.dat". Once data is collected, the malware send the file to images.zyns.com.
Help could not read the current Help file. Make sure there are no errors on the disk, or if the file is on a network drive, that the server is active. (163)In the background, however, it drops a couple additional files called Windows Security Center.exe and RECYCLER.DLL.
According to the Researchers, the DLL part of the malware attack is keylogger that found to be part of the DarkShell Trojan. The Keylogger component records every keystrokes and store in a file "UserData.dat". Once data is collected, the malware send the file to images.zyns.com.
Sophos Security solutions detect the Help file as Mal/HlpDrop-A, Windows Security Center.exe as Mal/DarkDrp-A and RECYCLER.DLL as Mal/DarkShell-A.