Malicious LNK file properties (Photo = Provided by East Security) *Resale and DB prohibited
[서울=뉴시스]Reporter Song Hye-ri =
#A, who runs a company, received an e-mail titled ‘Irregular Tax Investigation Notice’ one day. For a while, I thought, ‘This kind of mail is also coming’, so I opened the mail to avoid being victimized by missing information.
I had a recent security update, so I thought, ‘I can’t be infected with malicious code’.
The mail had three attachments. Mr. A opened the LNK file at the top and filled in the requested contents. A few days later, Mr. A found out that his personal information had been leaked.
Cyber attacks that abuse LNK, a ‘shortcut/link’ file, have been rampant this year, prompting the security industry to pay attention.
The attacker sent an LNK file impersonating domestic organizations such as the Fair Trade Commission and the National Tax Service by attaching an LNK file with malicious code. If the recipient executes this file, the malicious command is activated and personal information is leaked to the outside.
In particular, in the case of attacks targeting existing software vulnerabilities, primary prevention is possible by applying security updates and security patches.
For this reason, the security industry advised that it is necessary to check the file extension before executing the file, and to suspect the possibility of a malicious file and pay attention to an LNK file with an abnormally large capacity.
◆This year, LNK abuse attacks are on the rise… Mislead recipients through social engineering techniques
On the 7th, the security industry requested caution as cyber attacks using LNK files on domestic political and social issues continued.
In April, AhnLab ▲230407 information magazine.lnk ▲April 29, 2023 seminar.lnk ▲2023 individual evaluation.hwp.lnk ▲North Korean diplomat selection and overseas missions.lnk ▲North Korean foreign policy decision process.lnk They disclosed that they had discovered a camouflaged cyber attack.
East Security last February ‘[공정거래위원회] It was explained that an LNK file disguised as a Korean (HWP) file was attached to the spear phishing email distributed under the title of ‘Written fact-finding investigation prior notice notice’. Later, in May, it was announced that it had also detected malicious attachments such as ▲Washington Declaration, How helpful will it be in responding to the North Korean nuclear threat.lnk ▲Notice of regular tax investigation.hwp.lnk
The same applies to the Spear Phishing Email disguised by the National Tax Service recently discovered by the Genius Security Center (GSC).
According to GSC, the e-mail was disguised as a notification service sent by the National Tax Service mail center. Attached to the email is a compressed file named ‘Guidelines for submitting explanatory materials.zip’. There are a total of three files inside the compression, two of which are HWP Hancom Office documents, and the other one is an LNK file disguised as an HWP document. The name of the LNK file that executes the malicious command is ‘list of explanatory materials (Enforcement Rules of the National Tax Collection Act).hwp.lnk’. If the file is executed after decompression, a full-fledged malicious command is activated and the user’s personal information is leaked to the outside, resulting in damage.
◆LNK files attached to emails are suspicious… “You can’t just click on an arrow”
The security industry explained that users are more vulnerable to attacks that exploit LNK than attacks that target software vulnerabilities. Since LNK file creation is enabled as a default option when installing Windows, it means that recipients will click on it without question.
In particular, security experts explained that the primary prevention is not to click on ‘LNK contained in an email’.
Sometimes LNK files are disguised as document files such as HWP, so if you don’t see the ‘LNK’ extension, check if there is a ‘curled arrow’ in the file icon, and if it is there, you should not click it. LNK files have an arrow that curves slightly to the right at the bottom left of the file icon.
“In an attack that exploits LNK, one of the normal functions of Windows, it is not safe even if genuine software is used or the operating system is updated to the latest version,” said Moon Jong-hyun, head of Genience Security Center. is downloaded,” he explained.
☞ Sympathy Media Newsis [email protected] <저작권자ⓒ 공감언론 뉴시스통신사. 무단전재-재배포 금지.>
Copyright © Sympathetic Media Newsis News Agency. Unauthorized reproduction – redistribution prohibited