Pingback, a New Attack that Uses DLL Hijacking in Windows

A new threat hits Windows. It is Pingback , a malware that uses the Internet Control Message Protocol (ICMP) to carry out command and control activities. It is capable of loading malicious DLLs and putting users’ safety at risk. We are going to give some important tips on how we can protect ourselves from this problem and always remain safe.

Pingback, a new malware that affects Windows

Keep in mind that Windows 10 is today the most widely used operating system on desktop computers. This means that when a new threat appears, many users can be affected. We must therefore take precautions and not have problems.

Pingback

Trustwave security researchers who have discovered this problem have dubbed the malware Pingback. It affects 64-bit Windows systems and as we have stated it relies on DLL hijacking to achieve its goal.

This malware targets the Internet Control Message Protocol , something that is used by the ping command and by traceroute, in Windows. Specifically, it uses a 66 KB file with the name oci.dll and places it in the System folder through another attack vector or process.

However, as security researchers point out, this threat was not loaded via rundll32.exe, as usual, but via DLL hijacking . This is a technique used by cybercriminals to sneak a malicious DLL into a folder that the operating system will trust and thus get a legitimate application to run it.

Specifically, hackers have used the Microsoft Distributed Transaction Control (msdtc) process to run oci.dll, the malicious file. The actual oci.dll file is an Oracle library.

Ataque Pingback

Entry method unknown

At the time of writing, security researchers are unaware of exactly how they could have introduced the malicious oci.dll file. However, they suspect that it may be through another malware sample, Updata.exe .

This threat, once launched through msdtc, uses ICMP to receive commands from its server. The researchers also indicate that Pingback remains hidden from users, so that is an advantage in the face of attackers. By not using TCP or UDP it is more difficult to detect by certain tools.

Once again we can see the importance of always keeping our equipment safe . It is very important to have the system updated, as this will prevent vulnerabilities that can be exploited by hackers to launch their attacks. It is the developers themselves who release these patches to correct problems. We must prevent them from entering the computer and can attack us.

But it is also essential to have security programs . A good antivirus, firewall, and other tools can help us avoid problems. They help us analyze files that may be malicious and seriously compromise our security.

Another essential issue is common sense . Keep in mind that in most cases hackers will require user interaction to execute their threats. We must avoid making mistakes that may affect us.