Search & Spoof: Abuse of Windows Search to Redirect to Malware

June 11, 2024, 2 p.m.


Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiates with a suspicious email containing an HTML attachment masquerading as a routine document like an invoice. Once opened, the HTML file abuses standard web protocols to exploit Windows system functionalities, utilizing techniques such as automatic page redirection and clickable links to trigger a search exploit. By exploiting the search protocol, the attack retrieves malicious files disguised as legitimate documents from a remote server, ultimately leading to the potential execution of additional malicious operations.


Published Created Modified
June 11, 2024, 1:36 p.m. June 11, 2024, 1:36 p.m. June 11, 2024, 2 p.m.


Attack Patterns