SCR attack
On Mon, 2 Dec 2019 15:59:49 -0500, Mayayana wrote:
Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.
I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\
I don't know of any reason for screensavers to still exist.
I certainly don't use them.
I'd suggest not associate it with `txtfile`, since by default, it will be
opened using Notepad, and Notepad can be very slow when loading a binary
file. If the file is about half MB or more, you'll just get a frozen Notepad
- and you'll end up having to use Task Manager to terminate it. So, either
remove the SCR file association, or associate it with a non existing
program, or a program which simply display a message dialog saying that it's
not allowed to be run.
|