Hello, how are you? Security is a fundamental concern for all users of an operating system. In fact, this aspect has been strongly criticized in Windows 10. However, security tools have been improving their effectiveness over time. Similarly, Microsoft strives to increase the privacy and security of its operating system. Nevertheless, hackers are also refining their methods to bypass protection. I recently told you about a new type of ransomware that steals information in Windows 10. Today I’m telling you about a threat called BILOAD. This threat attacks windows without being detected.
BILOAD, a new undetectable threat for Windows 10
Windows 10 is the operating system with more users worldwide. Consequently, it is the main target of computer attackers. It is logical that they seek to harm the greatest number of users. For that reason, this threat is designed to affect Microsoft’s operating system. An interesting and especially dangerous element of this threat is that it is really difficult to detect. Since its operation is similar to the BOOSTWRITE tool of FIN7. This is based on the search of DLLs of the applications to be executed. In this case, BOOSTWRITE uses the legitimate Dwrite.dll
We could say that BILOAD is the evolution of BOOSTWRITE. Both threats use the same code base and open the back door of Carbanak. Similarly, they take advantage of Windows operation to search for the DLLs needed to load a program. Specifically, attackers exploit the DLL lookup by placing the fake version of WinBio.dll in the same FaceFodUninstaller %WINDR%\ System32\WinBioPlugIns folder. In this way, they place the file necessary to have elevated privileges on the victim’s computer. For now, this threat only affects Windows 10 64-bit operating systems.
Most antivirus programs do not detect BILOAD.
As mentioned at the beginning, the behavior of this threat makes it almost undetectable. This represents a major problem since most users rely on their antivirus suite to be protected. For that reason, additional measures need to be taken to be protected. First, the user must have common sense. Most of these problems are caused by the misuse of the system. For example, downloading software from unofficial sources, opening unreliable attachments in emails. Similarly, browsing websites of dubious reputation. It is vital to use common sense and not to put the computer at risk.
Additionally, it is highly recommended keeping the operating system correctly updated. Sometimes, vulnerabilities arise that are exploited by hackers. In the final analysis, we’ve seen this threat attack Windows without being detected. I hope that with this advice, you will be vigilant in protecting the operating system from this silent threat. That’s all for now. I’ll see you soon.