"Phishing Emails Abuse Windows Search Protocol to Push Malicious Scripts"
"Phishing Emails Abuse Windows Search Protocol to Push Malicious Scripts"
In a new phishing campaign, HTML attachments abusing the Windows Search protocol are used to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier (URI) that lets applications open Windows Explorer to perform searches with specific parameters. Most Windows searches will use the local device's index. However, Windows Search can be forced to query file shares on remote hosts and apply a custom title for the search window. Prof. Dr.