I published the following diary on isc.sans.edu: “Infected With a .reg File“:
Yesterday, I reported a piece of malware that uses archive.org to fetch its next stage. Today, I spotted another file that is also interesting: A Windows Registry file (with a “.reg” extension). Such files are text files created by exporting values from the Registry (export) but they can also and can also be used to add or change values in the Registry (import). Being text files, they don’t look suspicious… [Read more]
