[SANS ISC] Infected With a .reg File

I published the following diary on isc.sans.edu: “Infected With a .reg File“:

Yesterday, I reported a piece of malware that uses archive.org to fetch its next stage. Today, I spotted another file that is also interesting: A Windows Registry file (with a “.reg” extension). Such files are text files created by exporting values from the Registry (export) but they can also and can also be used to add or change values in the Registry (import). Being text files, they don’t look suspicious… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.