Vulnerability Management

Squiblydoo exploits Microsoft OS to remotely run script

Share

Squiblydoo may sound like a crossover episode featuring Squidward and Scooby Doo, but researchers at Carbon Black say Squiblydoo is actually a brand new and very potent exploitation technique.

Carbon Black's report noted that Squiblydoo allows users with normal privileges to execute script on a remote server using Microsoft binaries. Specifically the exploit uses binary regsvr32.exe to download an XML file containing scriptlets that allow the hacker to execute code on the victim's computer.

Squiblydoo manages to evade detection because the script is hosted remotely and is run by a legitimate Microsoft binary.

It is “designed to bypass application whitelisting software by utilizing tools that are built into the operating system by default. In other words, Squiblydoo provides a way for an unapproved scripts to run on a machine that is setup to allow only approved scripts to run,” Carbon Black said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.