Yet, the file is truly discussed as an ISO which is also embedded with spoofed Microsoft Compiled HTML Help files and an “app.exe.” executable for the Vidar spyware.

A new email malware campaign hides a malicious payload in what appears to be a Microsoft Compiled HTML Help file. A new email campaign designed to spread the Vidar spyware package uses a novel ...

I just opened a help file (Windows 2000's main one), selected two different pages, right-clicked and checked properties, and came up with 2 different locations.

The CHM format is a Microsoft online extension file for accessing documentation and help files, and the compressed HTML format may hold text, images, tables, and links -- when used legitimately.

Threat actors are hiding Vidar spyware inside Microsoft Compiled HTML Help (CHM) files as part of an email spam campaign. Vidar can be used to steal information from a computer, such as user data.

The HTML Help control (HHCtrl) includes a method marked “safe for scripting” that can launch any application. That’s something that you really do not want a hostile user to be able to do to you.

The help file exploit is moderate for desktop Windows and low for Internet and intranet servers. Patches are available for 98 and 98 SE, XP, NT 4, NT 4 Terminal Edition and 2000.