DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry
Dynamic-link library (DLL) side-loading is an increasingly popular cyber attack method that takes advantage of how Microsoft Windows applications handle DLL files. In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file. Software publishers must remain alert to any DLL-side-loading vulnerabilities in their products.
Supporting research describes the history of DLL Sideloading and its role in the malware and software engineering arenas. And also examine evolving trends along with similarities and differences between DLL Search-Order Hijacking, DLLHijacking, DLL pre-loading, and DLL side-loading.
Staying aware of this potential attack vector and heeding the recommendations outlined can help reduce opportunities for malware authors to use them for hard-to-detect malware. This report includes insight into this attack method and measures to take to ensure legitimate files are not exploited.