.. /.Bgi

Exploit
Script
Phishing

Author:

Dolev Taler

Description:

BGInfo is a tool that is part of Sysinternals. It allows you to display the machine's configuration info on the desktop wallpaper. The OS will automatically associate the BGInfo application with the .bgi extension when it's first executed. Any .bgi files that a user double clicks will automatically run using the BGInfo executable without prompting the user.

OS:

Windows

Recommendation:

Block BGinfo if not used in the organization. If so, also block .BGI files.

Resources:

https://www.varonis.com/blog/exploiting-bginfo-to-infiltrate-a-corporate-network/

File Samples:

Contributions: