Detect DLL Hijacks on Windows

March 26, 2015 – 6:30 PM

DLL hijacking is an attack that makes applications load malicious dynamic link libraries instead of the intended — clean and legit — library on a Windows system.

Programs that don’t specify paths to libraries are vulnerable to DLL hijacking as Windows uses a priority based search order in this case to load libraries.

If attackers manage to place malicious libraries in a location with a high priority, then it will be loaded by the application.

Users cannot really do anything about this as it is not clear if paths are set properly or not in applications that they run on the system. It is up to programmers to make sure paths are set properly in the programs before they are released to the public.

As an end user, you can use a program like Dll Hijack Detect to scan the computer system for potential hijacks.

The program identifies all DLLs loaded by running processes on the system. It inspects all library locations where malicious files could be placed and checks in addition if a loaded library appears multiple times in the search order, determines which library is currently loaded and warns you if hijacks are possible.

Source:
http://www.ghacks.net/2015/03/26/detect-dll-hijacks-on-windows/