MICROSOFT SHORTCUT VULNERABILITY

17. July 2010, 16:34 | by WD Milner | Full Article |

Researchers have discovered a new variation on malware that piggybacks on USB storage devices and takes advantage of an (apparently) unknown security vulnerability in the manner Microsoft Windows processes shortcut files.

Microsoft has released an advisory about the flaw. Microsoft said it stems from a vulnerability in the “Windows shell” that is present in every supported version of Windows. The advisory includes steps that can mitigate the threat from this flaw.

Shortcut files (or those ending in the .lnk extension) are Windows files that link easy-to-recognize icons to specific executable programs, and are typically placed on the user’s Desktop or Start Menu. However, these malicious shortcut files are capable of executing automatically if they are written to a USB drive that is later accessed by Windows Explorer.

Sergey Ulasen from VirusBlokAda who discovered the exploit in the wild said the malware installs two driver files signed with the digital signature of Realtek Semiconductor Corp., a legitimate company. Ulasen said he contacted both Microsoft and Realtek but got no response from either. Jerry Bryant, group manager of response communications at Microsoft, told KrebsOnSecurity.com that “Microsoft is investigating new public claims of malware propagating via USB storage devices. When we have completed our investigations we will take appropriate action to protect users and the Internet ecosystem.”

If this is a new vulnerability in Windows, it could soon become a popular means to propogate malware. Currently the threat seems targeted as independent security researcher Frank Boldewin said dissected malware samples appeared to be looking for Siemens WinCC SCADA systems, or machines responsible for controlling the operations of large, distributed systems, such as manufacturing and power plants. “Looks like this malware was made for espionage,” Boldewin said.

Update 2010.07.20: Microsoft has requested that Verisign and Realtek revoke the stolen certificate used to sign the drivers and both have done so.

- 30 -

Categories: ,
Keywords: Microsoft,shortcut,exploit,vulnerability,USB

Comments


 



Textile help
 
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.

 

Article & Comments


Comments are not enabled for all articles or documents.

Article Navigation
|

Categories

Business
Communications
Electronics
Entertainment
Environment
Government
Internet and WWW
Miscellany
Music and Audio
News
Photography
Privacy
Psychology
Security
Society and Culture
Stage and Screen
Technology
Theology
Tips and Tricks
Web Design
Web Site


The Birches - Milner.ca Support Child Safety Online

 

 
 
 Help to FIGHT spam!
 • 
  •
•••