Tuesday,25 February, 2025

Subscribe to Newsletter
HOME
 		  NEWS
 		  Knowledge Center
 		 
News

Trend Micro Threat Advisory: A Shortcut To Infection

Published Jul 21, 2010

Trend Micro TrendLabs warns of an active criminal attack associated with the as yet unpatched vulnerability that exposes all users of all current versions of Microsoft Windows to the risk of attack and infection.

Notably, the malware that first exploited this vulnerability appeared to be highly targeted toward SCADA systems. These systems are routinely used in the control of utilities such as power and water and also in large scale manufacturing.

The vulnerability means that a user who views the contents of a folder containing a shortcut, is at risk of potential infection without ever double-clicking or viewing a document. Auto-run capabilities of USB drives is what really makes this threat dangerous as purely plugging in a USB stick which automatically displays folders could infect a user.

While this vulnerability is most likely to be exploited through removable drives users should be on their guard against all shortcut files whose authenticity they cannot guarantee. This same vulnerability could potentially be exploited through contaminated file shares or something as simple as a malicious compressed archive such as a zip file.

Instead of dropping an AUTORUN.INF file and a copy of itself into removable and fixed drives, the malware used in this attack drops a .LNK file a shortcut file that points to an executable file into the drives instead. The dropped .LNK file exploits this vulnerability to drop a new copy of the malware (WORM_STUXNET.A) onto other systems.

Additionally, this worm also drops a rootkit, which it uses to hide its routines. This enables the worm to remain unnoticed by the user and to make analysis harder for researchers.

A working exploit for this vulnerability is now in open distribution, so further attacks are likely. Advice is provided in the Microsoft Security Advisory 2286198 including how to disable the display of icons for shortcuts and disable the WebClient service until such times that a patch is available.

Users of the Trend Micro Smart Protection Network have been protected against the malicious code used in this attack since last Thursday 15th July. Other users can run Trend Micro HouseCall to check for and clean up infections.


Rate This:

Posted by VMD - [Virtual Marketing Department]

Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution
  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam
  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email
  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy
  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains
  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments
  Rackspace Wins 2017 Red Hat Innovator of the Year Award
  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work
  4 Tech Hacks to Faster Customer Onboarding
  New Mimecast Report Detects 400% Increase in Impersonation Attacks
Contact Us
Site Map
News RSS
Terms of Use

Developed & Managed By ROOT Technologies - Copyrights ROOT Technologies - All Rights Reserved.