Friday, July 23, 2010

LNK Vulnerability in Windows: Attack Wave Approaches

Via -

The critical vulnerability in the code for processing short-cuts (.lnk files) in all versions of Windows remains unpatched, attracting a growing number of exploits. At least two further malicious programs are now targeting the vulnerability, and the number of undetected cases is likely to be much higher. While the first .lnk trojan, Stuxnet, appeared to be the result of professional industrial espionage, new worms are not as selective in terms of their targets.


A few days ago, Microsoft added that specially crafted short-cuts for executing malicious code can also be embedded in Office documents. Furthermore, .lnk files are not the only file type affected: According to Microsoft's updated advisory, PIFs (Program Information Files) are also vulnerable. Core Security said it had` found a way of exploiting the hole via emails, although the security firm hasn't provided any details.


These new families represent a major transition: Win32/Stuxnet demonstrates
a number of novel and interesting features apart from the original 0-day LNK
vulnerability, such as its association with the targeting of Siemens control
software on SCADA sites and the use of stolen digital certificates, However, the
new malware we're seeing is far less sophisticated, and suggests bottom feeders
seizing on techniques developed by others.

No comments:

Post a Comment