The zero-day vulnerability appears to be designed for industrial espionage.
Image Gallery: Windows 7 Revealed
(click image for larger view)
Image Gallery: Windows 7 Revealed
Microsoft on Friday issued a Security Advisory stating that it is investigating limited attempts to exploit a vulnerability in the Windows Shell.
The zero-day vulnerability was disclosed last week by Belorussian antivirus company, VirusBlokAda. It takes advantage of Windows shortcut files by making them execute automatically when accessed from a USB drive via Windows Explorer.
The Stuxnet malware, which is believed to have been circulating for about a month, attempts to exploit this vulnerability.
Stuxnet "takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system," explains Microsoft on its Malware Protection Center blog. "In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction."
Microsoft says that Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008 are affected.
As workarounds to mitigate the risk of compromise, Microsoft is recommending that administrators disable the display of icons for shortcuts, and disable the WebClient service.
On Sunday, proof-of-concept exploit code was posted at exploit-db.com.
According to computer researcher Frank Boldewin, the malware also targets Siemens SCADA WinCC, an industrial process control system, and its visualization components.
This is precisely the sort of system that government critical infrastructure protection initiatives aim to secure.
The sophistication of the malware's creator is also evident in the code's apparent appropriation of a digital signature from a legitimate chip maker, Taiwan's RealTek Semiconductors, to help install malicious drivers.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024