Thursday, 15 July 2010

Windows Zero Day on Shortcut Files

A new Windows Vulnerability is found by VirusBlokda researchers .
The Vulnerability exists in Windows Shortcut files, its basically new way of Autorunning your file even after disabling the Windows autorun feature.

This was actually exploited by a malware which is detected as Trojan Spy . There is an interesting analysis done by Kaspersky here.

Analysis says that the malware drops shortcut files (or .lnk files) and dlls (named as .tmp files ) on the infected USB drive besides other malware ( which is detected as Stuxnet/Rootkit). If you insert the infected USB drive on a clean machine and open the drive in explorer (or similar ) the malware gets executed. The init function in the dll and shortcut file makes the malware to run automatically without clicking on the file.

As of now Microsoft are working on this issue, all users should be careful not to open suspicious files or USB drives on machine.

No comments:

Post a Comment