Feeds

Windows Shortcut Flaw underpins power plant Trojan

Dangerous lnk to spying

5 things you didn’t know about cloud backup

Hackers have developed malware that spreads via USB sticks using a previously unknown security weakness involving Windows' handling of shortcut files.

Malware targeting the security weakness in the handling of 'lnk shortcut files has been spotted in the wild by Belarus-based security firm VirusBlokAda. The malware uses rootkit-style functionality to mask its presence on infected systems. These rootlet drivers come digitally signed by legitimate software developer Realtek Semiconductor, a further mark of the sophistication of the attack.

In an advisory, VirusBlokAda says it has seen numerous incidents of the Trojan spy payloads dropped by the malware since adding detection for the malign code last month.

Even fully patched Windows 7 systems are vulnerable to attack in cases where a user views files on an infected USB drive using Windows Explorer, security blogger Brian Krebs reports. Instead of using Windows Autoplay to spread the malware takes advantage of security weaknesses involving shortcut files. Malicious shortcuts on the USB are reportedly capable of auto-executing if users open an infected storage device on Windows Explorer. Normally users would have to click on the link for anything to happen.

Independent researcher Frank Boldewin has uncovered evidence that the malware is targeting SCADA control systems, used to control industrial machinery in power plants and factories, and specifically Siemens WinCC SCADA systems.

"Looks like this malware was made for espionage," Boldewin writes.

Firms faced with a spate of Windows autorun worms have responded by disabling autorun, but this advice may no longer be enough with the appearance of a new attack vector, Finnish security firm F-Secure warns. "Our initial analysis of the samples appears to indicate that the shortcuts somehow take advantage of the way in which Windows handles Control Panel shortcut files," it adds.

Microsoft is reportedly in the process of investigating the apparent security flaw underpinning the attack. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.