It’s the end of the world! Well, maybe not, but..
A dangerous exploit was released over the past few days for Windows computers that could be extremely serious. How serious?
The Internet Storm Center has raised the Infocon Threat Level to Yellow.
The last time that they have listed for raising the Threat Level was back in 2006. The Internet Storm Center is a group that provides professional computer security training and they monitor malware and security issues and keep an eye on global malware trends and attacks.
Internet Storm Center Yellow Alert
What is the lnk Windows Exploit that is causing such concern?
The problem is with lnk files. These are the Windows “shortcuts” we use on the desktop. Basically, they are pointers to the actual file, directory, or device (like a drive) that you can make so you find things easier in your computer. When you make a shortcut, Windows makes a little icon where you place the shortcut so you can click right there instead of having to go to the place in your computer it is actually stored.
You might have a shortcut to a letter that you use a lot on your desktop while the actual letter is save in your “My Documents” folder. That way you can open the letter whenever you need to with out having to open My Documents first. Shortcuts save time. So your computer knows it is a shortcut it saves it as a .lnk file (link).
The problem is when Windows cannot find the icon for the .lnk file or shortcut.
It allows a program to run instead. This allows malware to run instead of showing the icon a .lnk is supposed to show you. If a type of malware called a rootkit is run this way it will install itself faster than your eye can see and then hide itself from all attempts to find it. The attacker can then get any information on the computer and spy on you, as well as use your computer for other nefarious means.
At this point, this attack uses USB drives and network shares to work.
Remember that many things can be used with USB that could contain the code used and the computer is infected just by plugging the USB device in. Phones, flash drives, GPS, and even battery chargers are USB devices. No human intervention is needed for the malware to install. Just plug it in and it works.
What should you do to prevent a .lnk infection?
At the moment not too much, and that is the main concern. Make sure your anti-virus is running and is updated is the easiest thing. Other options right now are very complicated and will affect the way you use computers (Microsoft is recommending to stop icons for shortcuts-not too easy to live with for most of us and hard to fix). The other help is to disable auto-run (also complicated to do). You can also avoid letting your friends use a USB drive on your computer. There is concern that anti-virus make not be enough to stop this.
The only full solution will come when Microsoft releases a patch for this.
Make sure you keep an eye out for the patch. Hopefully, Microsoft will release one soon. I’ll make sure to let you know here as soon as one is out. If you are a free subscriber to the site you’ll know right away when I update the site.
Scary
If we see, viruses don’t originate themselves and are spread through network or USB so it kinda amazes me that most of the people don’t use Firewalls to prevent viruses from network because anti-virus is supposed to only remove virus and stop the virus from harming your system but firewall won’t let it enter in your system.
Using Firewall is a bit difficult than using anti-virus and you’ve to know what your doing but it is worth it in my opinion. You just have to figure it out once and then it should all be easier.
Also, you should use a limited user account on Windows for your daily use and not Administrator account as it will give viruses full access to your system files.
Actually, the Stuxnet (often referred to as the power company worm because it targets imbedded computers like the ones used in their equipment) was initially spread by USB and there are indications that USB spread malware caused some problems with the US Department of Defense (they no longer allow USB devices). In effect, they are a great way around a firewall.
The exploit above was eventually modified to use web sites.
Firewalls themselves are proving less and less effective. I cleaned malware off a number of corporate firewall protected computers (with AV).
The limited user account is a very good suggestion. It can make a big difference. Unfortunately, on many computers, some accounts and even the Administrator account are not even password protected or use very weak passwords.
There has been a patch for the above vulnerability our for a while. The exploit sidestepped any limited account using what is called privilege escalation. That is why there was such a concern about it.
Keeping your computer updated, no matter what OS, is the most basic and important protection you can get.