Dangerous New Exploit Has Computer Security Experts Very Concerned

It’s the end of the world! Well, maybe not, but..

A dangerous exploit was released over the past few days for Windows computers that could be extremely serious. How serious?

The Internet Storm Center has raised the Infocon Threat Level to Yellow.

The last time that they have listed for raising the Threat Level was back in 2006. The Internet Storm Center is a group that provides professional computer security training and they monitor malware and security issues and keep an eye on global malware trends and attacks.

Yellow Alert
Internet Storm Center Yellow Alert

What is the lnk Windows Exploit that is causing such concern?

The problem is with lnk files. These are the Windows “shortcuts” we use on the desktop. Basically, they are pointers to the actual file, directory, or device (like a drive) that you can make so you find things easier in your computer. When you make a shortcut, Windows makes a little icon where you place the shortcut so you can click right there instead of having to go to the place in your computer it is actually stored.

You might have a shortcut to a letter that you use a lot on your desktop while the actual letter is save in your “My Documents” folder. That way you can open the letter whenever you need to with out having to open My Documents first. Shortcuts save time. So your computer knows it is a shortcut it saves it as a .lnk file (link).

The problem is when Windows cannot find the icon for the .lnk file or shortcut.

It allows a program to run instead. This allows malware to run instead of showing the icon a .lnk is supposed to show you. If a type of malware called a rootkit is run this way it will install  itself faster than your eye can see and then hide itself from all attempts to find it. The attacker can then get any information on the computer and spy on you, as well as use your computer for other nefarious means.

At this point, this attack uses USB drives and network shares to work.

Remember that many things can be used with USB that could contain the code used and the computer is infected just by plugging the USB device in. Phones, flash drives, GPS, and even battery chargers are USB devices. No human intervention is needed for the malware to install. Just plug it in and it works.

What should you do to prevent a .lnk infection?

At the moment not too much, and that is the main concern. Make sure your anti-virus is running and is updated is the easiest thing. Other options right now are very complicated and will affect the way you use computers (Microsoft is recommending to stop icons for shortcuts-not too easy to live with for most of us and hard to fix). The other help is to disable auto-run (also complicated to do). You can also avoid letting your friends use a USB drive on your computer.  There is concern that anti-virus make not be enough to stop this.

The only full solution will come when Microsoft releases a patch for this.

Make sure you keep an eye out for the patch. Hopefully, Microsoft will release one soon. I’ll make sure to let you know here as soon as one is out. If you are a free subscriber to the site you’ll know right away when I update the site.

Enhanced by Zemanta