Simple clear advice in plain English

Sophos finds malware vulnerability in Windows

Malware appears designed to exploit how Windows handles .LNK shortcut files

image of a usb stick
hardware/siemens/siemens-gigaset-m34-usb

Sophos is reporting a vulnerability in Windows that will allow malicious software to run automatically on a PC even if Windows Autoplay and Autorun features have been disabled.

The security company said the Stuxnet rootkit can install itself automatically from a USB memory stick even if a PC is fully patched.

This is because the rootkit exploits a vulnerability in the way Windows handles .LNK shortcut files, that allows them to execute automatically if the USB stick is accessed by Windows Explorer.

Once the rootkit is in place it effectively enters 'stealth-mode', cloaking its presence on the infected PC.

Graham Cluley, senior technology consultant at Sophos said: "Threats such as the infamous Conficker worm have spread very successfully via USB devices in the past, but were in part reduced by disabling Autoplay.

“The risk is that more malware will take advantage of the zero-day exploit used by the Stuxnet rootkit, taking things to a whole new level.

"The exploit is still being analysed by the security community, but there are disturbing suggestions that the malware could be trying to access data specific to Siemens Scada systems – software that controls national critical infrastructure."

However he said that at the moment it was “important not to overreact to this threat” because the risk to Scada systems has not been fully analysed. Plus the fact that Scada systems are involved means everyone will be examining the attack closely.

“Eyes will also be turned to Microsoft to see how they will respond to what appears to be another unpatched vulnerability in their code that is being exploited by hackers,” said Cluley

Sophos detects the malicious files involved in the attack as W32/Stuxnet-B. More information and a full description of how the attack works, is available on Chet Wisniewski’s blog.

Article tags

Reader Comments

   

Add your comment

All fields must be completed. Your email address will not be displayed or used to send marketing messages.

All messages will be checked by moderators before appearing on the site.

See our Privacy Policy for more information.

Related articles

PC help: Stop starting

Stop unwanted programs from starting automatically

Sony addresses USB key flaw

Download intended to fix problem in older models of Microvault USB keys

q-a-logo

Block the Autorun feature in Windows

Stop Windows from displaying Autorun messages when you insert CDs or USB memory keys

Question & Answer

Q.Why are some of the keys on my keyboard doing strange...

> Read the answer

Q.Is my phone’s Bluetooth any use?

> Read the answer

Q.Can I switch boot drives so that I can work on older...

> Read the answer

Best deals on the web

img

Samsung RV520-A07

£359.98- Buy it now

img

Acer Aspire 5750G (LX.RXP02.019)

£399.99- Buy it now

img

Apple MacBook Pro (MD313B/A)

£904.37- Buy it now

Latest issue & subscription deals

Poll

Are you concerned about viruses that target mobile phones?

Jargon Buster

Computing terms explained in plain English

CAD

Computer Aided Design. Software used to create 3D models.

Great shopping deals from Computeractive