Peaches Posted July 16, 2010 Report Share Posted July 16, 2010 15 July 2010, 16:28Trojan spreads via new Windows hole The trojan carries a valid, digital signature from "Realtek". Anti-virus specialists report that a new trojan is spreading via USB flash drives, apparently exploiting a previously unknown hole in Windows. According to analyses by Belarusian AV vendor VirusBlokAda, a copy of the trojan managed to infect a fully patched Windows 7 system (32-bit) without having to resort to such common auto-start tools as autorun.inf when a Flash drive carrying the trojan was plugged in. Instead of spreading through auto-start, the malware exploits a flaw in the code for processing short-cuts (.lnk files): Once the relevant icon is displayed in Windows Explorer, malicious code is launched without any further user interaction. The trojan exploits this to install two drivers with rootkit functions designed to hide its subsequent activities within the system. Interestingly, both drivers are signed with a code-signing key by vendor RealTek and can, therefore, be installed on a system without triggering an alert. Only recently, AV vendor F-Secure pointed out that the amount of signed malware for Windows is increasing. In some cases, digital keys have even been stolen from developers. More plus screenshot - http://www.h-online....le-1038992.html Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.