Peaches Posted July 21, 2010 Report Share Posted July 21, 2010 USB Worm Exploits Windows Shortcut VulnerabilityJust recently, reports were released about a new kind of malware propagating through removable drives. The said malware exploits a newly discovered vulnerability in shortcut files, which allows random code to be executed on the user’s system. Microsoft has officially acknowledged the vulnerability and released a security advisory.Our engineers were able to take hold of a sample of this malware, which is now detected as WORM_STUXNET.A, and analyze its routines. Here is a summary of their findings:PropagationInstead of dropping an AUTORUN.INF file and a copy of itself into removable and fixed drives, WORM_STUXNET.A drops a .LNK file—a shortcut file that points to an executable file—into the drives instead. The dropped .LNK file exploits this vulnerability to drop a new copy WORM_STUXNET.A onto other systems. Trend Micro detects these .LNK files as LNK_STUXNET.A.[n]Stealth CapabilitiesApart from dropping copies of itself onto removable drives, this worm also drops a rootkit, which is now detected as RTKT_STUXNET.A, which it uses to hide its routines. This enables the worm to remain unnoticed by the user and to make analysis harder for researchers.Full details - http://blog.trendmicro.com/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.