Microsoft Releases Security Advisory for .LNK Bug Under Attack
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Microsoft Releases Security Advisory for .LNK Bug Under Attack

Written By
Brian Prince
Brian Prince
Jul 17, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft issued an advisory today to address a zero-day vulnerability linked to a Trojan spreading through infected USB devices.

According to Microsoft, the vulnerability at the center of the reports exists because Windows incorrectly parses shortcuts in a way that allows malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives.

For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited, Microsoft said. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.

Security vendor VirusBlokAda reported that a Trojan is using the vulnerability to propagate through infected USB devices. The malware uses rootkit functionality to hide itself, the vendor said.

Microsoft said so far it is only seeing limited, targeted attacks exploiting the vulnerability.

Independent security researcher Frank Boldewin reported finding evidence the malware is targeting Siemens SCADA software, meaning it could be meant for industrial espionage. An initial analysis by Symantec also revealed references to software used on SCADA systems, but the vendor said it is still investigating.

“We’re currently investigating this threat, which Symantec detects as W32.Temphid,” said Dave Cowings, senior manager of operations for Symantec Security Response, told eWEEK. “Based on our initial analysis, however, we can say that this threat is clearly not something that was created overnight…Users accessing the USB device only see LNK files (i.e. links or shortcuts) with legitimate looking icons. When a user clicks on one of these LNK files, the hidden malicious payload is triggered into action.”

Malware that spreads via USB devices is really a double-edged sword, Cowings added. On one hand, such devices are often transferred from one machine to another, but this also requires physical action on the part of the user.

“This human interaction element may in some cases be a mitigating factor to widespread distribution of such threats,” he said.

As a workaround, Microsoft suggested users disable the displaying of icons. Users can also disable the WebClient Service by following instructions contained within the advisory.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information