Shortcut

(get it in RSS or Atom)

Microsoft readies emergency patch for Shortcut zero-day flaw

Microsoft readies emergency patch for Shortcut zero-day flaw

Updated Good news from Microsoft. It has announced that it plans to release an emergency out-of-band update to patch a critical Windows security vulnerability that is being actively exploited by malware. The so-called Shortcut exploit is being exploited by specially Read more…

Sality Links and shortcut exploit

Shortcut exploit: protect against it with this free tool

Shortcut exploits have made the news in malware circles this month. After Stuxnet first used them, it wasn't long before other malware started exploiting the zero-day vulnerability - Sality is among their numbers. The authors of the Sality family added Read more…

Shortcut exploit: protect against it with this free tool

Shortcut exploit: protect against it with this free tool

Sophos engineers have been busy developing and testing a free tool that protects users from malware exploiting the critical zero-day vulnerability known as the "Shortcut exploit". We have begun to see more hackers taking advantage of the exploit, spreading malware Read more…

Shortcut exploit still quiet - Keep your fingers crossed

Windows shortcut splat

I have been closely monitoring the recently disclosed vulnerability in the method that all versions of Windows use to render shortcuts. Fortunately, no major attacks aside from Stuxnet have had much success, but we are starting to see malware authors Read more…

More malware exploiting Windows shortcut vulnerability

More malware exploiting Windows shortcut vulnerability

It probably won't come as a surprise to anyone, but more evidence has come to light that cybercriminals are actively exploiting the Windows shortcut vulnerability (also known as CVE-2010-2568). Like the earlier Stuxnet attack, more examples of specially crafted shortcut Read more…

Malicious shortcuts: now documents and webpages are risky too

Malicious shortcuts: now documents and webpages are risky too

There's more bad news for those troubled by the Microsoft zero-day vulnerability that allows a Windows shortcut link, known as an .LNK file, to run malicious code whenever Windows displays their icon. The Shortcut exploit is well known to be Read more…

CPLINK and Stuxnet – there is a silver lining

Image (1) heads-and-tails.jpg for post 1579

In case you've missed the big security story of the past few days, it's all about the Stuxnet malware, which brought to the world's attention a rather naughty bug in Windows – the "CPLINK shortcut vulnerability", or just CPLINK for Read more…

Yes, there's malware. But don't change your SCADA password, advises Siemens

Yes, there's malware. But don't change your SCADA password, advises Siemens

If you were in charge of some critical infrastructure (such as a power plant or manufacturing facility) and there was some malware which exploited a zero-day vulnerability in Windows which targeted your systems you might be pretty concerned, right? In Read more…

Windows zero-day attack works on all Windows systems

Directory listing of infected USB key

Update: I have recorded a new more detailed video of the infection. Other minor edits as well. For additional information on this threat see Windows zero-day vulnerability uses shortcut files on USB. It's been a busy 24 hours looking into Read more…

Windows zero-day vulnerability uses shortcut files on USB

Malicious link

The security community was buzzing today about a potential new zero-day vulnerability in Windows. The attack that exploits the vulnerability was originally discovered by VirusBlokAda in Belarus. It contains several components and is still being analyzed by SophosLabs. It starts Read more…