Skip to navigation
Latest News

USB malware flaw hits Windows

USB stick

By Nicole Kobie

Posted on 19 Jul 2010 at 09:11

A new type of malware is targeting Microsoft operating systems via infected USB drives.

The newly discovered Stuxnet malware uses a flaw in Windows to infect PCs using shortcut icons, Microsoft said.

"The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut," Microsoft said in a security warning. "This vulnerability is most likely to be exploited through removable drives."

"Currently, we have seen only limited, targeted attacks on this vulnerability," Microsoft added, but said it expects other malware writers to start using the USB shortcut flaw too.

Security firm Trend Micro agreed. "Despite the numerous potential techniques for proliferation being offered by the web, USB malware continue to be distributed by cybercriminals, which only proves their effectiveness," JM Hipolito wrote on the Trend Micro blog.

The flaw affects Windows OSes from XP to 7, as well as Server 2003 and 2008. Microsoft has issued a pair of workarounds, advising users to disable the icon for shortcuts or the WebClient service, which it sees as the "most likely remote attack vector."

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
Be the first to comment this article

You need to Login or Register to comment.



Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing


Sponsored Links

Your email:

Your password:

remember me


Hitwise Top 10 Website 2010

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.