USB malware flaw hits Windows
By Nicole Kobie
Posted on 19 Jul 2010 at 09:11
A new type of malware is targeting Microsoft operating systems via infected USB drives.
The newly discovered Stuxnet malware uses a flaw in Windows to infect PCs using shortcut icons, Microsoft said.
"The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut," Microsoft said in a security warning. "This vulnerability is most likely to be exploited through removable drives."
"Currently, we have seen only limited, targeted attacks on this vulnerability," Microsoft added, but said it expects other malware writers to start using the USB shortcut flaw too.
Security firm Trend Micro agreed. "Despite the numerous potential techniques for proliferation being offered by the web, USB malware continue to be distributed by cybercriminals, which only proves their effectiveness," JM Hipolito wrote on the Trend Micro blog.
The flaw affects Windows OSes from XP to 7, as well as Server 2003 and 2008. Microsoft has issued a pair of workarounds, advising users to disable the icon for shortcuts or the WebClient service, which it sees as the "most likely remote attack vector."
Is your business a social business? For helpful info and tips visit our hub.
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- Apple Watch, iPhone 6 and 6 Plus: Tim Cook's Apple back with a bang?
- BT Home Hub 5: how to get maximum speed
- 20 years of PC Pro: one-star reviews (including "the worst tablet we've ever seen")
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords