Stuxnet – Shortcut to Malware

On July 16, 2010, Microsoft Malware Protection Center revealed a new breed of malware which, as one would have expected, is designed to exploit Windows PC users. This particular breed is referred to as Stuxnet. Removing all the technical complications, it becomes clear that this is going to be the worst variant of malware ever faced. Reason? It takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system. In other words, simply browsing to the removable media drive runs the malware without any additional user interaction.

Now this is scary. Previously, malware used to travel via specially crafted “autorun.inf” files, and disabling Autorun feature in Windows was an effective measure. Soon, many software applications spawned, which would block the autorun.inf files and delete the malware associated with it. Antimalware software vendors also included such a feature in their products and earned a fortune in a pursuit to provide total system protection.

However, in this case, nothing of this sort can be done. The solution might lie in a forthcoming Windows security update. I worry about users who have pirated copies of Windows installed, since they would have disabled automatic updates in order to escape the elusive WGA update.

The following operating operating systems can be infected by this issue:

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista Service Pack 1 and Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Server 2008 R2 for Itanium-based Systems

The suggested workaround by the MMPC team is pretty impractical. The solution that is suggested will display a white patch instead of all the shortcuts. Which means, the desktop, start menu and all other places where there are shortcuts will be “pictureless” and users will have to rely on the “Textual Description” to find a particular program.

What a bother… as AV companies work, loosing their sleep and hunger, we can just wait and watch out for updated versions of the software.

What’s even threatening: This vulnerability would also exist when opening network-shares!

Zero-day attackers can use this vulnerability to threaten an entire empire. The risk is great. Not that migrating to Linux or MacOS will save you. Sooner or later, all get attacked.

For once, I would also mention the possibility of bogus email attachments with .lnk and .pif extensions. The best thing we can do is, not to open any attachments with such extensions.

Microsoft will soon release a security update for fixing this vulnerability. Keep your Windows and Antivirus updated. Let’s hope not to get infected.

Leave a Reply

Your email address will not be published. Required fields are marked *