USB malware threatens Windows

gallery

A Windows vulnerability has opened the way for malware on a USB to infect a PC.

Microsoft has released an advisory, confirming the problem lies in the way the system processes shortcut files.

When a special shortcut file (.lnk) is created on a USB or any external storage device, Windows will execute it as soon as the folder containing it is opened. This could be by Windows Explorer or any other file manager within an application.

The vulnerability came to light when Belarusian antivirus vendor VirusBlokAda discovered USB malware designed to exploit the flaw. Arbitrary code can be triggered when a specially encoded shortcut icon is parsed by Windows.

VirusBlokAda confirmed the malware is in the wild and not a theoretical laboratory case.

The only way to workaround the problem is to disable all shortcuts in Windows via Regedit, Microsoft’s registry editor. This is not a solution for the feint-hearted and it means shortcuts, a vital part of the Windows environment, will be unusable.

It is also advised that Autorun is disabled for USB devices. Windows 7 has autorun disabled by default but users of other versions will have to turn it off themselves.

The vulnerability, which affects all current versions of Windows, is likely to remain a zero-day problem for a while as a permanent fix could be difficult to devise.

Unfortunately, it will be an ever-present threat for users of Windows SP2 and Windows Server 2003, which have both now ceased to be supported by Microsoft.

Email to a friend

Print this page