Am I right in thinking FTP sites, torrent sites and maybe even download sites like RapidShare are vulnerable to this .lnk file problem?
On 20 July 2010 00:37, Carl Houseman <[email protected]> wrote: > The process of scanning .lnk files for icons to display results in > execution > of code that is embedded in the specially crafted .lnk file. Some > developer > at MS responsible for that icon-fetching code (if still employed there) is > likely not having a good week. > > That's why this is such a serious malware, simply viewing the folder in > Explorer will infect. The only mitigating factor is, direct folder access > to the .lnk file is needed. An E-mail attachment would have to be saved > and > then the containing folder viewed. A web site would have to coerce a user > to save it locally and then open the folder. But as with the autorun > problem, a picture frame or pre-loaded flash drive with one of these .lnk > files could make a lot of trouble. > > Carl > > -----Original Message----- > From: Mike Gill [mailto:[email protected]] > Sent: Monday, July 19, 2010 6:18 PM > To: NT System Admin Issues > Subject: RE: Signed malware on folder view using shortcut LNK files > > Windows 7 doesn't support autorun on flash drives. When he gets to the part > where he's not running AV, he doesn't indicate that he's actually clicking > on anything, yet the malware runs. He sort of implies that it's happening > automatically when he mentions the video is slowed to allow us to view what > happens. How is the malware getting executed? > > -- > Mike Gill > > -----Original Message----- > From: James Hill [mailto:[email protected]] > Sent: Sunday, July 18, 2010 5:43 PM > To: NT System Admin Issues > Subject: RE: Signed malware on folder view using shortcut LNK files > > It really is a nasty one. It doesn't need admin privs either. Until > Microsoft patch it if your AV doesn't catch it you're pretty much screwed. > Disabling shortcuts is obviously not an option for most. > > Nice vid of it in action > http://www.youtube.com/watch?v=1UxN7WJFTVg&feature=player_embedded > > Interesting timing considering XP SP2 is now unsupported. > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
