New Windows zero-day vulnerability allows USB malware to run, says Sophos

The attack exploits a previously unknown vulnerability in the way the operating system processes shortcut files, making even fully patched PCs vulnerable.

Unlike previous USB-based malware such as the Conficker worm, the latest exploit does not take advantage of the Windows Autorun or Autoplay feature.

This means the W32/Stuxnet-B rootkit malware can spread even if Windows Autoplay and Autorun are disabled.

The shortcut files are allowed to execute automatically and once the rootkit is in place, it effectively enters "stealth mode", cloaking its presence on the infected PC.

"The risk is that more malware will take advantage of the zero-day exploit used by the Stuxnet rootkit, taking things to a whole new level", said Graham Cluley, senior technology consultant at Sophos.

"The exploit is still being analysed by the security community, but there are suggestions that the malware could be trying to access data specific to Siemens SCADA systems that control national critical infrastructure."

Cluley said the security community had not yet established the extent of the risk to SCADA systems, so attacks would be monitored very closely.

"Eyes will also be turned to Microsoft to see how it will respond to what appears to be another unpatched vulnerability in its code that is being exploited by hackers", he added.

This story was first published by Computer Weekly


What’s Hot on Infosecurity Magazine?