Warning! USB vulnerability in Windows
A rootkit that can install itself automatically from a USB memory stick onto a fully-patched PC even if the user has disabled the Window AutoRun and AutoPlay feature has been discovered.
Sophos warns that the W32/Stuxnet-B rootkit exploits a vulnerability in the way Windows handles .LNK shortcut files, that allows them to execute automatically if the USB stick is accessed by Windows Explorer.
Once the rootkit is in place it effectively enters “stealth-mode,” cloaking its presence on the infected PC, says Sophos.
“Threats such as the infamous Conficker worm have spread very successfully via USB devices in the past, but were in part reduced by disabling AutoPlay. The risk is that more malware will take advantage of the zero-day exploit used by the Stuxnet rootkit, taking things to a whole new level,” says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
The exploit is still being analysed by the security community, but there are suggestions that the malware could be trying to access data specific to Siemens SCADA systems – software that controls national critical infrastructure.
Curiously, the suspicious driver files carry the digital signature of Realtek Semiconductor Corp, a major supplier of computer equipment.
“As the exploit has only recently been discovered and the security community has not yet established the extent of the risk to SCADA systems there is no need to over-react to the threat,” says Myroff. “But the fact that SCADA systems are involved at all does mean that everyone will be examining the attack closely. Eyes will also be turned to Microsoft to see how they will respond to what appears to be another unpatched vulnerability in their code that is being exploited by hackers.”
Windows USB flashdisk vulnerability << comments and views
Loading ...