After numerous reports that a hacker had devised malware that was able to bypass security and exploit many corporate machines, Microsoft has finally admitted that a vulnerability flaw existed in the system. They still have not officially released a fix or said when to expect a patch.
What the malware does
The Stuxnet rootlet exploits Microsoft’s *.ink (shortcuts) files and gathers information from industrial systems and possibly even downloads more malware, such as rootkits, onto the host’s system. The bad thing is that an increasing number of hackers hear about this flaw and start to create their own virus variations of the Stuxnet.
More serious than expected
What was at first deemed by Microsoft as a limited attack to specific targets is now considered a serious threat with over 5000 detected attempts to compromise Windows based PCs. The exploit is considered to be a serious security concern as it is capable of hiding itself by using a legitimate digital certificate by Realtek Semiconductor – a fact, which VeriSign discovered only last week.
Nobody is exempt
All Microsoft systems are readily vulnerable to this attack including the Win XP, which Microsoft has recently ceased to support in terms of critical updates and patches. The rootlet is capable of bypassing the securities of Windows Vista and Windows 7 too – a fact that many antivirus and firewall companies have given an alarming amount of attention.
Who discovered this threat
The first ones to discover and announce this were the little known Byelorussians of VirusBlokAda, followed by other companies such as UK’s Sophos and Internet Storm Center. Siemens was also not far behind in notifying its customers of the possible attacks trough Simatic WinCC, which targeted big manufacturers and utility companies.
How you get infected
The attack is generally triggered when an infected removable drive, such as USB, is inserted and activated when the user clicks on what he believes to be a shortcut for a given program. The same types of shortcuts can be found in file sharing circumstances. While Windows have not yet released a patch for this, they have offered several workarounds until their investigation is complete.
How to prevent infection
One possible way of stopping the spread of the rootlet is turning off the AutoPlay or AutoRun functions. Then the user would have to manually browse the folder in Windows Explorer and open the file, which triggers the intrusion. However, some tests have proven that this malware could work even with those functions disabled.
Other workarounds that could also work on the no longer supported Win XP include turning off the WebClient service and applying a fix that removes the graphical representation of shortcut icons. However, users could forget what they have installed without an icon as reminder and could still trigger the exploit unintentionally.
Since we have yet to hear when and how Microsoft tends to battle this growing problem, the only thing we could do for now is pay close attention to what we plug into our USB ports.