Malware Targets Shortcut Flaw In Windows, SCADA

tsu doh nimh writes "Anti-virus researchers have discovered a new strain of malicious software that spreads via USB drives and takes advantage of a previously unknown vulnerability in the way Microsoft Windows handles '.lnk' or shortcut files. Belarus-based VirusBlokAda discovered malware that includes rootkit functionality to hide the malware, and the rootkit drivers appear to be digitally signed by Realtek Semiconductor, a legitimate hi-tech company. In a further wrinkle, independent researcher Frank Boldewin found that the complexity and stealth of this malware may be due to the fact that it is targeting SCADA systems, or those designed for controlling large, complex and distributed control networks, such as those used at power and manufacturing plants. Meanwhile, Microsoft says it's investigating claims that this malware exploits a new vulnerability in Windows."

Re:Anti-virus researchers

[hairyfeet]

Actually at least from experience I'd say Comodo gets it. I have relatives that can end up with more viruses than a Bangkok whore and Comodo keeps them squeaky clean, and cost nothing to boot. I like how Comodo has a built in sandbox and unless you tell it to otherwise will automatically tell you if an installer tries to run and sandbox it. And with the full firewall+AV I'm only using about 28Mb, so it isn't a piggy like a lot of them

And when combined with Comodo Time Machine which is also free I don't have to worry about my GF or family borking their PC beyond repair. It takes snapshots automatically and it took me less than 15 minutes to walk my GF by phone into restoring from snapshot when she'd somehow corrupted Win32.dll during a power loss. Really handy.

As for TFA I doubt it would matter which OS the machine was running, since this is a targeted attack on a very specific kind of system. If the malware writer is gonna go to the trouble to target such a niche system then they could just a easily target whichever OS it was running. Sadly no matter what the OS it always comes down to PEBKAC, and if they are crazy enough to run untrustworthy flash sticks on their highly important system I think they got bigger problems than malware. It takes..what? 3 minutes to boot a Linux live CD and wipe or scan a small flash drive?