back to article Unpatched shortcut vuln exploited by mainstream malware

Virus writers have begun using the unpatched shortcut flaw in Windows first exploited by the Stuxnet worm, which targets power plant control systems, to create malware that infects the general population of vulnerable Windows machines. Slovakian security firm Eset reports the appearance of two malware strains that exploit …

COMMENTS

This topic is closed for new posts.
J 3
Alert

Warning!

"My OS is better than yours" flame war in 3... 2... 1...

2
0
Grenade

ok

tell me why this makes windows so good

1
0
Anonymous Coward

OK - if you insist

My OS is better than yours

4
0
Gates Horns

It's not your OS...

You're just allowed to use it.

1
1
Linux

Re : It's not your OS

It's certainly NOT Windows

1
0
J 3
Linux

@ok AC

You heard of what happens when you assume, haven't you? :-)

(haven't touched MS code for more than a few minute in 10 years)

Anyway, it's incredibly quiet here , so my prediction failed. What can I do, I'm no octopus. Must be the weekend.

1
0
Boffin

Separation of data and code

There shouldn't be a risk on any widely used operating system or platform that when an application or user attempts to read data, that code which arrives with the data gets executed outside of a very tightly sandboxed environment. In a more ideal world market forces would prevent operating systems or platforms (e.g. Windows or Flash) which blur this boundary from existing. In a monopoly ridden (i.e. closed source) world, users of such platforms (e.g. Windows, or Flash on Linux) have to put up with or mitigate the growing number of exploits which arise as symptoms of this architectural disease. Having to run security updates every week is patching the symptoms, and not curing this disease.

1
1

Just a shortcut icon

That's incredible, isn't it ?

0
0
Silver badge

Re : Just a shortcut icon

Previously posted :

http://www.kb.cert.org/vuls/id/940193

"Microsoft Windows fails to safely obtain icons for shortcut files. When Windows displays Control Panel items, it will initialize each object for the purpose of providing *dynamic icon functionality*. This means that a Control Panel applet will execute code when the icon is displayed in Windows. Through use of a shortcut file, an attacker can specify a malicious DLL that is to be *processed within the context of the Windows Control Panel*, which will result in arbitrary code execution."

2
0
Silver badge
Joke

And reading between those lines...

... this is a feature which was insisted on by a marketing person, so that he could have icons which flashed purple and pink and jumped up and down while making Whee! noises.

An engineer pointed out that this was really bad system design with unlimited potential for security breaches.

The marketing drone pointed out that this was really cool artistic design with unlimited potential for supporting the Wubbly(TM) marketing campaign, and future highly profitable developments.

The engineer was over-ruled.

Wubbly(TM) was canned a few months later when someone higher up pointed out that it might cannibalise the sales of Microsoft Office. Which is why we have never heard of it and have been spared a proliferation of purple-and-pink-flashing active icons.

Unfortunately, not a proliferation of malware, because the engineer was right. (Engineers are *always* right, but no-one ever listens until after the design is changed without their approval, and the inevitable consequences follow).

All this is complete fiction based on no facts whatsoever. Have you got a better explanation?

1
0
Silver badge

Re : And reading between those lines

I think so - which is why I put the asterisks in !

0
0
Go

Mac and Linux users...

...you can put your smug hats back on now!

0
0
Alert

RE: Mac and Linux users...

We never get the chance to take our "smug hats" off.

El Reg gives us news of a different MS vulnerability once or twice per week!

2
0

Not going to fix THAT

Check out the "Fix It." I would rather risk infection than have all my icons blocked.

Oh well, I have been spending all my days lately in native Ubuntu terminal ssh sessions or PuTTY anyway. GUI? What's that?

0
0
Silver badge

That was my initial reation as well

But with the latest news and the potential for a blended threat...

I may be willing to risk it at home where I can control most of what I access, but work places may need to reconsider.

0
0

Source

Seems like it may be Russian in source. They are big on using energy as a blackmail tool. Presume they let it loose amongst their neighbours so they could 'cause energy shortages and it spread.

0
1
Silver badge

Source

Clearly the source is BP, in an attempt to deflect a bit of the heat towards other energy sector. "Hey we had a leak alright, but everyone else does, too. Lookitdat. Oil leak, information leak, same-diff".

0
0
This topic is closed for new posts.

Forums