G Data releases tool to block Windows shortcut attacks

From: Infoworld.com July 27, 2010

The free tool prevents malware that exploits Microsoft's shortcut vulnerability from executing and also displays Windows icons correctly

he German security company G Data released a tool on Tuesday that blocks attacks using Microsoft's shortcut vulnerability but also preserves shortcut icons unlike the hotfix released recently by Microsoft.

The tool, called the G Data LNK Checker, is a small piece of software that is independent of other security software. It monitors the creation of shortcuts and then will block the execution of code when a shortcut icon is displayed, according to G Data. The tool is free and can be downloaded from G Data.

[ Security firm Sophos has also released a tool to block Windows shortcut attacks. | Also on InfoWorld: "Prepare for extensive attacks of Windows zero-day." | InfoWorld's Woody Leonhard explains the workings of the new rootkit exploit. | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Microsoft hasn't indicated when it will patch the shortcut flaw, which can cause malware to be executed merely by looking inside a folder containing a malicious shortcut. The company released a hotfix last week, but shortcuts lose their icons.

"This is very impractical and not a very satisfactory workaround to the problem," G Data said.
G Data said its software will display a red warning signal if a shortcut tries to execute something that appears to be malicious. When Microsoft patches the flaw, G Data said its tool -- compatible with XP, Vista and Windows 7 -- can then be uninstalled.

G Data isn't the only company to publish its own fix. On Monday, Sophos released the Windows Shortcut Exploit Protection Tool, which replaces tool replaces Windows' icon handler.

Per its own policy, Microsoft does not endorse third-party tools and instead recommends its own fix.

The Windows shortcut vulnerability was being used by the Stuxnet, a piece of malware that spreads by USB sticks and targets WinCC supervisory control and data acquisition (SCADA) systems produced by Siemens. Other kinds of attacks have also been detected since the flaw became widely known. Microsoft's next regular patch release is on Tuesday, Aug. 10.

SOURCE: http://www.infoworld.com/d/security-...ut-attacks-841