Categories: PCSecurityWorkspace

Microsoft Releases Advisory For USB Trojan

Microsoft issued an advisory today to address a zero-day vulnerability linked to a Trojan spreading through infected USB devices.

According to Microsoft, the vulnerability at the centre of the reports exists because Windows incorrectly parses shortcuts in a way that allows malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives.

For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited, Microsoft said. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.

USB Devices

Security vendor VirusBlokAda reported that a Trojan is using the vulnerability to propagate through infected USB devices. The malware uses rootkit functionality to hide itself, the vendor said. Microsoft said so far it is only seeing limited, targeted attacks exploiting the vulnerability.

Independent security researcher Frank Boldewin reported finding evidence the malware is targeting Siemens SCADA software, meaning it could be meant for industrial espionage. An initial analysis by Symantec also revealed references to software used on SCADA systems, but the vendor said it is still investigating. “We’re currently investigating this threat, which Symantec detects as W32.Temphid,” said Dave Cowings, senior manager of operations for Symantec Security Response, told eWEEK. “Based on our initial analysis, however, we can say that this threat is clearly not something that was created overnight…Users accessing the USB device only see LNK files (i.e. links or shortcuts) with legitimate looking icons. When a user clicks on one of these LNK files, the hidden malicious payload is triggered into action.”

Double-edged Sword

Malware that spreads via USB devices is really a double-edged sword, Cowings added. On one hand, such devices are often transferred from one machine to another, but this also requires physical action on the part of the user. “This human interaction element may in some cases be a mitigating factor to widespread distribution of such threats,” he said.

As a workaround, Microsoft suggested users disable the displaying of icons. Users can also disable the WebClient Service by following instructions contained within the advisory.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved
Tags: Rootkit

Recent Posts

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

9 mins ago

Nvidia Asked SK Hynix To Advance Next-Gen AI Memory Production

SK Hynix says Nvidia chief executive Jensen Huang asked if production of next-gen HBM4 memory…

39 mins ago

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

21 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

22 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

22 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

23 hours ago