News

New Windows zero-day vulnerability allows USB malware to run, says Sophos

A new USB-based zero-day attack is hitting Microsoft Windows users, according to security firm Sophos.

The attack exploits a previously unknown vulnerability in the way the operating system processes shortcut files, making even fully patched PCs vulnerable.

Unlike previous USB-based malware such as the Conficker worm, the latest exploit does not take advantage of the Windows Autorun or Autoplay feature.

This means the W32/Stuxnet-B rootkit malware can spread even if Windows Autoplay and Autorun are disabled.

The shortcut files are allowed to execute automatically and once the rootkit is in place, it effectively enters "stealth mode", cloaking its presence on the infected PC.

"The risk is that more malware will take advantage of the zero-day exploit used by the Stuxnet rootkit, taking things to a whole new level," said Graham Cluley, senior technology consultant at Sophos.

"The exploit is still being analysed by the security community, but there are suggestions that the malware could be trying to access data specific to Siemens SCADA systems that control national critical infrastructure."

Cluley said the security community had not yet established the extent of the risk to SCADA systems, so attacks would be monitored very closely.

"Eyes will also be turned to Microsoft to see how it will respond to what appears to be another unpatched vulnerability in its code that is being exploited by hackers," he added.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy