Security firms have identified a new variant of a USB-based zero-day attack that exploits a vulnerabiltiy in Microsoft Windows, including Windows 7.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The attack exploits a previously unknown vulnerability in the way Windows processes shortcut files.
A variant of the malware suggests that further examples of the attack will surface as hackers attempt to avoid detection, according to security firm Sophos.
The vulnerability requires no direct user interaction to deliver its payload, which Sophos has named the Stuxnet-B Trojan.
Early versions of the malware have been programmed to seek out Supervisory Control And Data Acquisition (SCADA) software by Siemens that is used to manage critical infrastructure.
"The threat from the exploit is high as all a user has to do is open a device or folder without clicking any icons, and the exploit will automatically run," said Graham Cluley, senior technology consultant at Sophos.
"With an additional variant of the malware already on the loose, the potential for this exploit to become more widespread is growing rapidly," he said.
Siemens has issued guidance that operators should change system passwords urgently as hard-coded default passwords are available on the internet.
But Siemens is concerned that if critical infrastructure customers change their SCADA passwords to hinder the malware, they could throw their systems into chaos.
Systems that look after critical infrastructure should not be hard-coded to expect the password to always be the same because that makes it tricky to change passwords, said Cluley.
Microsoft is believed to be working on an emergency patch to fix the vulnerability in their software and has recommended the following mitigations:
- Disable the displaying of icons for shortcuts - this will result in blank icons for every shortcut on the computer.
- Disable the WebClient service - It turns out that this is also remotely exploitable and not limited to USB keys.