Stuxnet threat to Windows could get worse

Security firms have identified a new variant of a USB-based zero-day attack that exploits a vulnerabiltiy in Microsoft Windows, including Windows 7.

Security firms have identified a new variant of a USB-based zero-day attack that exploits a vulnerabiltiy in Microsoft Windows, including Windows 7.

The attack exploits a previously unknown vulnerability in the way Windows processes shortcut files.

A variant of the malware suggests that further examples of the attack will surface as hackers attempt to avoid detection, according to security firm Sophos.

The vulnerability requires no direct user interaction to deliver its payload, which Sophos has named the Stuxnet-B Trojan.

Early versions of the malware have been programmed to seek out Supervisory Control And Data Acquisition (SCADA) software by Siemens that is used to manage critical infrastructure.

"The threat from the exploit is high as all a user has to do is open a device or folder without clicking any icons, and the exploit will automatically run," said Graham Cluley, senior technology consultant at Sophos.

"With an additional variant of the malware already on the loose, the potential for this exploit to become more widespread is growing rapidly," he said.

Siemens has issued guidance that operators should change system passwords urgently as hard-coded default passwords are available on the internet.

But Siemens is concerned that if critical infrastructure customers change their SCADA passwords to hinder the malware, they could throw their systems into chaos.

Systems that look after critical infrastructure should not be hard-coded to expect the password to always be the same because that makes it tricky to change passwords, said Cluley.

Microsoft is believed to be working on an emergency patch to fix the vulnerability in their software and has recommended the following mitigations:

  • Disable the displaying of icons for shortcuts - this will result in blank icons for every shortcut on the computer.
  • Disable the WebClient service - It turns out that this is also remotely exploitable and not limited to USB keys.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...