Ipswitch Blog

Weaponized Software – A New Attack on Windows … and it’s Nasty

| July 19, 2010 | Data Breach, Secure File Transfer

There’s some interesting news going on regarding a warning that Microsoft gave on Friday (7/16/10) about hackers exploiting a critical unpatched Windows vulnerability.

I read on Networkworld.com that “hackers have been exploiting a bug in Windows ‘shortcut’ files, the placeholders typically dropped on the desktop or into the Start menu to represent links to actual files or programs.”

Also in the article, Dave Forstrom, one of the directors in Microsoft’s Trustworthy Computing group, said:

In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware.”

If you’re unfamiliar with Stuxnet, it’s a “clan of malware that includes a Trojan horse that downloads further attack code, including a rootkit that hides evidence of the attack.”

Siemens, according to this Computerworld article, sees this virus as “new and highly sophisticated“, and in the same article there’s a disturbing quote from a large utility IT professional:

This has all the hallmarks of weaponized software, probably for espionage,” said Jake Brodsky, who asked that his company not be identified because he was not authorized to speak on its behalf.

In the end, I think that Chester Wisniewski, senior security advisor at Sophos, is right on when he perfectly summed up the virus with one word. He simply called the threat “nasty“.

Preventing Alarm Storms

Preventing Alarm Storms from Striking Your Network and Distracting You

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries

Reader Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.