IT security and data protection firm Sophos has today released a
free tool to protect against a Windows zero-day vulnerability that
is being actively exploited to infect computers.
The Sophos Windows Shortcut Exploit Protection Tool protects
against a high profile vulnerability that allows malicious hackers
to exploit a bug in the way that all versions of Windows handles
.LNK shortcut files. If Windows just displays the icon of an
exploited shortcut file, malicious code can be executed - without
requiring any interaction by the user.
But Sophos's free tool, available for download from www.sophos.com/shortcut,
intercepts shortcut files that contain the exploit, warning of the
executable code that was attempting to run. That means it will stop
malicious threats which use the vulnerability if they are on
non-local disks, such as a USB stick.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel
and subscribe if you like)
"So far we have seen the
Stuxnet and
Dulkis worms, as well as the
Chymin Trojan horse, exploiting the shortcut vulnerability to
help them spread and infect computer systems. Stuxnet made the
headlines because it targeted the Siemens SCADA systems that look
after critical infrastructure like power plants - but there's a
warning for all computer users here," said Graham
Cluley, senior technology consultant at Sophos. "Details of how
to exploit the security hole are now published on the web, meaning
it is child's play for other hackers to take advantage and create
attacks."
"No-one knows when Microsoft will roll-out a proper patch for
this critical security hole, and its current workaround leaves
systems almost unworkable with broken-looking icons," continued
Cluley. "The free tool from Sophos can be run alongside any
existing anti-virus software, providing generic protection against
the exploit. Unlike Microsoft's workaround, it doesn't blank out
all the shortcuts on your Windows Start Menu - meaning your life -
and that of your users - will be less stressful."
Customers of Sophos products are already protected from the
exploit, with affected .LNK shortcuts detected generically as
Exp/Cplink-A or Troj/Cplink.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.