IT security and data protection firm Sophos has today released a
free tool to protect against a Windows zero-day vulnerability that
is being actively exploited to infect computers.
The Sophos Windows Shortcut Exploit Protection Tool protects
against a high profile vulnerability that allows malicious hackers
to exploit a bug in the way that all versions of Windows handles
.LNK shortcut files. If Windows just displays the icon of an
exploited shortcut file, malicious code can be executed - without
requiring any interaction by the user.
But Sophos's free tool, available for download from www.sophos.com/shortcut,
intercepts shortcut files that contain the exploit, warning of the
executable code that was attempting to run. That means it will stop
malicious threats which use the vulnerability if they are on
non-local disks, such as a USB stick.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel
and subscribe if you like)
"So far we have seen the
Dulkis worms, as well as the
Chymin Trojan horse, exploiting the shortcut vulnerability to
help them spread and infect computer systems. Stuxnet made the
headlines because it targeted the Siemens SCADA systems that look
after critical infrastructure like power plants - but there's a
warning for all computer users here," said Graham
Cluley, senior technology consultant at Sophos. "Details of how
to exploit the security hole are now published on the web, meaning
it is child's play for other hackers to take advantage and create
"No-one knows when Microsoft will roll-out a proper patch for
this critical security hole, and its current workaround leaves
systems almost unworkable with broken-looking icons," continued
Cluley. "The free tool from Sophos can be run alongside any
existing anti-virus software, providing generic protection against
the exploit. Unlike Microsoft's workaround, it doesn't blank out
all the shortcuts on your Windows Start Menu - meaning your life -
and that of your users - will be less stressful."
Customers of Sophos products are already protected from the
exploit, with affected .LNK shortcuts detected generically as
Exp/Cplink-A or Troj/Cplink.