“This recent security flaw gives cyber-criminals a wide range of new possibilities to infect a PC. They only need to make sure that a .lnk file is displayed on the computer. The file, which the link refers to, does not necessarily need to be on the computer – it can even be on the Internet”, explains Ralf Benzmueller, head of the G Data SecurityLabs. “Not only users of memory sticks are affected. In a company’s IT network, for example, it is enough to save a primed and infected file on the network drive. Even basic software, like word processing programs and e-mail clients, provide the possibility to display shortcuts. The potential for abuse is enormous. We expect that this vulnerability will be massively exploited shortly.”
The “LNK Checker” in detail
The G Data specialists developed the “G Data LNK Checker” hotfix after a detailed analysis of the security flaw. The “G Data LNK Checker” functions independently from an installed security suite and supplements it with a generic protection against automatic execution of linked malware. After the installation, the “G Data LNK Checker” monitors the creation of shortcut icons and prevents the automatic execution of code on the display of icons. The malicious mechanism is used for specific cases only, e.g. icons for system control elements.
Desktop symbols with popular and safe mechanisms are displayed as usual. But if the malicious mechanism is detected, a red warning signal icon is displayed.
Attention: There are legitimate application possibilities for this recently exploited mechanism. A double-click on a file that is marked as dangerous still lies in the user’s responsibility. At this point, a good security suite is needed.
Once Microsoft has patched the security flaw and the user has downloaded and installed the respective Windows update, the program “G Data LNK Checker” can be uninstalled like every other software. The hotfix is designed for all Windows operating systems since Windows XP, both 32-bit versions and 64-bit versions. Users with Windows XP service pack 2 are protected as well, even though the official Microsoft support ended recently.
The “G Data LNK Checker” is available through the following link: http://www.gdatasoftware.co.uk/support/downloads/tools.html
Every PC running a Windows operating system has shortcuts on its desktop. This offers a one-click access to the most important programs and files. This useful function is misused by malware again and again. Just as in this recent case, in which Microsoft acknowledged a 0-day-exploit regarding all recent Windows versions. In this case, the mechanism to display icons is exploited in a specific way to execute malware and eventually gain control over the entire PC. To make this happen, the user only needs to display the primed shortcut, e.g. in the Internet Explorer, on the desktop or within an application.
Microsoft reacted immediately and created a proposal for a solution (hotfix), which solves the problem itself, but it leads to the fact that all shortcuts lose their icon. This is very impractical and not a satisfactory workaround to the problem. The “G Data LNK Checker” solves this problem.