What You Know About Windows Shell Vulnerability Towards Malware?

In a recent advisory, Microsoft has dispatched a alert to all users, informing users about Microsoft Windows Shell's vulnerabilities to hacker attacks and malware. These types of attacks are generally transmitted via USB devices that are infected with viruses. This vulnerability could affect all Windows system, whether it's Vista as well as Windows 7. Microsoft further confirmed that the attacks could be carried out via WebDAV and network shares. The virus usually appears when it is discovered that the Windows Shell is not able to verify the parameters of the shortcuts that virus is trying to download. This allows attackers to download malware by opening a window after you click the link of the malicious program. These shortcuts are files that have links that are linked extension of the file. www.webroot.com/safe

But, researchers are of the opinion that it is not necessary for the user to click the icon. Connecting the USB drive and browsing it is enough for malware to infect the system, leaving it vulnerable to attackers. The malware is able to override the majority of security features of the Windows operating system, even when running without having any administrative privileges. According to the analysts the malware utilizes the shortcut files with a .lnk extension of the USB which will automatically run when the operating system begins reading the files. To make things easier to access the USB stick using an application that supports shortcuts or files that are easy to access could run the malware without having to take any action.

This vulnerability was first detected this week by the Belarusian antivirus company, in which hackers were able leverage Stuxnet rootkit. For those who aren't familiar, Stuxnet rootkit is a malware that targets multinational corporations for information that is sensitive. Stuxnet rootkit has demonstrated its it's ability to hide from detection by hiding files with the suffix .lnk as well as files that begin with 'WTR' but finish in '.tmp'. Another aspect that was discovered by this virus is the capability to take over the autorun feature. This means that even if you disable autorun off the rootkit will be able execute and install itself on your system. The rootkit also is able to bypass firewalls and antivirus. What it does is inject it inside iexplore.exe files. Since many firewalls rely on iexplore.exe files it is not detected to the operating system. The malware could even disable some security features on your system. It has been discovered that using two driver types "mrxnet.sys" in addition to "mrxcls.sys" specifically the rootkit can be capable of loading and running without detection. In addition it also is able to hide the two drivers.

A security analyst from another company also said that the malware could be capable of using the default password to access information from Siemens SCADA WinCC + S7 control system database. The analyst further stated that this could point to the usage of Trojan for industrial espionage.

Microsoft has recommended that users disable icons as shortcuts and shut off their WebClient service. However, this will not resolve the issue that corporate clients face since disabling icons shortcuts could create confusion between their users, because turning off the WebClient services will render the sharing-based apps useless.

Popular posts from this blog

How do i disable the firewall in Webroot?

How to set up Webroot Safe Kids?

How to Secure Your Applications Using AppGuard?