[funsec] Microsoft LNK exploit
Rob, grandpa of Ryan, Trevor, Devon & Hannah
rMslade at shaw.ca
Tue Jul 20 18:21:11 CDT 2010
The recently discovered LNK exploit; using the way Microsoft parses link or
shortcut icons for display in order to get something else executed; may be a
tempest in a teapot. It is technically sophisticated, but so far we don't appear to
have seen it used widely.
Probably a good thing.
This exploit could be used in a wide variety of ways. You can use it in removeable
media, so that any time you shove a CD in a drive, or connect a USB stick/thumb
drive (or any other USB device, for that matter) to a computer, it results in an
infection or some malicious payload.
And remember that OLE stands for object *LINKING* and embedding. Since it is
trivially easy to embed a virus in any Windows OLE format data file, it should be
just as easy to create malicious links in any such files.
Microsoft's own information on the issue (
http://www.microsoft.com/technet/security/advisory/2286198.mspx ) seems to
indicate that there is a related, but separate, issue with Microsoft Office
components, related to Web based activities. (By the way, when accessing that
site, the information about how to protect against the exploit is hidden under the
"Workarounds" link, rather than being explicit on the page.)
Some of the potential effects are discussed by Randy Abrams at
http://blog.eset.com/2010/07/19/it-wasn%E2%80%99t-an-army
====================== (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca slade at victoria.tc.ca rslade at computercrime.org
He who praises everybody, praises nobody. - Samuel Johnson
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://www.infosecbc.org/links http://twitter.com/rslade
More information about the funsec
mailing list