[ISN] SANS Raises Infocon Alert To Yellow In Light Of New Windows 'Shortcut' Attack Threat

From: InfoSec News <alerts_at_private>
Date: Tue, 20 Jul 2010 00:25:56 -0500 (CDT)
http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=226000012

By Kelly Jackson Higgins
DarkReading
July 19, 2010 

A zero-day flaw being used in targeted attacks against organizations 
worldwide -- most notably on SCADA systems -- has security experts 
worried that the threat could spread further. Concerns about additional 
attacks using the so-called "LNK" vulnerability in Windows machines via 
USB devices and fileshares prompted the SANS Internet Storm Center today 
to raise its Infocon alert level to "yellow," up from "green," or 
normal, status.

SANS made the call to go Code Yellow to help raise awareness of the 
vulnerability, which Microsoft officially revealed on Friday after 
security researchers in Belarus reported finding new malware samples 
that could infect a Windows 7 machine via an infected USB drive. "We 
decided to raise the Infocon level to Yellow to increase awareness of 
the recent LNK vulnerability and to help preempt a major issue resulting 
from its exploitation," blogged SANS ISC handler and security consultant 
Lenny Zeltser today. "Although we have not observed the vulnerability 
exploited beyond the original targeted attacks, we believe wide-scale 
exploitation is only a matter of time. The proof-of-concept exploit is 
publicly available, and the issue is not easy to fix until Microsoft 
issues a patch. Furthermore, anti-virus tools' ability to detect generic 
versions of the exploit have not been very effective so far."

The number of machines hit so far is only in the tens of thousands, 
according to some estimates, but many security experts worry that could 
change fast.

"This is not something to just shrug off," says Paul Henry, security and 
forensics analyst for Lumension Security. Henry says the biggest targets 
for the attack are Microsoft XP SP2 machines, which the software giant 
stopped patching as of this month.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Mon Jul 19 2010 - 22:25:56 PDT

This archive was generated by hypermail 2.2.0 : Mon Jul 19 2010 - 22:36:19 PDT