Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SophosLabs Released Free Tool to Validate Microsoft Shortcut

Published: 2010-07-26
Last Updated: 2010-07-27 12:08:56 UTC
by Guy Bruneau (Version: 2)
2 comment(s)

SophosLabs has just released a free tool that provides detection against the Windows shortcut exploit that we published last week here and here. Sophos has indicated it works with any antivirus software and it works with Windows XP/Vista/7 but not 2000. When Windows tries to display an icon with a shortcut, the tool will intercept the request in order to validate it and give back control to the user if not found to be malicious.

SophosLabs has made a video available on what is the exploit and how the tool works here and the tool is available for downloaded here.

Update 1: This tool currently only protects against LNK files and does not protect against PIF based exploits. It also does not protect against LNK files or targets stored on the local disk. Thanks to ISC reader Gerrit for the additional information.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: CPLINK MS2286198
2 comment(s)
Diary Archives