I've long thought that someday Windows' security problems could foul up the Internet for everyone. That day may be arriving.
It's not just me being paranoid about Windows. It's the ISC (Internet Storm Center), the group that tracks the overall health of the Internet. They're wondering whether the newly discovered "LNK" exploit might be used to slam the brakes on the Internet's high-speed traffic.
decided to raise the Infocon level to Yellow to increase awareness of the recent LNK vulnerability and to help preempt a major issue resulting from its exploitation. Although we have not observed the vulnerability exploited beyond the original targeted attacks, we believe wide-scale exploitation is only a matter of time. The proof-of-concept exploit is publicly available, and the issue is not easy to fix until Microsoft issues a patch. Furthermore, anti-virus tools' ability to detect generic versions of the exploit have not been very effective so far.
The LNK vulnerability is an obnoxious little security hole that's present in all versions of Windows from Windows 2000 on up. There are now numerous attack programs that can use a malicious shortcut file, identified by the ".lnk" extension, to automatically run malware. All a user has to do is view the contents of a folder containing the infected shortcut, and, ta-da, the program is wreaking havoc.
Early versions of the attack required users to plug in a USB key with the malicious software. If that were still required, this would be a minor problem. Now, however, exploits exist that can launch attacks over SMB (Server Message Block) file shares and Windows' WebClient services. While often used over a LAN, these services can also be used over the Internet. And, of course, such tried-and-true-virus-spreading methods as sending a LNK file over an IM (instant message) or in an e-mail will also spread it.
Once in place, a LNK-based malware can do pretty much anything it wants to your Windows PCs -- send someone your credit-card numbers, zap your system, whatever. Or, and this is where it gets even more dangerous, it could be used to take over or knock out SCADA (supervisory control and data acquisition) control systems used to control industrial machinery in power plants and factories. In short, this is software that can use Windows not just to exploit Windows users, but to commit cyber-episonage or warfare
Even Microsoft is worried enough about this vulnerability that the guys from Redmond said, "Anyone believed to have been affected by this issue ... should contact the national law enforcement agency in their country."
So, what can you do about it? Not a lot. You can try Microsoft's recommended work-arounds, but, as Chester Wisniewski, a senior security advisor with Sophos, pointed out, turning off icons for shortcuts is "highly impractical for most environments. While it would certainly solve the problem, it would also cause mass confusion among many users and might not be worth the support calls." Wisniewksi added that Microsoft's other suggestion, disabling WebClient, may be a solution for people who don't use Microsoft SharePoint, but many organizations rely on SharePoint so this is limiting as well.
In short, there's no cure. The attack is about as nasty as it can get, and the 'cures' that we have now may be worse than the diseases. Unless, of course, it turns out the alternative really is to have the Internet itself get smacked around and for factories to be stilled by this Windows exploit of mass destruction.