Experts predict extensive attacks of Windows zero-day
Threat levels jump, but Microsoft not ready to say when it will patch shortcut bug
Computerworld - Security organizations today raised Internet threat levels to warn users that they expect widespread attacks using exploits of a just-acknowledged critical bug in all versions of Windows.
The Internet Storm Center (ISC) pushed its Infocon threat indicator to "Yellow," a rare move, while Symantec also bumped up the status of its ThreatCon barometer to "Elevated."
Today's shift by ISC was the first Yellow since July 2009, when the group alerted users of a vulnerability in Office Web Components, a set of ActiveX controls for publishing Microsoft Office content to the Web and for displaying that content in Internet Explorer (IE).
"The proof-of-concept exploit is publicly available, and the issue is not easy to fix until Microsoft issues a patch," said Lenny Zeltser, an ISC security analyst, as he explained the higher threat level. "Although we have not observed the vulnerability exploited beyond the original targeted attacks, we believe wide-scale exploitation is only a matter of time."
Last Friday, Microsoft confirmed that attackers can use a malicious shortcut file, identified by the ".lnk" extension, to automatically execute their malware by getting users to view the contents of a folder containing such a shortcut. Malware can also automatically execute on many systems when a USB drive is plugged into the PC.
All versions of Windows, including the just-released beta of Windows 7 Service Pack 1 (SP1), as well as the recently retired Windows XP SP2 and Windows 2000, contain the bug.
Many of the attacks spotted so far have been aimed at major manufacturing and utility companies. Last week, Siemens alerted customers of its Simatic WinCC management software that attacks using the vulnerability were targeting computers used to manage large-scale industrial control systems, often called SCADA, for "supervisory control and data acquisition."
Symantec also boosted its ThreatCon indicator from the usual Level 1 to Level 2, dubbed "Elevated." Like the ISC, Symantec said it made the move because of the advisory Microsoft issued Friday and the expectation of increased attacks.
"The Symantec DeepSight Team expects this issue to be incorporated by attackers to carry out remote drive-by download attacks in the wild," said Symantec on its ThreatCon page.
HD Moore, the chief security officer of Rapid7 and the creator of the well-known Metasploit hacking toolkit, said that it was unlikely the vulnerability would be used in classic drive-by attacks, as Symantec predicted. "The vulnerability is serious, but it's not as bad as a drive-by," Moore said, talking about the type of attacks that compromise computers when their users simply browse to a malicious site.
Companies will remain the most lucrative targets for exploits of the Windows shortcut bug, Moore bet, while consumers will likely be relatively safe. One reason: Newer browsers, such as Internet Explorer 8 (IE8), Firefox and Chrome, will shield consumers. IE6, however, which is still widely used in some businesses, does not.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts