NEWS

WIRES

OTHER

Sophos Provides Free Tool to Protect Against Windows '.LNK' Zero-Day Vulnerability

The Sophos Windows Shortcut Exploit Protection Tool protects against a high-profile vulnerability that allows malicious hackers to exploit a bug in the way that all versions of Windows handle .LNK shortcut files. If Windows just displays the icon of an exploited shortcut file, malicious code can be executed - without requiring any interaction by the user.

But Sophos's free tool, available for download from http://www.sophos.com/shortcut, intercepts shortcut files that contain the exploit, warning of the executable code that was attempting to run. That means it will stop malicious threats, which use the vulnerability if they are on non-local disks, such as a USB stick.

"So far we have seen the Stuxnet and Dulkis worms, as well as the Chymin Trojan horse, exploiting the shortcut vulnerability to help them spread and infect computer systems. Stuxnet made the headlines because it targeted the Siemens SCADA systems that look after critical infrastructure like power plants - but there's a warning for all computer users here," said Graham Cluley, senior technology consultant at Sophos. "Details of how to exploit the security hole are now published on the web, meaning it is child's play for other hackers to take advantage and create attacks."

Sophos has produced a YouTube video, demonstrating how the tool intercepts attacks, which journalists and bloggers are welcome to embed on their websites: http://www.youtube.com/watch?v=Gucn5xWZ1m8

"No one knows when Microsoft will roll out a proper patch for this critical security hole, and its current work-around leaves systems almost unworkable with broken-looking icons," continued Cluley. "The free tool from Sophos can be run alongside any existing anti-virus software, providing generic protection against the exploit. Unlike Microsoft's workaround, it doesn't blank out all the shortcuts on your Windows Start Menu - meaning your life - and that of your users - will be less stressful."

Customers of Sophos products are already protected from the exploit, with affected .LNK shortcuts detected generically as Exp/Cplink-A or Troj/Cplink.

More information, including screenshots, of the free Sophos tool can be found on Graham Cluley's blog at: http://www.sophos.com/blogs/gc/g/2010/07/26/shortcut-exploit-free-tool

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

CHEN PR
Kevin Kosh, 781-672-3111
kkosh@chenpr.com