G Data fights Windows security flaw

The serious security flaw regarding shortcuts in Microsoft Windows products is currently exploited by various pieces of malicious software and everything points to an emergence of new and more malware variants with this exploit. As the media reported, the first approaches to address the vulnerability were not really successful.

The G Data specialists have now developed a hotfix, the “G Data LNK Checker”, which blocks the automatic execution of the referenced malicious file and displays regular icons as usual. The user is protected against dangerous .lnk files. The program is available as free of charge download: http://www.gdatasoftware.co.uk/support/downloads/tools.htmlThis recent security flaw gives cyber-criminals a wide range of new possibilities to infect a PC. They only need to make sure that a .lnk file is displayed on the computer. The file, which the link refers to, does not necessarily need to be on the computer it can even be on the Internet, explains Ralf Benzmueller, head of the G Data SecurityLabs.Not only users of memory sticks are affected. In a company’s IT network, for example, it is enough to save a primed and infected file on the network drive. Even basic software, like word processing programs and e-mail clients, provide the possibility to display shortcuts. The potential for abuse is enormous. We expect that this vulnerability will be massively exploited shortly.



The  Data LNK Checker in detail

The G Data specialists developed the G Data LNK Checkerhotfix after a detailed analysis of the security flaw. The  Data LNK Checker functions independently from an installed security suite and supplements it with a generic protection against automatic execution of linked malware. After the installation, the “G Data LNK Checker” monitors the creation of shortcut icons and prevents the automatic execution of code on the display of icons. The malicious mechanism is used for specific cases only, e.g. icons for system control elements.

Desktop symbols with popular and safe mechanisms are displayed as usual. But if the malicious mechanism is detected, a red warning signal icon is displayed.

Attention: There are legitimate application possibilities for this recently exploited mechanism. A double-click on a file that is marked as dangerous still lies in the user’s responsibility. At this point, a good security suite is needed.

Once Microsoft has patched the security flaw and the user has downloaded and installed the respective Win-dows update, the program G Data LNK Checker can be uninstalled like every other software. The hotfix is designed for all Windows operating systems since Windows XP, both 32-bit versions and 64-bit versions. Users with Windows XP service pack 2 are protected as well, even though the official Microsoft support ended recently.

Sender Name: Danielle van Leeuwen

Sender E-mail: danielle.van.leeuwen@gdata.nl