Agnitum issues Outpost update to protect against LNK exploit
Hidden dangers in Windows shortcuts: .lnk-infections, the Stuxnet worm, and how to deal with them
ST. PETERSBURG, RUSSIA, July 23, 2010 — The security experts at Agnitum, developers of the Outpost Pro security product line, are pleased to announce the availability of Outpost Security Suite Pro and Outpost Antivirus Pro 7.0.2 — emergency updates to protect Windows users against the recently-publicized .lnk vulnerability and associated Trojan infections.
The problem came to light earlier this week with the emergence of the Stuxnet worm exploiting a vulnerability in the Windows .LNK code that enables the ubiquitous desktop shortcuts. The exploit appears to distribute itself via USB devices, facilitating the spread of Trojans and other targeted malware.
The security team at Agnitum has addressed the threat promptly and updated Outpost’s preventive protection to parse .lnk files for consistency and warn the user of suspected malicious activity.
"The consistency and validity algorithm we’ve implemented to check for .lnk files appears to us to be the only viable way to prevent infections", comments Paul Kunishev, head of Agnitum’s Kernel Programming Sector. "Agnitum’s R&D team has incorporated block and alert mechanisms for around 20 LNK validators in its antivirus solutions. Aside from changes to the proactive protection module, Outpost’s signature-based and heuristic monitors have also been updated to expose .lnk exploits".
We recommend users install the latest versions of Outpost Security Suite Pro and Outpost Antivirus Pro as soon as possible. The software is available for download at http://www.agnitum.com/products/.
About the LNK exploit
Experts have watched as the LNK exploit has crossed the borders from Asia to proliferate across the US and Eastern Europe. Although the number of affected PCs still appears manageable, the number of separate attacks is growing exponentially.
A recent modification of the exploit — the Stuxnet worm — gets past older security software by disguising itself with a digital signature for Realtek software. Although the certificate has been temporarily withdrawn, it still operates on all Windows versions.
As a precautionary measure, we recommend users disable the WebClient service or, less conveniently, disable the icon display for shortcuts, as Microsoft has suggested.
For more information and to request review copies of Outpost Security Suite and Outpost Antivirus Pro 7.0.2, please contact:
PR Manager, Agnitum Ltd.