Cyber Hacks Strike At USB Drives

 

It has been less than a week that Microsoft has ended official support for Windows XP, and already an exploit has been discovered. Microsoft has provided warning to users that hackers have discovered a very critical and unpatched Windows vulnerability involving USB flash drives that have been infected. This is the first exploit to hit Windows XP Service Pack two, and when Microsoft finally discovers a fix for the infected USB flash drive problem, they will not send out a security fix or patch for a machine still running Windows XP Service Pack two.

Along with other researchers who knew of the exploit, Microsoft agrees to the fact that hackers have been able to exploit a vulnerability in the Windows ‘shortcut’ files. These files act as a placeholder and they exist on a user's desktop or on the Start menu as a link to the actual application or file they represent. The director of Microsoft's Trustworthy Computing group, Dave Forstrom, stated in a Microsoft blog, “In the general public, this security hole has been found working with the Stuxnet malware.” The Stuxnet malware contains a Trojan with the ability to download more attack code and a root kit that will hide any evidence of the actual attack. Even though Dave describes the threat as specific, targeted hacks, the entity within Microsoft that crafts antivirus signatures said they followed approximately six thousand malware attempts against Windows personal computers in less than a week since it ended Windows XP support.

Many security firms also took note of a Windows vulnerability and exploit that was attacking large-scale infrastructure control systems in the area of industry and other related computers utilized by major utility and manufacturing companies. In a statement from Microsoft, Windows does not correctly parse the shortcut files containing the ‘.lnk’ file extension. Using a bad .lnk file, hijackers can easily take over a Windows computer system with a very small amount of user interaction. All a user has to do is look at the contents stored on a USB drive with any file manager including Windows Explorer.

A senior security adviser within Sophos, Chester Wisniewski, said the threat in question was nasty, and stated tests that he ran proved the exploit will work even when the Windows AutoRun and AutoPlay are disabled. Both of these functions have been used in the past by hackers to take over computers with flash drives that have been infected. The malicious root kit will also bypass the built-in security features in Windows, such as the User Account Control in Windows Vista and Windows 7. Microsoft has even advised, “Shortcuts can also be sent and shared over networks or remote WebDAV.”

At the moment, Microsoft stated users can prevent the attacks by incapacitating the ability to display shortcuts, and by turning off their Web Client service. Unfortunately for many users, this involves the editing of the Windows registry. By disabling the ability to use shortcut files it will make it harder for users to execute or launch their favorite programs or documents they have opened. Since Microsoft has added support for Windows XP, this notice is all the support users will receive from Microsoft concerning this issue.

Microsoft has noted the versions of Windows they do support contains the vulnerability. These versions include Windows XP Service Pack three, Windows Vista, Windows Server 2003, Windows 7, Windows Server 2008, and Windows Server 2008 R2. Even the beta version of Windows 7 Service Pack one is at risk.

A Windows 7 training video should be in your IT arsenal to keep you informed and up-to-date on the latest revisions built into Windows 7. There are many areas of enhancement and new and enhanced features you can utilize to make your workflows easier and increase your level of productivity. The training in the area of Windows 7 is a strong choice to make in satisfying your Windows 7 training requirements.

About Us: Next Generation Training brings blended learning and computer training in a convenient format making it very easy and enjoyable for users to gain a significant amount of supplemental information. Productivity and job skills are enhanced with the training that comes from Next Generation Training. Microsoft Windows 7 training courses benefit all users with a very large amount of information covering the many new aspects of Microsoft's latest operating system. Next Generation Training and its complete training regimen is your premier source to handle your training requirements.