Sophos Warns of "Nasty" Rootkit Making the Rounds

Paul Lilly

So here it is, folks, the first of what is likely to be many bugs affecting unpatched versions of Windows XP Service Pack 2 (SP2), which of course will remain unpatched since Microsoft cut off support for XP SP2 and earlier.

According to a security advisory (2286198) , "the vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives," Microsoft says.

While disabling AutoPlay lessens the risk, users with an infected USB thumb drive can still fall prey the attack if they were to manually browse to the root folder. And because it can run when AutoPlay and AutoRun are disabled, Sophos senior security advisor, Chester Wisniewski, warns that the bug is particularly "nasty," pointing out in a blog post that "it bypasses all Windows 7 security mechanisms, including UAC, and doesn't require administrative privilege to run."

Around the web