G Data LNK-Checker Protects Against LNK Security Vulnerability
A recently discovered vulnerability in the processing of lnk files in the Windows operating system may be used by attackers to execute malicious code on systems that are attacked by it. Windows users can take a look at our previous coverage of the security issue for additional details.
The nature of the vulnerability makes it possible to exploit it without user interaction, displaying the link icon is enough to execute the code.
Microsoft has provided workarounds and a fix-it solution in a security advisory, unfortunately though with side effects that remove icons from programs in the Windows taskbar or start menu (which from then on show up as blank icons).
Several security companies have created their own workarounds and protections, and one of those resulting programs is the G Data LNK-Checker.
The security software, upon installation and a necessary restart, detects potentially dangerous LNK files and blocks the automatic execution of these vulnerable file types. The application further changes the icons of suspicious links so that they are easier to identify.
Files that are found not to be suspicious are displayed the default way which makes this a preferred solution over Microsoft's Fix-It solution and manual workarounds, which as mentioned above change all icons to blank ones.
It is important to note that suspicious files should not be executed on the computer system (by double-clicking for instance), since this can trigger the malicious code they contain.
G Data LNK-Checker is available for download at the G Data website. The program description is only available in German, the installation however is available in English as well.
Update: English version of G Data LNK-Checker available here.
Update 2: The Link Checker application is still available but not really necessary anymore as Microsoft has released a patch in the meantime that closes the vulnerability on all versions of Windows.Advertisement
The English version is available at this page: http://www.gdatasoftware.co.uk/support/downloads/tools.html
Karbi thanks for the information, I have added the link to the article.
Sophos has also issued aprogram to detect and stop the .LNK trojan
Free Sophos tool blocks Windows shortcut attacks : http://www.computerworld.com/s/article/9179698/Free_Sophos_tool_blocks_Windows_shortcut_attacks?source=rss_news
Ilev thanks for the information, appreciated.
Just to add, Heise Online states that the Sophos tool “does not respond to files stored on local hard disks. Therefore, users can still infect their systems, for instance, by unpacking a ZIP archive”. http://www.h-online.com/security/news/item/Anti-virus-vendors-offer-free-LNK-protection-Update-1046183.html