Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: SophosLabs Released Free Tool to Validate Microsoft Shortcut - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SophosLabs Released Free Tool to Validate Microsoft Shortcut

SophosLabs has just released a free tool that provides detection against the Windows shortcut exploit that we published last week here and here. Sophos has indicated it works with any antivirus software and it works with Windows XP/Vista/7 but not 2000. When Windows tries to display an icon with a shortcut, the tool will intercept the request in order to validate it and give back control to the user if not found to be malicious.

SophosLabs has made a video available on what is the exploit and how the tool works here and the tool is available for downloaded here.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Guy

411 Posts
ISC Handler
German Heise.de notes that there's a similar tool from G-Data (http://www.gdata.de/support/downloads/tools) which according to them works better.
Alex

13 Posts Posts
G-Data tool silently protects against remote _and_ local LNK "attacks".
One caveat though: reboot is needed after installation (Sophos tool doesn't).
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!