SophosLabs Released Free Tool to Validate Microsoft Shortcut
SophosLabs has just released a free tool that provides detection against the Windows shortcut exploit that we published last week here and here. Sophos has indicated it works with any antivirus software and it works with Windows XP/Vista/7 but not 2000. When Windows tries to display an icon with a shortcut, the tool will intercept the request in order to validate it and give back control to the user if not found to be malicious.
SophosLabs has made a video available on what is the exploit and how the tool works here and the tool is available for downloaded here.
Update 1: This tool currently only protects against LNK files and does not protect against PIF based exploits. It also does not protect against LNK files or targets stored on the local disk. Thanks to ISC reader Gerrit for the additional information.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Comments
Alex
Jul 27th 2010
1 decade ago
One caveat though: reboot is needed after installation (Sophos tool doesn't).
Davy
Jul 28th 2010
1 decade ago