The so-called 0-day vulnerability actually means cracking. The earliest cracking was targeted at software and later developed into games, music, movies, and other content. In the sense of information security, 0-day refers to the vulnerability information that is known and mastered before the security patch is released. Kingsoft drug overlord cloud Security Monitoring Center recently monitored that the Microsoft Windows shortcut (. lnk) Automatic File Execution 0-day vulnerability was just discovered, that is, it has been exploited by hackers to launch Trojan attacks on users' computers.
It is understood that users only need to enable the USB flash drive automatic operation function, once you insert a USB flash drive or browse the files on the USB flash drive, it may be infected with Trojans. As a result, the user's computer settings are changed, not only will the advertisement web page pop up, and even face the danger of game, qq, bank account may be stolen.
Jinshan Security Anti-virus expert said the vulnerability may cause large-scale Trojan attacks in the near future. Before Microsoft releases the vulnerability patch, the full range of security software in Jinshan can be automatically immune to such vulnerabilities and related viruses and Trojans without upgrading.
It is reported that Microsoft windows operating system has just been exposed by foreign virus authors to the latest lnk 0day vulnerability, and an experimental virus has become prevalent in foreign countries. India is the hardest hit. Currently, this vulnerability has been exploited by Trojans in China. The first two samples were found to release the ROOTKIT virus, which was concealed by the digital signature of Realtek, a famous sound card manufacturer, resulting in user infection. Theoretically, the virus can spread through mobile storage devices such as USB flash drives, SD cards, and mobile hard disks, posing a threat to users of tens of millions of windows operating systems in China.
Li tiejun, A Kingsoft security and anti-virus expert, said that the LNK file is an application shortcut. Generally, you can start a program by double-clicking the desktop shortcut or clicking the shortcut in the Start Menu, when attackers exploit this vulnerability to create a special lnk file and insert a USB flash drive, a mobile hard disk, or a digital memory card, the virus is automatically executed because of the vulnerability.
According to Li tiejun, according to the characteristics of this 0-day vulnerability, the best way to spread viruses and Trojans using this vulnerability theoretically should be USB devices (USB disks, mobile hard disks, SD and other digital memory cards ). By default, Windows Enables automatic loading and playback. Therefore, Windows automatically runs the resource manager to open the USB flash disk after connecting to a Removable device (such as USB flash memory. Currently, this vulnerability is widely used to spread malware, which affects almost all Windows operating systems.
Li tiejun stressed that most of the previous U disk viruses used auturun. inf configuration is automatically run to start, and the emergence of new vulnerabilities has added a new means to spread the USB flash drive virus, kingsoft drug overlord Security laboratory predicts that the recent use of this vulnerability to spread the U disk virus is likely to erupt in a large area.
Kingsoft drug overlord Security laboratory detected a virus sample spread by exploiting the lnk 0day vulnerability. During the analysis of these samples, it found that one of the samples was Realtek semiconducorp. the digital signature of Realtek semiconducorp. he is a well-known audio chip supplier and has a high market share in the Integrated Audio DSP chip on the main board. According to researchers at Kingsoft drug overlord security lab, this situation may be caused by the theft of the company's digital signature.
For this attack that uses the Windows shortcut to automatically execute the 0-day vulnerability, Kingsoft drug overlord security experts claim that users can be immune to this vulnerability as long as they have installed any security product in Kingsoft. For example, Kingsoft drug overlord 2011 disables the automatic playback function of USB storage devices by default, which can protect against USB flash drive viruses. Kingsoft drug overlord 2011 users do not have to worry about this problem. If the virus is already unfortunate, you can use the one-click repair function of Kingsoft network security to scan and repair the virus. Edit recommendations]