The world was recently attacked by malware that installed itself through the AutoPlay feature, and it is happening again. The previous attack placed a second AutoPlay option in the window that pops up when you insert a flash drive. Clicking on the wrong one would infect the computer. This new threat attacks shortcut icons. It targets USB sticks and other removable drives.

A security advisory issued by Microsoft warns users of targeted attacks against Windows Shell (that is the main interface that Windows uses to organize the desktop and file system). The attacks work on virtually all versions of Windows and could enable a hacker to take complete control of a victim’s machine.

The attack targets the way Windows parses shortcut icons on a user’s system. Microsoft said disabling AutoPlay makes it more difficult for the attack to work. The attack can be carried out remotely through network shares or remote WebDAV shares.

As usual, make sure that the INVISUS security software on your machine is updated and running scans regularly. Do not plug in USB flash drives that you find or were given to you by someone you are unfamiliar with.

 Digg  Facebook  StumbleUpon  Technorati