Perilous *shortcuts*: .lnk-infection and Stuxnet worm, and how to deal with them

This week started with yet another alarming newsflash proving even the most seemingly innocuous Windows stuff to be a potential threat. A few Internet sources reported a detected "LNK" exploit that distributes itself via USB devices – basically, a security hole in shortcuts, .lnk files vulnerability which can be utilized to spread Trojans. Microsoft's and security vendors' reactions sounded rather puzzle-headed. You can find more details in an article by Computerworld team.

Experts observe the LNK exploit has crossed Asian borders to proliferate in the US and Eastern Europe for starters. Although the number of affected PCs is still manageable, the number of separate attacks grows exponentially which prompts an epidemic in the nearest future.
Before the antivirus community comes up with solid solutions it's strongly advisable to switch off WebClient service or, alternatively and less conveniently, disable icon display for shortcuts, as Microsoft's instructions suggest.

However, Agnitum Team has addressed the threat promptly and determined to update Outpost's preventive protection mechanisms in the new ad hoc iteration – Outpost 7.0.2 (Outpost Security Suite Pro and Outpost Antivirus Pro). The updated module will parse .lnk files for consistency and report suspected malicious activity.

The implemented algorithm of consistency and validity check for .lnk files proves to be the only viable way to prevent infestations. Agnitum's R&D have investigated and supplied its antivirus solutions with block and alert scenarios for around 20 LNK validators. Aside the proactive protection module, Outpost's signature-based and heuristic monitors have also been updated to reveal .lnk exploits.

We recommend you urgently install the latest versions of Outpost Security Suite Pro and Outpost Antivirus Pro to get protected against the epidemic! Follow the link to download: http://www.agnitum.com/products/.

Pavel Goryakin
Agnitum

Outpost Security Suite Pro 7.0 scores 97% in the latest Matousec tests

We'd like to share the news about the successful performance of the new Outpost Security Suite Pro (OSS) 7.0 in the Proactive Security Challenge at Matousec.com. OSS received a 97% score, reached the 10+ level, and was awarded with “Excellent” and “Recommended” ratings.

Matousec.com is best-known for leak tests, tests that attempt to send data to Internet servers without appropriate permissions. Aside from the ability to prevent data leaks in critical situations triggered by leak tests, Matousec.com also analyses the products' efficiency in:

• general bypassing (system integrity) tests that emulate malware attempts to bypass protection or make malicious modifications, generally without targeting specific components;
• termination and self-protection tests that emulate attempts to disable products and self-defense functions;
• spying tests (including keyloggers and packet sniffers) that test whether a product is able to prevent malware from spying on a user’s data;
• the newly-implemented autorun tests (attempts to install to the system to survive a reboot and ensure tests will be restarted, which is typical malware infection behavior
• performance, stability and reliability tests.

Agnitum’s products have always focused on strong defense against unknown malware activation and data leaks since the first versions of Outpost. The same philosophy continues to apply to the latest integrated solution – Outpost Security Suite Pro 7.0.

Pavel Goryakin
Agnitum