NETWORKWORLD.com
Microsoft has confirmed a new, highly dangerous zero-day vulnerability that has caused multiple researchers to issue warnings. The exploit is a whopper on all levels.
It comes into the enterprise via hidden files on USB sticks or via shared network files. It requires no user interaction to infect the system (simply viewing the icon is enough to trigger it). It propagates itself. It loads as a rootkit infection. It affects all Windows operating systems, even full-patched Windows 7 systems. It seems to target extremely sensitive information — researchers say it seems to have been made for espionage. If all that weren’t scary enough, a researcher has already published proof-of-concept code.
And in other news:
“Apple the new world leader in software insecurity”
http://arstechnica.com/security/news/2010/07/apple-the-new-world-leader-in-software-insecurity.ars
Apple has displaced Oracle as the company with the most security vulnerabilities in its software, according to security company Secunia. Over the first half of 2010, Apple had more reported flaws than any other vendor. Microsoft retains its third-place spot.
#21 Points to you for scooping a DU thread, see above thread.
I heard a few years ago that the Chinese were using something similar. Dropping thumb drives, when they were expensive, around sensitive buildings. Insert the stick and it would start crawling the network.
Funny how the virtual world mirrors the actual one: the most advanced software is attackware.
My uniformed prediction is that this is Russian stuff. A major leap is that the hot Russian spy just returned may have been sticking this in bankers’ PCs in exchange for another kind of sticking.