Our colleagues in Bratislava have issued a press release which focuses on the clustering of reports from the US and Iran, and also quotes Randy Abrams, whose follow-up blog also discusses the SCADA-related malware issue at length.
The Internet Storm Center has, unusually, raised its Infocon level to yellow in order to raise awareness of the issue and “preempt a major issue resulting from its exploitation.
Softpedia and Computerworld are among sites noting the publication of exploit code using the .LNK vulnerability.
Our colleagues in Spain have also published a blog that makes a couple of points worth reiterating.
- Use an antivirus product capable of detecting these threats. Of course, you’d expect us to say something like this since anti-malware is what we sell, but the fact is that at this moment AV detection may be a better solution for the currently known threats than the workarounds suggested by Microsoft in their advisory. Note, however, that there are indications that those responsible for the initial attacks are already taking measures to vary the attack. (More about that later.)
- If you’re using XP SP2, it’s quite possible that there will be no patch from Microsoft that will help you when they are ready to patch. Of course, the same applies to Windows 2000 users, only more so. At least SP2 users should be able to get respite by upgrading to SP3.
David Harley CITP FBCS CISSP
Senior Research Fellow
Author David Harley, ESET