Exploits for the recently discovered Windows shortcut vulnerability are now fully out in the wild and affecting users. While earlier samples were seen in more narrowly targeted attacks, the new samples seen by Trend Micro analysts are now aimed at broader audiences and now pose a threat to users at large. Indonesia and India have been particularly hard-hit by this attack, accounting for more than 75% of the seen infections.
In addition, a recent update to Microsoft’s advisory has added a new vector for this vulnerability. File formats that support embedded shortcuts (such as Microsoft Office documents) can now be used to spread exploits as well. This means that users who download and open such files would find themselves the latest victim of this vulnerability. It has also been reported that this attack could be used in drive-by attack scenarios, further raising the risk.
However, the good news is that Trend Micro proactively detects shortcut files exploiting this security flaw as LNK_STUXNET.SM; the malware payloads are also proactively detected as WORM_STUXNET.SM. Earlier variants were already detected as LNK_STUXNET.A, RTKT_STUXNET.A and WORM_STUXNET.A. This mitigates the risks faced by users dealing with this threat.