SANS Raises Infocon Alert To Yellow In Light Of Ne
Security experts closely monitoring spread of new
zero-day threat
A zero-day flaw being used in targeted
attacks against organizations worldwide -- most notably on SCADA systems
-- has security experts worried that the threat could spread further.
Concerns about additional attacks using the so-called "LNK"
vulnerability in Windows machines via USB devices and fileshares
prompted the SANS Internet Storm Center today to raise its Infocon alert
level to "yellow," up from "green," or normal, status.
SANS
made the call to go Code Yellow to help raise awareness of the
vulnerability, which Microsoft officially revealed on Friday after
security researchers in Belarus reported finding new malware samples
that could infect a Windows 7 machine via an infected USB drive. "We
decided to raise the Infocon level to Yellow to increase awareness of
the recent LNK vulnerability and to help preempt a major issue resulting
from its exploitation," blogged SANS ISC handler and security
consultant Lenny Zeltser today. "Although we have not observed the
vulnerability exploited beyond the original targeted attacks, we believe
wide-scale exploitation is only a matter of time. The proof-of-concept
exploit is publicly available, and the issue is not easy to fix until
Microsoft issues a patch. Furthermore, anti-virus tools' ability to
detect generic versions of the exploit have not been very effective so
far."
The number of machines hit so far is only in the tens
of thousands, according to some estimates, but many security experts
worry that could change fast.
"This is not something to just
shrug off," says Paul Henry, security and forensics analyst for
Lumension Security. Henry says the biggest targets for the attack are
Microsoft XP SP2 machines, which the software giant stopped patching as
of this month.