CPLINK
Encyclopedia
CPLINK and Win32/CplLnk.A are names for a Microsoft Windows shortcut icon vulnerability
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...

 discovered in June 2010 and patched on 2 August that affected all Windows operating systems. The vulnerabilty is exploitable when any Windows application that display shortcut icons, such as Windows Explorer
Windows Explorer
This article is about the Windows file system browser. For the similarly named web browser, see Internet ExplorerWindows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface...

, browses to a folder containing a malicious shortcut. The exploit can be triggered without any user interaction, regardless where the shortcut file is located.

In June 2010, VirusBlokAda
VirusBlokAda
VirusBlokAda is an antivirus software vendor established in 1997 in Belarus. In 2010 it discovered Stuxnet, the first malware that attacks supervisory control and data acquisition systems....

 reported detection of zero-day attack malware called Stuxnet
Stuxnet
Stuxnet is a computer worm discovered in June 2010. It initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment...

 that exploited the vulnerability to install a rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

 that snooped Siemens
Siemens
Siemens may refer toSiemens, a German family name carried by generations of telecommunications industrialists, including:* Werner von Siemens , inventor, founder of Siemens AG...

' SCADA
SCADA
SCADA generally refers to industrial control systems : computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:...

 systems WinCC
WinCC
SIMATIC WinCC is a supervisory control and data acquisition and human-machine interface system from Siemens. It can be used in combination with Siemens PCS 7 and Teleperm control systems. WinCC is written for Microsoft Windows operating system...

and PCS 7. According to Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...

it is the first worm designed to reprogram industrial systems and not only to spy on them.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK