Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 3708 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos LNK Tool: Not sufficient by design...

AdmGoe

deficit 1:

it protects only, if *BOTH*, the LNK file and the executable are *NOT* on a local media.

So it does not protect against Trojan packed in an ZIP archive: Such .ZIP files are regularly expanded on local disks.

deficit 2:

it does not protect against hacked .PIF files, which use the pretty same mechanism.

deficit 3:

We need a ".LNK Test Kit", some "TEST.LNK" bundled with a "YouAreVulnerablePopup.DLL".

A tool allowing to remotely mass check PCs to scan networks for sufficient protection would be helpful as well.

Regards, and thanks for the tool provided for free to the community so far :)

:4296


This thread was automatically locked due to age.
Parents
  • 0

    Hi AdmGoe,

    1. We did this to make sure we had a solid tool out there with low false positives quickly to protect people, currently working on improving this without increasing the false positives, was hoping to release today but ran into some snags, should be done start of next week.
    2. So far no .PIF based attacks so we started by focusing on .LNK files. The team has tried implementing the same approach to .PIF as we did for .LNK but that had some adverse affects so we are still researching a clean way to do it.
    3. Not sure I can help with that, best contacting Microsoft, 

    Thanks for the comments,

    Shai Gelbaum

    Product manager

    :4305
Reply
  • 0

    Hi AdmGoe,

    1. We did this to make sure we had a solid tool out there with low false positives quickly to protect people, currently working on improving this without increasing the false positives, was hoping to release today but ran into some snags, should be done start of next week.
    2. So far no .PIF based attacks so we started by focusing on .LNK files. The team has tried implementing the same approach to .PIF as we did for .LNK but that had some adverse affects so we are still researching a clean way to do it.
    3. Not sure I can help with that, best contacting Microsoft, 

    Thanks for the comments,

    Shai Gelbaum

    Product manager

    :4305
Children
No Data