Security firms are warning of a new Trojan that can affect every version of Windows, including Windows 7 and is being spread through USB devices. The Trojan takes advantage of a previously unknown vulnerability in Microsoft’s .lnk files, which are shortcut files that can activate an application. The Trojan is able to hide itself on USB drives, and once activated, it installs two Windows drivers on the infected system.

Attack Uses Previously Unknown Exploit

The viral Windows drivers belong to rootkits, which install themselves undetected with the assistance of a legitimately signed driver that belongs to RealTek Semiconductors. The particular attack targets Siemens SCADA WinCC control systems. This niche software is used by power plants, leading security experts to conclude that this particular attack was designed to effect industrial espionage.

VirusBlokAda, a cybersecurity firm located in Belarus, first discovered the attack. The virus poses a serious security risk because it doesn’t rely on an autorun exploit, as most USB-borne attacks do. At the moment, there is no credible way to detect the attack as it is happening, and all Windows computer, even fully patched systems running Windows 7 are vulnerable to the attack.

The attacks are significant for another reason: until now, it was thought that .lnk files had no ability to do anything until the user clicked on the file. In this particular attack, the mere presence of the .lnk file is enough to trigger the infection. Apparently, no user action – other than connecting an infected USB drive to a system that runs Microsoft Explorer – is required to trigger the viral transfer. The malicious files are undetectable on the USB drives, leaving users completely vulnerable to the attack.

Security experts are warning users not to get complacent about the fact that this particular attack is directed toward a niche product. The major danger with this attack is that other hackers can use the same approach that the Trojan uses to target other systems. The likelihood of success is high because there is no inherent protection against this type of attack within Windows OS products at the moment.

This particular attack installs two apparently-legitimate Windows drivers called mrxnet.sys and mrxcls.sys, which in turn install two rootkits, Rootkit.TMPHider and SScope.Rootkit.TmpHider.2. Cybersecurity firms report that infections of these two rootkits have risen since the attacks began, leading them to speculate that the incidence of undetected infections is rising.

Photo Credit: viZZZual.com, via Flickr

How important is it to have the right driver software for your computer? Well that depends upon how much you like working with trouble-free computers, I guess. Incorrect drivers aren’t the only source of trouble for a PC, but they do play a major role in determining whether or not your computer hardware functions properly.

Selecting The Correct Driver

In some respects, Apple enjoys a reputation for “trouble-free” computing because it maintains strict control over how hardware (especially third-party hardware) interfaces with the company’s computers. Apple has taken the same approach with software, and the result is a hardware-and-software combination that’s tightly integrated and appears to suffer from fewer problems than its PC counterparts do.

Microsoft has taken a different approach, relying on third-party hardware manufacturers to create as many compatible hardware variations as the market will bear. The result for the consumer is a lower hardware cost, but Microsoft doesn’t exercise the same tight control over the user’s experience that Apple does. PCs running Windows also have a reputation for being difficult to work with.

The inability of some PC hardware to operate compatibly with other PC hardware has fouled up more than one user’s experience and while Microsoft shoulders much of the blame from the consumer’s perspective, the real culprits are more likely to be the hardware manufacturers and the drivers they author. Many hardware manufacturers take their own approach to writing drivers and don’t place a high regard on how their drivers might interoperate with other hardware attached to a user’s computer.

Hardware manufacturers are often slow to come out with compatible drivers and driver updates, which only complicates the user’s overall experience. Saddled on top of this is Microsoft’s somewhat clunky approach to obtaining driver updates. Driver updating at one point was a strictly manual process. Over time, Microsoft has incorporated automatic driver updates into its OS, but some users don’t have this feature configured properly so driver updates are missed, and Microsoft sometimes chooses and/or installs the wrong driver, complicating matters even more. The upshot is that even though Microsoft has automated the process of driver updates, many users are still fearful of the auto-update function due to poor past experiences.

I recommend a driver management program like Driver Detective for reliable, trustworthy driver management. Driver Detective locates, downloads and installs the correct driver and maintains a local backup of the driver. If an installed driver becomes corrupted, damaged or somehow gets deleted or overwritten, Driver Detective can re-install the correct driver instantly, helping the user avoid problems.

Photo Credit: JD Mack, via Flickr

If you’re still using Windows XP (you’re not alone; many users are) XP has a built-in tool to help you troubleshoot driver problems. Driver Verifier is part of the OS, so there’s nothing to buy or install. Just type verifier.exe in the Run line and restart the computer. Verifier also has a GUI interface to help you navigate the options.

Verifier Knows A Lot About Drivers, But Will That Help?

Driver Verifier probably isn’t going to be of too much help to you unless you’re a dyed-in-the-wool computer nerd. It can help you identify problems, but if you don’t have much experience with what the program is telling you, knowing how to run Verifier won’t solve your driver problems. It may not even help you understand what’s going on.

One of the more useful functions for novice users will be Driver Status. This command will tell you whether a driver is loading or not. A status of Loaded means that a driver has been loaded and was verified as operating according to Hoyle. Unloaded means that the driver isn’t loaded right now, but has been loaded at least once since you restarted. Not Loaded means that the driver load failed or that the system never tried to load the driver. This is a helpful bit of information if you’re trying to troubleshoot a driver problem.

For the most part, Verifier is designed for advanced users, programmers and technicians who have a good grasp of what Verifier is trying to say. For the novice user, what matters most is whether or not the driver works – not why it’s sailing or failing. For these users, the best product is something like Driver Detective. Driver Detective does all of the interpretation work on your drivers, and determines whether or not your drivers are working. It also determines whether you have the correct version of the driver for your hardware and OS. It will even download and install new or updated drivers. As an added benefit, Driver Detective can tell when a driver has gotten corrupted or damaged, and will automatically install a fresh copy.

These are the services that most users will be interested in when it comes to detecting, diagnosing and repairing driver problems. As a driver manager, few products compare to Driver Detective’s easy installation, configuration and operation. It’s also highly reliable, and very affordable so you can trust it to take care of your computer just like a professional would without breaking the bank!

Photo Credit: Nick Perla, via Flickr