Originally Posted by i_g
First you need a sample of the exploit
, of course (it's not an ordinary .lnk file you create using the "Create shortcut" option in Windows Explorer). Then it's enough e.g. to enter the corresponding folder in Total Commander - and the code is started.
A question, as I don't have a sample of this malware: when the code runs, does it run with the privileges of the currently logged in user, or does the vulnerability
allow privilege escalation to admin/system? If the exploit only manages to gain the privileges of the current user, then even the very basic measure of running as a limited user would be enough to prevent the infection, seeing how the malware attempts to load drivers and limited users don't have the privilege required for that. That would make this whole big fuss a little less big, at least for those of the Average Users who have been set up with a non-admin account. If you have a sample and can test the malware as a limited user, I'd appreciate it if you could report back whether or not the malware manages to infect the system when executed under a limited account.
Interesting stuff! Maybe the digital signature was compromised
via outsourcing. That would be... well, sad.